Docs Home
Fastly v8.14.0 published on Monday, Feb 3, 2025 by Pulumi
fastly.ServiceWafConfiguration
Explore with Pulumi AI
Defines a set of Web Application Firewall configuration options that can be used to populate a service WAF. This resource will configure rules, thresholds and other settings for a WAF.
Warning: This provider will take precedence over any changes you make in the UI or API. Such changes are likely to be reversed if you run the provider again.
Example Usage
Basic usage:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const demo = new fastly.ServiceVcl("demo", {
name: "demofastly",
domains: [{
name: "example.com",
comment: "demo",
}],
backends: [{
address: "127.0.0.1",
name: "origin1",
port: 80,
}],
conditions: [
{
name: "WAF_Prefetch",
type: "PREFETCH",
statement: "req.backend.is_origin",
},
{
name: "WAF_always_false",
statement: "false",
type: "REQUEST",
},
],
responseObjects: [{
name: "WAF_Response",
status: 403,
response: "Forbidden",
contentType: "text/html",
content: "<html><body>Forbidden</body></html>",
requestCondition: "WAF_always_false",
}],
waf: {
prefetchCondition: "WAF_Prefetch",
responseObject: "WAF_Response",
},
forceDestroy: true,
});
const waf = new fastly.ServiceWafConfiguration("waf", {
wafId: demo.waf.apply(waf => waf?.wafId),
httpViolationScoreThreshold: 100,
});
import pulumi
import pulumi_fastly as fastly
demo = fastly.ServiceVcl("demo",
name="demofastly",
domains=[{
"name": "example.com",
"comment": "demo",
}],
backends=[{
"address": "127.0.0.1",
"name": "origin1",
"port": 80,
}],
conditions=[
{
"name": "WAF_Prefetch",
"type": "PREFETCH",
"statement": "req.backend.is_origin",
},
{
"name": "WAF_always_false",
"statement": "false",
"type": "REQUEST",
},
],
response_objects=[{
"name": "WAF_Response",
"status": 403,
"response": "Forbidden",
"content_type": "text/html",
"content": "<html><body>Forbidden</body></html>",
"request_condition": "WAF_always_false",
}],
waf={
"prefetch_condition": "WAF_Prefetch",
"response_object": "WAF_Response",
},
force_destroy=True)
waf = fastly.ServiceWafConfiguration("waf",
waf_id=demo.waf.waf_id,
http_violation_score_threshold=100)
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v8/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
demo, err := fastly.NewServiceVcl(ctx, "demo", &fastly.ServiceVclArgs{
Name: pulumi.String("demofastly"),
Domains: fastly.ServiceVclDomainArray{
&fastly.ServiceVclDomainArgs{
Name: pulumi.String("example.com"),
Comment: pulumi.String("demo"),
},
},
Backends: fastly.ServiceVclBackendArray{
&fastly.ServiceVclBackendArgs{
Address: pulumi.String("127.0.0.1"),
Name: pulumi.String("origin1"),
Port: pulumi.Int(80),
},
},
Conditions: fastly.ServiceVclConditionArray{
&fastly.ServiceVclConditionArgs{
Name: pulumi.String("WAF_Prefetch"),
Type: pulumi.String("PREFETCH"),
Statement: pulumi.String("req.backend.is_origin"),
},
&fastly.ServiceVclConditionArgs{
Name: pulumi.String("WAF_always_false"),
Statement: pulumi.String("false"),
Type: pulumi.String("REQUEST"),
},
},
ResponseObjects: fastly.ServiceVclResponseObjectArray{
&fastly.ServiceVclResponseObjectArgs{
Name: pulumi.String("WAF_Response"),
Status: pulumi.Int(403),
Response: pulumi.String("Forbidden"),
ContentType: pulumi.String("text/html"),
Content: pulumi.String("<html><body>Forbidden</body></html>"),
RequestCondition: pulumi.String("WAF_always_false"),
},
},
Waf: &fastly.ServiceVclWafArgs{
PrefetchCondition: pulumi.String("WAF_Prefetch"),
ResponseObject: pulumi.String("WAF_Response"),
},
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = fastly.NewServiceWafConfiguration(ctx, "waf", &fastly.ServiceWafConfigurationArgs{
WafId: pulumi.String(demo.Waf.ApplyT(func(waf fastly.ServiceVclWaf) (*string, error) {
return &waf.WafId, nil
}).(pulumi.StringPtrOutput)),
HttpViolationScoreThreshold: pulumi.Int(100),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var demo = new Fastly.ServiceVcl("demo", new()
{
Name = "demofastly",
Domains = new[]
{
new Fastly.Inputs.ServiceVclDomainArgs
{
Name = "example.com",
Comment = "demo",
},
},
Backends = new[]
{
new Fastly.Inputs.ServiceVclBackendArgs
{
Address = "127.0.0.1",
Name = "origin1",
Port = 80,
},
},
Conditions = new[]
{
new Fastly.Inputs.ServiceVclConditionArgs
{
Name = "WAF_Prefetch",
Type = "PREFETCH",
Statement = "req.backend.is_origin",
},
new Fastly.Inputs.ServiceVclConditionArgs
{
Name = "WAF_always_false",
Statement = "false",
Type = "REQUEST",
},
},
ResponseObjects = new[]
{
new Fastly.Inputs.ServiceVclResponseObjectArgs
{
Name = "WAF_Response",
Status = 403,
Response = "Forbidden",
ContentType = "text/html",
Content = "<html><body>Forbidden</body></html>",
RequestCondition = "WAF_always_false",
},
},
Waf = new Fastly.Inputs.ServiceVclWafArgs
{
PrefetchCondition = "WAF_Prefetch",
ResponseObject = "WAF_Response",
},
ForceDestroy = true,
});
var waf = new Fastly.ServiceWafConfiguration("waf", new()
{
WafId = demo.Waf.Apply(waf => waf?.WafId),
HttpViolationScoreThreshold = 100,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.ServiceVcl;
import com.pulumi.fastly.ServiceVclArgs;
import com.pulumi.fastly.inputs.ServiceVclDomainArgs;
import com.pulumi.fastly.inputs.ServiceVclBackendArgs;
import com.pulumi.fastly.inputs.ServiceVclConditionArgs;
import com.pulumi.fastly.inputs.ServiceVclResponseObjectArgs;
import com.pulumi.fastly.inputs.ServiceVclWafArgs;
import com.pulumi.fastly.ServiceWafConfiguration;
import com.pulumi.fastly.ServiceWafConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var demo = new ServiceVcl("demo", ServiceVclArgs.builder()
.name("demofastly")
.domains(ServiceVclDomainArgs.builder()
.name("example.com")
.comment("demo")
.build())
.backends(ServiceVclBackendArgs.builder()
.address("127.0.0.1")
.name("origin1")
.port(80)
.build())
.conditions(
ServiceVclConditionArgs.builder()
.name("WAF_Prefetch")
.type("PREFETCH")
.statement("req.backend.is_origin")
.build(),
ServiceVclConditionArgs.builder()
.name("WAF_always_false")
.statement("false")
.type("REQUEST")
.build())
.responseObjects(ServiceVclResponseObjectArgs.builder()
.name("WAF_Response")
.status("403")
.response("Forbidden")
.contentType("text/html")
.content("<html><body>Forbidden</body></html>")
.requestCondition("WAF_always_false")
.build())
.waf(ServiceVclWafArgs.builder()
.prefetchCondition("WAF_Prefetch")
.responseObject("WAF_Response")
.build())
.forceDestroy(true)
.build());
var waf = new ServiceWafConfiguration("waf", ServiceWafConfigurationArgs.builder()
.wafId(demo.waf().applyValue(waf -> waf.wafId()))
.httpViolationScoreThreshold(100)
.build());
}
}
resources:
demo:
type: fastly:ServiceVcl
properties:
name: demofastly
domains:
- name: example.com
comment: demo
backends:
- address: 127.0.0.1
name: origin1
port: 80
conditions:
- name: WAF_Prefetch
type: PREFETCH
statement: req.backend.is_origin
- name: WAF_always_false
statement: 'false'
type: REQUEST
responseObjects:
- name: WAF_Response
status: '403'
response: Forbidden
contentType: text/html
content: <html><body>Forbidden</body></html>
requestCondition: WAF_always_false
waf:
prefetchCondition: WAF_Prefetch
responseObject: WAF_Response
forceDestroy: true
waf:
type: fastly:ServiceWafConfiguration
properties:
wafId: ${demo.waf.wafId}
httpViolationScoreThreshold: 100
Usage with rules:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const demo = new fastly.ServiceVcl("demo", {
name: "demofastly",
domains: [{
name: "example.com",
comment: "demo",
}],
backends: [{
address: "127.0.0.1",
name: "origin1",
port: 80,
}],
conditions: [
{
name: "WAF_Prefetch",
type: "PREFETCH",
statement: "req.backend.is_origin",
},
{
name: "WAF_always_false",
statement: "false",
type: "REQUEST",
},
],
responseObjects: [{
name: "WAF_Response",
status: 403,
response: "Forbidden",
contentType: "text/html",
content: "<html><body>Forbidden</body></html>",
requestCondition: "WAF_always_false",
}],
waf: {
prefetchCondition: "WAF_Prefetch",
responseObject: "WAF_Response",
},
forceDestroy: true,
});
const waf = new fastly.ServiceWafConfiguration("waf", {
wafId: demo.waf.apply(waf => waf?.wafId),
httpViolationScoreThreshold: 100,
rules: [{
modsecRuleId: 1010090,
revision: 1,
status: "log",
}],
});
import pulumi
import pulumi_fastly as fastly
demo = fastly.ServiceVcl("demo",
name="demofastly",
domains=[{
"name": "example.com",
"comment": "demo",
}],
backends=[{
"address": "127.0.0.1",
"name": "origin1",
"port": 80,
}],
conditions=[
{
"name": "WAF_Prefetch",
"type": "PREFETCH",
"statement": "req.backend.is_origin",
},
{
"name": "WAF_always_false",
"statement": "false",
"type": "REQUEST",
},
],
response_objects=[{
"name": "WAF_Response",
"status": 403,
"response": "Forbidden",
"content_type": "text/html",
"content": "<html><body>Forbidden</body></html>",
"request_condition": "WAF_always_false",
}],
waf={
"prefetch_condition": "WAF_Prefetch",
"response_object": "WAF_Response",
},
force_destroy=True)
waf = fastly.ServiceWafConfiguration("waf",
waf_id=demo.waf.waf_id,
http_violation_score_threshold=100,
rules=[{
"modsec_rule_id": 1010090,
"revision": 1,
"status": "log",
}])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v8/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
demo, err := fastly.NewServiceVcl(ctx, "demo", &fastly.ServiceVclArgs{
Name: pulumi.String("demofastly"),
Domains: fastly.ServiceVclDomainArray{
&fastly.ServiceVclDomainArgs{
Name: pulumi.String("example.com"),
Comment: pulumi.String("demo"),
},
},
Backends: fastly.ServiceVclBackendArray{
&fastly.ServiceVclBackendArgs{
Address: pulumi.String("127.0.0.1"),
Name: pulumi.String("origin1"),
Port: pulumi.Int(80),
},
},
Conditions: fastly.ServiceVclConditionArray{
&fastly.ServiceVclConditionArgs{
Name: pulumi.String("WAF_Prefetch"),
Type: pulumi.String("PREFETCH"),
Statement: pulumi.String("req.backend.is_origin"),
},
&fastly.ServiceVclConditionArgs{
Name: pulumi.String("WAF_always_false"),
Statement: pulumi.String("false"),
Type: pulumi.String("REQUEST"),
},
},
ResponseObjects: fastly.ServiceVclResponseObjectArray{
&fastly.ServiceVclResponseObjectArgs{
Name: pulumi.String("WAF_Response"),
Status: pulumi.Int(403),
Response: pulumi.String("Forbidden"),
ContentType: pulumi.String("text/html"),
Content: pulumi.String("<html><body>Forbidden</body></html>"),
RequestCondition: pulumi.String("WAF_always_false"),
},
},
Waf: &fastly.ServiceVclWafArgs{
PrefetchCondition: pulumi.String("WAF_Prefetch"),
ResponseObject: pulumi.String("WAF_Response"),
},
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = fastly.NewServiceWafConfiguration(ctx, "waf", &fastly.ServiceWafConfigurationArgs{
WafId: pulumi.String(demo.Waf.ApplyT(func(waf fastly.ServiceVclWaf) (*string, error) {
return &waf.WafId, nil
}).(pulumi.StringPtrOutput)),
HttpViolationScoreThreshold: pulumi.Int(100),
Rules: fastly.ServiceWafConfigurationRuleArray{
&fastly.ServiceWafConfigurationRuleArgs{
ModsecRuleId: pulumi.Int(1010090),
Revision: pulumi.Int(1),
Status: pulumi.String("log"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var demo = new Fastly.ServiceVcl("demo", new()
{
Name = "demofastly",
Domains = new[]
{
new Fastly.Inputs.ServiceVclDomainArgs
{
Name = "example.com",
Comment = "demo",
},
},
Backends = new[]
{
new Fastly.Inputs.ServiceVclBackendArgs
{
Address = "127.0.0.1",
Name = "origin1",
Port = 80,
},
},
Conditions = new[]
{
new Fastly.Inputs.ServiceVclConditionArgs
{
Name = "WAF_Prefetch",
Type = "PREFETCH",
Statement = "req.backend.is_origin",
},
new Fastly.Inputs.ServiceVclConditionArgs
{
Name = "WAF_always_false",
Statement = "false",
Type = "REQUEST",
},
},
ResponseObjects = new[]
{
new Fastly.Inputs.ServiceVclResponseObjectArgs
{
Name = "WAF_Response",
Status = 403,
Response = "Forbidden",
ContentType = "text/html",
Content = "<html><body>Forbidden</body></html>",
RequestCondition = "WAF_always_false",
},
},
Waf = new Fastly.Inputs.ServiceVclWafArgs
{
PrefetchCondition = "WAF_Prefetch",
ResponseObject = "WAF_Response",
},
ForceDestroy = true,
});
var waf = new Fastly.ServiceWafConfiguration("waf", new()
{
WafId = demo.Waf.Apply(waf => waf?.WafId),
HttpViolationScoreThreshold = 100,
Rules = new[]
{
new Fastly.Inputs.ServiceWafConfigurationRuleArgs
{
ModsecRuleId = 1010090,
Revision = 1,
Status = "log",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.ServiceVcl;
import com.pulumi.fastly.ServiceVclArgs;
import com.pulumi.fastly.inputs.ServiceVclDomainArgs;
import com.pulumi.fastly.inputs.ServiceVclBackendArgs;
import com.pulumi.fastly.inputs.ServiceVclConditionArgs;
import com.pulumi.fastly.inputs.ServiceVclResponseObjectArgs;
import com.pulumi.fastly.inputs.ServiceVclWafArgs;
import com.pulumi.fastly.ServiceWafConfiguration;
import com.pulumi.fastly.ServiceWafConfigurationArgs;
import com.pulumi.fastly.inputs.ServiceWafConfigurationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var demo = new ServiceVcl("demo", ServiceVclArgs.builder()
.name("demofastly")
.domains(ServiceVclDomainArgs.builder()
.name("example.com")
.comment("demo")
.build())
.backends(ServiceVclBackendArgs.builder()
.address("127.0.0.1")
.name("origin1")
.port(80)
.build())
.conditions(
ServiceVclConditionArgs.builder()
.name("WAF_Prefetch")
.type("PREFETCH")
.statement("req.backend.is_origin")
.build(),
ServiceVclConditionArgs.builder()
.name("WAF_always_false")
.statement("false")
.type("REQUEST")
.build())
.responseObjects(ServiceVclResponseObjectArgs.builder()
.name("WAF_Response")
.status("403")
.response("Forbidden")
.contentType("text/html")
.content("<html><body>Forbidden</body></html>")
.requestCondition("WAF_always_false")
.build())
.waf(ServiceVclWafArgs.builder()
.prefetchCondition("WAF_Prefetch")
.responseObject("WAF_Response")
.build())
.forceDestroy(true)
.build());
var waf = new ServiceWafConfiguration("waf", ServiceWafConfigurationArgs.builder()
.wafId(demo.waf().applyValue(waf -> waf.wafId()))
.httpViolationScoreThreshold(100)
.rules(ServiceWafConfigurationRuleArgs.builder()
.modsecRuleId(1010090)
.revision(1)
.status("log")
.build())
.build());
}
}
resources:
demo:
type: fastly:ServiceVcl
properties:
name: demofastly
domains:
- name: example.com
comment: demo
backends:
- address: 127.0.0.1
name: origin1
port: 80
conditions:
- name: WAF_Prefetch
type: PREFETCH
statement: req.backend.is_origin
- name: WAF_always_false
statement: 'false'
type: REQUEST
responseObjects:
- name: WAF_Response
status: '403'
response: Forbidden
contentType: text/html
content: <html><body>Forbidden</body></html>
requestCondition: WAF_always_false
waf:
prefetchCondition: WAF_Prefetch
responseObject: WAF_Response
forceDestroy: true
waf:
type: fastly:ServiceWafConfiguration
properties:
wafId: ${demo.waf.wafId}
httpViolationScoreThreshold: 100
rules:
- modsecRuleId: 1.01009e+06
revision: 1
status: log
Usage with rule exclusions:
Warning: Rule exclusions are part of a beta release, which may be subject to breaking changes and improvements over time. For more information, see our product and feature lifecycle descriptions.
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const demo = new fastly.ServiceVcl("demo", {
name: "demofastly",
domains: [{
name: "example.com",
comment: "demo",
}],
backends: [{
address: "127.0.0.1",
name: "origin1",
port: 80,
}],
conditions: [
{
name: "WAF_Prefetch",
type: "PREFETCH",
statement: "req.backend.is_origin",
},
{
name: "WAF_always_false",
statement: "false",
type: "REQUEST",
},
],
responseObjects: [{
name: "WAF_Response",
status: 403,
response: "Forbidden",
contentType: "text/html",
content: "<html><body>Forbidden</body></html>",
requestCondition: "WAF_always_false",
}],
waf: {
prefetchCondition: "WAF_Prefetch",
responseObject: "WAF_Response",
},
forceDestroy: true,
});
const waf = new fastly.ServiceWafConfiguration("waf", {
wafId: demo.waf.apply(waf => waf?.wafId),
httpViolationScoreThreshold: 100,
rules: [{
modsecRuleId: 2029718,
revision: 1,
status: "log",
}],
ruleExclusions: [{
name: "index page",
exclusionType: "rule",
condition: "req.url.basename == \"index.html\"",
modsecRuleIds: [2029718],
}],
});
import pulumi
import pulumi_fastly as fastly
demo = fastly.ServiceVcl("demo",
name="demofastly",
domains=[{
"name": "example.com",
"comment": "demo",
}],
backends=[{
"address": "127.0.0.1",
"name": "origin1",
"port": 80,
}],
conditions=[
{
"name": "WAF_Prefetch",
"type": "PREFETCH",
"statement": "req.backend.is_origin",
},
{
"name": "WAF_always_false",
"statement": "false",
"type": "REQUEST",
},
],
response_objects=[{
"name": "WAF_Response",
"status": 403,
"response": "Forbidden",
"content_type": "text/html",
"content": "<html><body>Forbidden</body></html>",
"request_condition": "WAF_always_false",
}],
waf={
"prefetch_condition": "WAF_Prefetch",
"response_object": "WAF_Response",
},
force_destroy=True)
waf = fastly.ServiceWafConfiguration("waf",
waf_id=demo.waf.waf_id,
http_violation_score_threshold=100,
rules=[{
"modsec_rule_id": 2029718,
"revision": 1,
"status": "log",
}],
rule_exclusions=[{
"name": "index page",
"exclusion_type": "rule",
"condition": "req.url.basename == \"index.html\"",
"modsec_rule_ids": [2029718],
}])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v8/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
demo, err := fastly.NewServiceVcl(ctx, "demo", &fastly.ServiceVclArgs{
Name: pulumi.String("demofastly"),
Domains: fastly.ServiceVclDomainArray{
&fastly.ServiceVclDomainArgs{
Name: pulumi.String("example.com"),
Comment: pulumi.String("demo"),
},
},
Backends: fastly.ServiceVclBackendArray{
&fastly.ServiceVclBackendArgs{
Address: pulumi.String("127.0.0.1"),
Name: pulumi.String("origin1"),
Port: pulumi.Int(80),
},
},
Conditions: fastly.ServiceVclConditionArray{
&fastly.ServiceVclConditionArgs{
Name: pulumi.String("WAF_Prefetch"),
Type: pulumi.String("PREFETCH"),
Statement: pulumi.String("req.backend.is_origin"),
},
&fastly.ServiceVclConditionArgs{
Name: pulumi.String("WAF_always_false"),
Statement: pulumi.String("false"),
Type: pulumi.String("REQUEST"),
},
},
ResponseObjects: fastly.ServiceVclResponseObjectArray{
&fastly.ServiceVclResponseObjectArgs{
Name: pulumi.String("WAF_Response"),
Status: pulumi.Int(403),
Response: pulumi.String("Forbidden"),
ContentType: pulumi.String("text/html"),
Content: pulumi.String("<html><body>Forbidden</body></html>"),
RequestCondition: pulumi.String("WAF_always_false"),
},
},
Waf: &fastly.ServiceVclWafArgs{
PrefetchCondition: pulumi.String("WAF_Prefetch"),
ResponseObject: pulumi.String("WAF_Response"),
},
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = fastly.NewServiceWafConfiguration(ctx, "waf", &fastly.ServiceWafConfigurationArgs{
WafId: pulumi.String(demo.Waf.ApplyT(func(waf fastly.ServiceVclWaf) (*string, error) {
return &waf.WafId, nil
}).(pulumi.StringPtrOutput)),
HttpViolationScoreThreshold: pulumi.Int(100),
Rules: fastly.ServiceWafConfigurationRuleArray{
&fastly.ServiceWafConfigurationRuleArgs{
ModsecRuleId: pulumi.Int(2029718),
Revision: pulumi.Int(1),
Status: pulumi.String("log"),
},
},
RuleExclusions: fastly.ServiceWafConfigurationRuleExclusionArray{
&fastly.ServiceWafConfigurationRuleExclusionArgs{
Name: pulumi.String("index page"),
ExclusionType: pulumi.String("rule"),
Condition: pulumi.String("req.url.basename == \"index.html\""),
ModsecRuleIds: pulumi.IntArray{
pulumi.Int(2029718),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var demo = new Fastly.ServiceVcl("demo", new()
{
Name = "demofastly",
Domains = new[]
{
new Fastly.Inputs.ServiceVclDomainArgs
{
Name = "example.com",
Comment = "demo",
},
},
Backends = new[]
{
new Fastly.Inputs.ServiceVclBackendArgs
{
Address = "127.0.0.1",
Name = "origin1",
Port = 80,
},
},
Conditions = new[]
{
new Fastly.Inputs.ServiceVclConditionArgs
{
Name = "WAF_Prefetch",
Type = "PREFETCH",
Statement = "req.backend.is_origin",
},
new Fastly.Inputs.ServiceVclConditionArgs
{
Name = "WAF_always_false",
Statement = "false",
Type = "REQUEST",
},
},
ResponseObjects = new[]
{
new Fastly.Inputs.ServiceVclResponseObjectArgs
{
Name = "WAF_Response",
Status = 403,
Response = "Forbidden",
ContentType = "text/html",
Content = "<html><body>Forbidden</body></html>",
RequestCondition = "WAF_always_false",
},
},
Waf = new Fastly.Inputs.ServiceVclWafArgs
{
PrefetchCondition = "WAF_Prefetch",
ResponseObject = "WAF_Response",
},
ForceDestroy = true,
});
var waf = new Fastly.ServiceWafConfiguration("waf", new()
{
WafId = demo.Waf.Apply(waf => waf?.WafId),
HttpViolationScoreThreshold = 100,
Rules = new[]
{
new Fastly.Inputs.ServiceWafConfigurationRuleArgs
{
ModsecRuleId = 2029718,
Revision = 1,
Status = "log",
},
},
RuleExclusions = new[]
{
new Fastly.Inputs.ServiceWafConfigurationRuleExclusionArgs
{
Name = "index page",
ExclusionType = "rule",
Condition = "req.url.basename == \"index.html\"",
ModsecRuleIds = new[]
{
2029718,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.ServiceVcl;
import com.pulumi.fastly.ServiceVclArgs;
import com.pulumi.fastly.inputs.ServiceVclDomainArgs;
import com.pulumi.fastly.inputs.ServiceVclBackendArgs;
import com.pulumi.fastly.inputs.ServiceVclConditionArgs;
import com.pulumi.fastly.inputs.ServiceVclResponseObjectArgs;
import com.pulumi.fastly.inputs.ServiceVclWafArgs;
import com.pulumi.fastly.ServiceWafConfiguration;
import com.pulumi.fastly.ServiceWafConfigurationArgs;
import com.pulumi.fastly.inputs.ServiceWafConfigurationRuleArgs;
import com.pulumi.fastly.inputs.ServiceWafConfigurationRuleExclusionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var demo = new ServiceVcl("demo", ServiceVclArgs.builder()
.name("demofastly")
.domains(ServiceVclDomainArgs.builder()
.name("example.com")
.comment("demo")
.build())
.backends(ServiceVclBackendArgs.builder()
.address("127.0.0.1")
.name("origin1")
.port(80)
.build())
.conditions(
ServiceVclConditionArgs.builder()
.name("WAF_Prefetch")
.type("PREFETCH")
.statement("req.backend.is_origin")
.build(),
ServiceVclConditionArgs.builder()
.name("WAF_always_false")
.statement("false")
.type("REQUEST")
.build())
.responseObjects(ServiceVclResponseObjectArgs.builder()
.name("WAF_Response")
.status("403")
.response("Forbidden")
.contentType("text/html")
.content("<html><body>Forbidden</body></html>")
.requestCondition("WAF_always_false")
.build())
.waf(ServiceVclWafArgs.builder()
.prefetchCondition("WAF_Prefetch")
.responseObject("WAF_Response")
.build())
.forceDestroy(true)
.build());
var waf = new ServiceWafConfiguration("waf", ServiceWafConfigurationArgs.builder()
.wafId(demo.waf().applyValue(waf -> waf.wafId()))
.httpViolationScoreThreshold(100)
.rules(ServiceWafConfigurationRuleArgs.builder()
.modsecRuleId(2029718)
.revision(1)
.status("log")
.build())
.ruleExclusions(ServiceWafConfigurationRuleExclusionArgs.builder()
.name("index page")
.exclusionType("rule")
.condition("req.url.basename == \"index.html\"")
.modsecRuleIds(2029718)
.build())
.build());
}
}
resources:
demo:
type: fastly:ServiceVcl
properties:
name: demofastly
domains:
- name: example.com
comment: demo
backends:
- address: 127.0.0.1
name: origin1
port: 80
conditions:
- name: WAF_Prefetch
type: PREFETCH
statement: req.backend.is_origin
- name: WAF_always_false
statement: 'false'
type: REQUEST
responseObjects:
- name: WAF_Response
status: '403'
response: Forbidden
contentType: text/html
content: <html><body>Forbidden</body></html>
requestCondition: WAF_always_false
waf:
prefetchCondition: WAF_Prefetch
responseObject: WAF_Response
forceDestroy: true
waf:
type: fastly:ServiceWafConfiguration
properties:
wafId: ${demo.waf.wafId}
httpViolationScoreThreshold: 100
rules:
- modsecRuleId: 2.029718e+06
revision: 1
status: log
ruleExclusions:
- name: index page
exclusionType: rule
condition: req.url.basename == "index.html"
modsecRuleIds:
- 2.029718e+06
Usage with rules from data source:
Create ServiceWafConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServiceWafConfiguration(name: string, args: ServiceWafConfigurationArgs, opts?: CustomResourceOptions);@overload
def ServiceWafConfiguration(resource_name: str,
args: ServiceWafConfigurationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServiceWafConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
waf_id: Optional[str] = None,
max_num_args: Optional[int] = None,
xss_score_threshold: Optional[int] = None,
max_file_size: Optional[int] = None,
allowed_request_content_type_charset: Optional[str] = None,
arg_length: Optional[int] = None,
arg_name_length: Optional[int] = None,
combined_file_sizes: Optional[int] = None,
critical_anomaly_score: Optional[int] = None,
crs_validate_utf8_encoding: Optional[bool] = None,
error_anomaly_score: Optional[int] = None,
high_risk_country_codes: Optional[str] = None,
http_violation_score_threshold: Optional[int] = None,
inbound_anomaly_score_threshold: Optional[int] = None,
lfi_score_threshold: Optional[int] = None,
allowed_request_content_type: Optional[str] = None,
notice_anomaly_score: Optional[int] = None,
allowed_methods: Optional[str] = None,
paranoia_level: Optional[int] = None,
php_injection_score_threshold: Optional[int] = None,
rce_score_threshold: Optional[int] = None,
restricted_extensions: Optional[str] = None,
restricted_headers: Optional[str] = None,
rfi_score_threshold: Optional[int] = None,
rule_exclusions: Optional[Sequence[ServiceWafConfigurationRuleExclusionArgs]] = None,
rules: Optional[Sequence[ServiceWafConfigurationRuleArgs]] = None,
session_fixation_score_threshold: Optional[int] = None,
sql_injection_score_threshold: Optional[int] = None,
total_arg_length: Optional[int] = None,
allowed_http_versions: Optional[str] = None,
warning_anomaly_score: Optional[int] = None,
activate: Optional[bool] = None)func NewServiceWafConfiguration(ctx *Context, name string, args ServiceWafConfigurationArgs, opts ...ResourceOption) (*ServiceWafConfiguration, error)public ServiceWafConfiguration(string name, ServiceWafConfigurationArgs args, CustomResourceOptions? opts = null)public ServiceWafConfiguration(String name, ServiceWafConfigurationArgs args)
public ServiceWafConfiguration(String name, ServiceWafConfigurationArgs args, CustomResourceOptions options)
type: fastly:ServiceWafConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ServiceWafConfigurationArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ServiceWafConfigurationArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ServiceWafConfigurationArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ServiceWafConfigurationArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ServiceWafConfigurationArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serviceWafConfigurationResource = new Fastly.ServiceWafConfiguration("serviceWafConfigurationResource", new()
{
WafId = "string",
MaxNumArgs = 0,
XssScoreThreshold = 0,
MaxFileSize = 0,
AllowedRequestContentTypeCharset = "string",
ArgLength = 0,
ArgNameLength = 0,
CombinedFileSizes = 0,
CriticalAnomalyScore = 0,
CrsValidateUtf8Encoding = false,
ErrorAnomalyScore = 0,
HighRiskCountryCodes = "string",
HttpViolationScoreThreshold = 0,
InboundAnomalyScoreThreshold = 0,
LfiScoreThreshold = 0,
AllowedRequestContentType = "string",
NoticeAnomalyScore = 0,
AllowedMethods = "string",
ParanoiaLevel = 0,
PhpInjectionScoreThreshold = 0,
RceScoreThreshold = 0,
RestrictedExtensions = "string",
RestrictedHeaders = "string",
RfiScoreThreshold = 0,
RuleExclusions = new[]
{
new Fastly.Inputs.ServiceWafConfigurationRuleExclusionArgs
{
Condition = "string",
ExclusionType = "string",
Name = "string",
ModsecRuleIds = new[]
{
0,
},
Number = 0,
},
},
Rules = new[]
{
new Fastly.Inputs.ServiceWafConfigurationRuleArgs
{
ModsecRuleId = 0,
Status = "string",
Revision = 0,
},
},
SessionFixationScoreThreshold = 0,
SqlInjectionScoreThreshold = 0,
TotalArgLength = 0,
AllowedHttpVersions = "string",
WarningAnomalyScore = 0,
Activate = false,
});
example, err := fastly.NewServiceWafConfiguration(ctx, "serviceWafConfigurationResource", &fastly.ServiceWafConfigurationArgs{
WafId: pulumi.String("string"),
MaxNumArgs: pulumi.Int(0),
XssScoreThreshold: pulumi.Int(0),
MaxFileSize: pulumi.Int(0),
AllowedRequestContentTypeCharset: pulumi.String("string"),
ArgLength: pulumi.Int(0),
ArgNameLength: pulumi.Int(0),
CombinedFileSizes: pulumi.Int(0),
CriticalAnomalyScore: pulumi.Int(0),
CrsValidateUtf8Encoding: pulumi.Bool(false),
ErrorAnomalyScore: pulumi.Int(0),
HighRiskCountryCodes: pulumi.String("string"),
HttpViolationScoreThreshold: pulumi.Int(0),
InboundAnomalyScoreThreshold: pulumi.Int(0),
LfiScoreThreshold: pulumi.Int(0),
AllowedRequestContentType: pulumi.String("string"),
NoticeAnomalyScore: pulumi.Int(0),
AllowedMethods: pulumi.String("string"),
ParanoiaLevel: pulumi.Int(0),
PhpInjectionScoreThreshold: pulumi.Int(0),
RceScoreThreshold: pulumi.Int(0),
RestrictedExtensions: pulumi.String("string"),
RestrictedHeaders: pulumi.String("string"),
RfiScoreThreshold: pulumi.Int(0),
RuleExclusions: fastly.ServiceWafConfigurationRuleExclusionArray{
&fastly.ServiceWafConfigurationRuleExclusionArgs{
Condition: pulumi.String("string"),
ExclusionType: pulumi.String("string"),
Name: pulumi.String("string"),
ModsecRuleIds: pulumi.IntArray{
pulumi.Int(0),
},
Number: pulumi.Int(0),
},
},
Rules: fastly.ServiceWafConfigurationRuleArray{
&fastly.ServiceWafConfigurationRuleArgs{
ModsecRuleId: pulumi.Int(0),
Status: pulumi.String("string"),
Revision: pulumi.Int(0),
},
},
SessionFixationScoreThreshold: pulumi.Int(0),
SqlInjectionScoreThreshold: pulumi.Int(0),
TotalArgLength: pulumi.Int(0),
AllowedHttpVersions: pulumi.String("string"),
WarningAnomalyScore: pulumi.Int(0),
Activate: pulumi.Bool(false),
})
var serviceWafConfigurationResource = new ServiceWafConfiguration("serviceWafConfigurationResource", ServiceWafConfigurationArgs.builder()
.wafId("string")
.maxNumArgs(0)
.xssScoreThreshold(0)
.maxFileSize(0)
.allowedRequestContentTypeCharset("string")
.argLength(0)
.argNameLength(0)
.combinedFileSizes(0)
.criticalAnomalyScore(0)
.crsValidateUtf8Encoding(false)
.errorAnomalyScore(0)
.highRiskCountryCodes("string")
.httpViolationScoreThreshold(0)
.inboundAnomalyScoreThreshold(0)
.lfiScoreThreshold(0)
.allowedRequestContentType("string")
.noticeAnomalyScore(0)
.allowedMethods("string")
.paranoiaLevel(0)
.phpInjectionScoreThreshold(0)
.rceScoreThreshold(0)
.restrictedExtensions("string")
.restrictedHeaders("string")
.rfiScoreThreshold(0)
.ruleExclusions(ServiceWafConfigurationRuleExclusionArgs.builder()
.condition("string")
.exclusionType("string")
.name("string")
.modsecRuleIds(0)
.number(0)
.build())
.rules(ServiceWafConfigurationRuleArgs.builder()
.modsecRuleId(0)
.status("string")
.revision(0)
.build())
.sessionFixationScoreThreshold(0)
.sqlInjectionScoreThreshold(0)
.totalArgLength(0)
.allowedHttpVersions("string")
.warningAnomalyScore(0)
.activate(false)
.build());
service_waf_configuration_resource = fastly.ServiceWafConfiguration("serviceWafConfigurationResource",
waf_id="string",
max_num_args=0,
xss_score_threshold=0,
max_file_size=0,
allowed_request_content_type_charset="string",
arg_length=0,
arg_name_length=0,
combined_file_sizes=0,
critical_anomaly_score=0,
crs_validate_utf8_encoding=False,
error_anomaly_score=0,
high_risk_country_codes="string",
http_violation_score_threshold=0,
inbound_anomaly_score_threshold=0,
lfi_score_threshold=0,
allowed_request_content_type="string",
notice_anomaly_score=0,
allowed_methods="string",
paranoia_level=0,
php_injection_score_threshold=0,
rce_score_threshold=0,
restricted_extensions="string",
restricted_headers="string",
rfi_score_threshold=0,
rule_exclusions=[{
"condition": "string",
"exclusion_type": "string",
"name": "string",
"modsec_rule_ids": [0],
"number": 0,
}],
rules=[{
"modsec_rule_id": 0,
"status": "string",
"revision": 0,
}],
session_fixation_score_threshold=0,
sql_injection_score_threshold=0,
total_arg_length=0,
allowed_http_versions="string",
warning_anomaly_score=0,
activate=False)
const serviceWafConfigurationResource = new fastly.ServiceWafConfiguration("serviceWafConfigurationResource", {
wafId: "string",
maxNumArgs: 0,
xssScoreThreshold: 0,
maxFileSize: 0,
allowedRequestContentTypeCharset: "string",
argLength: 0,
argNameLength: 0,
combinedFileSizes: 0,
criticalAnomalyScore: 0,
crsValidateUtf8Encoding: false,
errorAnomalyScore: 0,
highRiskCountryCodes: "string",
httpViolationScoreThreshold: 0,
inboundAnomalyScoreThreshold: 0,
lfiScoreThreshold: 0,
allowedRequestContentType: "string",
noticeAnomalyScore: 0,
allowedMethods: "string",
paranoiaLevel: 0,
phpInjectionScoreThreshold: 0,
rceScoreThreshold: 0,
restrictedExtensions: "string",
restrictedHeaders: "string",
rfiScoreThreshold: 0,
ruleExclusions: [{
condition: "string",
exclusionType: "string",
name: "string",
modsecRuleIds: [0],
number: 0,
}],
rules: [{
modsecRuleId: 0,
status: "string",
revision: 0,
}],
sessionFixationScoreThreshold: 0,
sqlInjectionScoreThreshold: 0,
totalArgLength: 0,
allowedHttpVersions: "string",
warningAnomalyScore: 0,
activate: false,
});
type: fastly:ServiceWafConfiguration
properties:
activate: false
allowedHttpVersions: string
allowedMethods: string
allowedRequestContentType: string
allowedRequestContentTypeCharset: string
argLength: 0
argNameLength: 0
combinedFileSizes: 0
criticalAnomalyScore: 0
crsValidateUtf8Encoding: false
errorAnomalyScore: 0
highRiskCountryCodes: string
httpViolationScoreThreshold: 0
inboundAnomalyScoreThreshold: 0
lfiScoreThreshold: 0
maxFileSize: 0
maxNumArgs: 0
noticeAnomalyScore: 0
paranoiaLevel: 0
phpInjectionScoreThreshold: 0
rceScoreThreshold: 0
restrictedExtensions: string
restrictedHeaders: string
rfiScoreThreshold: 0
ruleExclusions:
- condition: string
exclusionType: string
modsecRuleIds:
- 0
name: string
number: 0
rules:
- modsecRuleId: 0
revision: 0
status: string
sessionFixationScoreThreshold: 0
sqlInjectionScoreThreshold: 0
totalArgLength: 0
wafId: string
warningAnomalyScore: 0
xssScoreThreshold: 0
ServiceWafConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServiceWafConfiguration resource accepts the following input properties:
- Waf
Id stringThis property is required. 
Changes to this property will trigger replacement. - The ID of the Web Application Firewall that the configuration belongs to
- Activate bool
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - Allowed
Http stringVersions - Allowed HTTP versions
- Allowed
Methods string - A space-separated list of HTTP method names
- Allowed
Request stringContent Type - Allowed request content types
- Allowed
Request stringContent Type Charset - Allowed request content type charset
- Arg
Length int - The maximum number of arguments allowed
- Arg
Name intLength - The maximum allowed argument name length
- Combined
File intSizes - The maximum allowed size of all files
- Critical
Anomaly intScore - Score value to add for critical anomalies
- Crs
Validate boolUtf8Encoding - CRS validate UTF8 encoding
- Error
Anomaly intScore - Score value to add for error anomalies
- High
Risk stringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- Http
Violation intScore Threshold - HTTP violation threshold
- Inbound
Anomaly intScore Threshold - Inbound anomaly threshold
- Lfi
Score intThreshold - Local file inclusion attack threshold
- Max
File intSize - The maximum allowed file size, in bytes
- Max
Num intArgs - The maximum number of arguments allowed
- Notice
Anomaly intScore - Score value to add for notice anomalies
- Paranoia
Level int - The configured paranoia level
- Php
Injection intScore Threshold - PHP injection threshold
- Rce
Score intThreshold - Remote code execution threshold
- Restricted
Extensions string - A space-separated list of allowed file extensions
- Restricted
Headers string - A space-separated list of allowed header names
- Rfi
Score intThreshold - Remote file inclusion attack threshold
- Rule
Exclusions List<ServiceWaf Configuration Rule Exclusion> - Rules
List<Service
Waf Configuration Rule> - Session
Fixation intScore Threshold - Session fixation attack threshold
- Sql
Injection intScore Threshold - SQL injection attack threshold
- Total
Arg intLength - The maximum size of argument names and values
- Warning
Anomaly intScore - Score value to add for warning anomalies
- Xss
Score intThreshold - XSS attack threshold
- Waf
Id stringThis property is required. Changes to this property will trigger replacement. - The ID of the Web Application Firewall that the configuration belongs to
- Activate bool
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - Allowed
Http stringVersions - Allowed HTTP versions
- Allowed
Methods string - A space-separated list of HTTP method names
- Allowed
Request stringContent Type - Allowed request content types
- Allowed
Request stringContent Type Charset - Allowed request content type charset
- Arg
Length int - The maximum number of arguments allowed
- Arg
Name intLength - The maximum allowed argument name length
- Combined
File intSizes - The maximum allowed size of all files
- Critical
Anomaly intScore - Score value to add for critical anomalies
- Crs
Validate boolUtf8Encoding - CRS validate UTF8 encoding
- Error
Anomaly intScore - Score value to add for error anomalies
- High
Risk stringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- Http
Violation intScore Threshold - HTTP violation threshold
- Inbound
Anomaly intScore Threshold - Inbound anomaly threshold
- Lfi
Score intThreshold - Local file inclusion attack threshold
- Max
File intSize - The maximum allowed file size, in bytes
- Max
Num intArgs - The maximum number of arguments allowed
- Notice
Anomaly intScore - Score value to add for notice anomalies
- Paranoia
Level int - The configured paranoia level
- Php
Injection intScore Threshold - PHP injection threshold
- Rce
Score intThreshold - Remote code execution threshold
- Restricted
Extensions string - A space-separated list of allowed file extensions
- Restricted
Headers string - A space-separated list of allowed header names
- Rfi
Score intThreshold - Remote file inclusion attack threshold
- Rule
Exclusions []ServiceWaf Configuration Rule Exclusion Args - Rules
[]Service
Waf Configuration Rule Args - Session
Fixation intScore Threshold - Session fixation attack threshold
- Sql
Injection intScore Threshold - SQL injection attack threshold
- Total
Arg intLength - The maximum size of argument names and values
- Warning
Anomaly intScore - Score value to add for warning anomalies
- Xss
Score intThreshold - XSS attack threshold
- waf
Id StringThis property is required. Changes to this property will trigger replacement. - The ID of the Web Application Firewall that the configuration belongs to
- activate Boolean
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - allowed
Http StringVersions - Allowed HTTP versions
- allowed
Methods String - A space-separated list of HTTP method names
- allowed
Request StringContent Type - Allowed request content types
- allowed
Request StringContent Type Charset - Allowed request content type charset
- arg
Length Integer - The maximum number of arguments allowed
- arg
Name IntegerLength - The maximum allowed argument name length
- combined
File IntegerSizes - The maximum allowed size of all files
- critical
Anomaly IntegerScore - Score value to add for critical anomalies
- crs
Validate BooleanUtf8Encoding - CRS validate UTF8 encoding
- error
Anomaly IntegerScore - Score value to add for error anomalies
- high
Risk StringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http
Violation IntegerScore Threshold - HTTP violation threshold
- inbound
Anomaly IntegerScore Threshold - Inbound anomaly threshold
- lfi
Score IntegerThreshold - Local file inclusion attack threshold
- max
File IntegerSize - The maximum allowed file size, in bytes
- max
Num IntegerArgs - The maximum number of arguments allowed
- notice
Anomaly IntegerScore - Score value to add for notice anomalies
- paranoia
Level Integer - The configured paranoia level
- php
Injection IntegerScore Threshold - PHP injection threshold
- rce
Score IntegerThreshold - Remote code execution threshold
- restricted
Extensions String - A space-separated list of allowed file extensions
- restricted
Headers String - A space-separated list of allowed header names
- rfi
Score IntegerThreshold - Remote file inclusion attack threshold
- rule
Exclusions List<ServiceWaf Configuration Rule Exclusion> - rules
List<Service
Waf Configuration Rule> - session
Fixation IntegerScore Threshold - Session fixation attack threshold
- sql
Injection IntegerScore Threshold - SQL injection attack threshold
- total
Arg IntegerLength - The maximum size of argument names and values
- warning
Anomaly IntegerScore - Score value to add for warning anomalies
- xss
Score IntegerThreshold - XSS attack threshold
- waf
Id stringThis property is required. Changes to this property will trigger replacement. - The ID of the Web Application Firewall that the configuration belongs to
- activate boolean
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - allowed
Http stringVersions - Allowed HTTP versions
- allowed
Methods string - A space-separated list of HTTP method names
- allowed
Request stringContent Type - Allowed request content types
- allowed
Request stringContent Type Charset - Allowed request content type charset
- arg
Length number - The maximum number of arguments allowed
- arg
Name numberLength - The maximum allowed argument name length
- combined
File numberSizes - The maximum allowed size of all files
- critical
Anomaly numberScore - Score value to add for critical anomalies
- crs
Validate booleanUtf8Encoding - CRS validate UTF8 encoding
- error
Anomaly numberScore - Score value to add for error anomalies
- high
Risk stringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http
Violation numberScore Threshold - HTTP violation threshold
- inbound
Anomaly numberScore Threshold - Inbound anomaly threshold
- lfi
Score numberThreshold - Local file inclusion attack threshold
- max
File numberSize - The maximum allowed file size, in bytes
- max
Num numberArgs - The maximum number of arguments allowed
- notice
Anomaly numberScore - Score value to add for notice anomalies
- paranoia
Level number - The configured paranoia level
- php
Injection numberScore Threshold - PHP injection threshold
- rce
Score numberThreshold - Remote code execution threshold
- restricted
Extensions string - A space-separated list of allowed file extensions
- restricted
Headers string - A space-separated list of allowed header names
- rfi
Score numberThreshold - Remote file inclusion attack threshold
- rule
Exclusions ServiceWaf Configuration Rule Exclusion[] - rules
Service
Waf Configuration Rule[] - session
Fixation numberScore Threshold - Session fixation attack threshold
- sql
Injection numberScore Threshold - SQL injection attack threshold
- total
Arg numberLength - The maximum size of argument names and values
- warning
Anomaly numberScore - Score value to add for warning anomalies
- xss
Score numberThreshold - XSS attack threshold
- waf_
id strThis property is required. Changes to this property will trigger replacement. - The ID of the Web Application Firewall that the configuration belongs to
- activate bool
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - allowed_
http_ strversions - Allowed HTTP versions
- allowed_
methods str - A space-separated list of HTTP method names
- allowed_
request_ strcontent_ type - Allowed request content types
- allowed_
request_ strcontent_ type_ charset - Allowed request content type charset
- arg_
length int - The maximum number of arguments allowed
- arg_
name_ intlength - The maximum allowed argument name length
- combined_
file_ intsizes - The maximum allowed size of all files
- critical_
anomaly_ intscore - Score value to add for critical anomalies
- crs_
validate_ boolutf8_ encoding - CRS validate UTF8 encoding
- error_
anomaly_ intscore - Score value to add for error anomalies
- high_
risk_ strcountry_ codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http_
violation_ intscore_ threshold - HTTP violation threshold
- inbound_
anomaly_ intscore_ threshold - Inbound anomaly threshold
- lfi_
score_ intthreshold - Local file inclusion attack threshold
- max_
file_ intsize - The maximum allowed file size, in bytes
- max_
num_ intargs - The maximum number of arguments allowed
- notice_
anomaly_ intscore - Score value to add for notice anomalies
- paranoia_
level int - The configured paranoia level
- php_
injection_ intscore_ threshold - PHP injection threshold
- rce_
score_ intthreshold - Remote code execution threshold
- restricted_
extensions str - A space-separated list of allowed file extensions
- restricted_
headers str - A space-separated list of allowed header names
- rfi_
score_ intthreshold - Remote file inclusion attack threshold
- rule_
exclusions Sequence[ServiceWaf Configuration Rule Exclusion Args] - rules
Sequence[Service
Waf Configuration Rule Args] - session_
fixation_ intscore_ threshold - Session fixation attack threshold
- sql_
injection_ intscore_ threshold - SQL injection attack threshold
- total_
arg_ intlength - The maximum size of argument names and values
- warning_
anomaly_ intscore - Score value to add for warning anomalies
- xss_
score_ intthreshold - XSS attack threshold
- waf
Id StringThis property is required. Changes to this property will trigger replacement. - The ID of the Web Application Firewall that the configuration belongs to
- activate Boolean
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - allowed
Http StringVersions - Allowed HTTP versions
- allowed
Methods String - A space-separated list of HTTP method names
- allowed
Request StringContent Type - Allowed request content types
- allowed
Request StringContent Type Charset - Allowed request content type charset
- arg
Length Number - The maximum number of arguments allowed
- arg
Name NumberLength - The maximum allowed argument name length
- combined
File NumberSizes - The maximum allowed size of all files
- critical
Anomaly NumberScore - Score value to add for critical anomalies
- crs
Validate BooleanUtf8Encoding - CRS validate UTF8 encoding
- error
Anomaly NumberScore - Score value to add for error anomalies
- high
Risk StringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http
Violation NumberScore Threshold - HTTP violation threshold
- inbound
Anomaly NumberScore Threshold - Inbound anomaly threshold
- lfi
Score NumberThreshold - Local file inclusion attack threshold
- max
File NumberSize - The maximum allowed file size, in bytes
- max
Num NumberArgs - The maximum number of arguments allowed
- notice
Anomaly NumberScore - Score value to add for notice anomalies
- paranoia
Level Number - The configured paranoia level
- php
Injection NumberScore Threshold - PHP injection threshold
- rce
Score NumberThreshold - Remote code execution threshold
- restricted
Extensions String - A space-separated list of allowed file extensions
- restricted
Headers String - A space-separated list of allowed header names
- rfi
Score NumberThreshold - Remote file inclusion attack threshold
- rule
Exclusions List<Property Map> - rules List<Property Map>
- session
Fixation NumberScore Threshold - Session fixation attack threshold
- sql
Injection NumberScore Threshold - SQL injection attack threshold
- total
Arg NumberLength - The maximum size of argument names and values
- warning
Anomaly NumberScore - Score value to add for warning anomalies
- xss
Score NumberThreshold - XSS attack threshold
Outputs
All input properties are implicitly available as output properties. Additionally, the ServiceWafConfiguration resource produces the following output properties:
- Active bool
- Whether a specific firewall version is currently deployed
- Cloned
Version int - The latest cloned firewall version by the provider
- Id string
- The provider-assigned unique ID for this managed resource.
- Number int
- The WAF firewall version
- Active bool
- Whether a specific firewall version is currently deployed
- Cloned
Version int - The latest cloned firewall version by the provider
- Id string
- The provider-assigned unique ID for this managed resource.
- Number int
- The WAF firewall version
- active Boolean
- Whether a specific firewall version is currently deployed
- cloned
Version Integer - The latest cloned firewall version by the provider
- id String
- The provider-assigned unique ID for this managed resource.
- number Integer
- The WAF firewall version
- active boolean
- Whether a specific firewall version is currently deployed
- cloned
Version number - The latest cloned firewall version by the provider
- id string
- The provider-assigned unique ID for this managed resource.
- number number
- The WAF firewall version
- active bool
- Whether a specific firewall version is currently deployed
- cloned_
version int - The latest cloned firewall version by the provider
- id str
- The provider-assigned unique ID for this managed resource.
- number int
- The WAF firewall version
- active Boolean
- Whether a specific firewall version is currently deployed
- cloned
Version Number - The latest cloned firewall version by the provider
- id String
- The provider-assigned unique ID for this managed resource.
- number Number
- The WAF firewall version
Look up Existing ServiceWafConfiguration Resource
Get an existing ServiceWafConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServiceWafConfigurationState, opts?: CustomResourceOptions): ServiceWafConfiguration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
activate: Optional[bool] = None,
active: Optional[bool] = None,
allowed_http_versions: Optional[str] = None,
allowed_methods: Optional[str] = None,
allowed_request_content_type: Optional[str] = None,
allowed_request_content_type_charset: Optional[str] = None,
arg_length: Optional[int] = None,
arg_name_length: Optional[int] = None,
cloned_version: Optional[int] = None,
combined_file_sizes: Optional[int] = None,
critical_anomaly_score: Optional[int] = None,
crs_validate_utf8_encoding: Optional[bool] = None,
error_anomaly_score: Optional[int] = None,
high_risk_country_codes: Optional[str] = None,
http_violation_score_threshold: Optional[int] = None,
inbound_anomaly_score_threshold: Optional[int] = None,
lfi_score_threshold: Optional[int] = None,
max_file_size: Optional[int] = None,
max_num_args: Optional[int] = None,
notice_anomaly_score: Optional[int] = None,
number: Optional[int] = None,
paranoia_level: Optional[int] = None,
php_injection_score_threshold: Optional[int] = None,
rce_score_threshold: Optional[int] = None,
restricted_extensions: Optional[str] = None,
restricted_headers: Optional[str] = None,
rfi_score_threshold: Optional[int] = None,
rule_exclusions: Optional[Sequence[ServiceWafConfigurationRuleExclusionArgs]] = None,
rules: Optional[Sequence[ServiceWafConfigurationRuleArgs]] = None,
session_fixation_score_threshold: Optional[int] = None,
sql_injection_score_threshold: Optional[int] = None,
total_arg_length: Optional[int] = None,
waf_id: Optional[str] = None,
warning_anomaly_score: Optional[int] = None,
xss_score_threshold: Optional[int] = None) -> ServiceWafConfigurationfunc GetServiceWafConfiguration(ctx *Context, name string, id IDInput, state *ServiceWafConfigurationState, opts ...ResourceOption) (*ServiceWafConfiguration, error)public static ServiceWafConfiguration Get(string name, Input<string> id, ServiceWafConfigurationState? state, CustomResourceOptions? opts = null)public static ServiceWafConfiguration get(String name, Output<String> id, ServiceWafConfigurationState state, CustomResourceOptions options)resources: _: type: fastly:ServiceWafConfiguration get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Activate bool
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - Active bool
- Whether a specific firewall version is currently deployed
- Allowed
Http stringVersions - Allowed HTTP versions
- Allowed
Methods string - A space-separated list of HTTP method names
- Allowed
Request stringContent Type - Allowed request content types
- Allowed
Request stringContent Type Charset - Allowed request content type charset
- Arg
Length int - The maximum number of arguments allowed
- Arg
Name intLength - The maximum allowed argument name length
- Cloned
Version int - The latest cloned firewall version by the provider
- Combined
File intSizes - The maximum allowed size of all files
- Critical
Anomaly intScore - Score value to add for critical anomalies
- Crs
Validate boolUtf8Encoding - CRS validate UTF8 encoding
- Error
Anomaly intScore - Score value to add for error anomalies
- High
Risk stringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- Http
Violation intScore Threshold - HTTP violation threshold
- Inbound
Anomaly intScore Threshold - Inbound anomaly threshold
- Lfi
Score intThreshold - Local file inclusion attack threshold
- Max
File intSize - The maximum allowed file size, in bytes
- Max
Num intArgs - The maximum number of arguments allowed
- Notice
Anomaly intScore - Score value to add for notice anomalies
- Number int
- The WAF firewall version
- Paranoia
Level int - The configured paranoia level
- Php
Injection intScore Threshold - PHP injection threshold
- Rce
Score intThreshold - Remote code execution threshold
- Restricted
Extensions string - A space-separated list of allowed file extensions
- Restricted
Headers string - A space-separated list of allowed header names
- Rfi
Score intThreshold - Remote file inclusion attack threshold
- Rule
Exclusions List<ServiceWaf Configuration Rule Exclusion> - Rules
List<Service
Waf Configuration Rule> - Session
Fixation intScore Threshold - Session fixation attack threshold
- Sql
Injection intScore Threshold - SQL injection attack threshold
- Total
Arg intLength - The maximum size of argument names and values
- Waf
Id - The ID of the Web Application Firewall that the configuration belongs to
- Warning
Anomaly intScore - Score value to add for warning anomalies
- Xss
Score intThreshold - XSS attack threshold
- Activate bool
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - Active bool
- Whether a specific firewall version is currently deployed
- Allowed
Http stringVersions - Allowed HTTP versions
- Allowed
Methods string - A space-separated list of HTTP method names
- Allowed
Request stringContent Type - Allowed request content types
- Allowed
Request stringContent Type Charset - Allowed request content type charset
- Arg
Length int - The maximum number of arguments allowed
- Arg
Name intLength - The maximum allowed argument name length
- Cloned
Version int - The latest cloned firewall version by the provider
- Combined
File intSizes - The maximum allowed size of all files
- Critical
Anomaly intScore - Score value to add for critical anomalies
- Crs
Validate boolUtf8Encoding - CRS validate UTF8 encoding
- Error
Anomaly intScore - Score value to add for error anomalies
- High
Risk stringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- Http
Violation intScore Threshold - HTTP violation threshold
- Inbound
Anomaly intScore Threshold - Inbound anomaly threshold
- Lfi
Score intThreshold - Local file inclusion attack threshold
- Max
File intSize - The maximum allowed file size, in bytes
- Max
Num intArgs - The maximum number of arguments allowed
- Notice
Anomaly intScore - Score value to add for notice anomalies
- Number int
- The WAF firewall version
- Paranoia
Level int - The configured paranoia level
- Php
Injection intScore Threshold - PHP injection threshold
- Rce
Score intThreshold - Remote code execution threshold
- Restricted
Extensions string - A space-separated list of allowed file extensions
- Restricted
Headers string - A space-separated list of allowed header names
- Rfi
Score intThreshold - Remote file inclusion attack threshold
- Rule
Exclusions []ServiceWaf Configuration Rule Exclusion Args - Rules
[]Service
Waf Configuration Rule Args - Session
Fixation intScore Threshold - Session fixation attack threshold
- Sql
Injection intScore Threshold - SQL injection attack threshold
- Total
Arg intLength - The maximum size of argument names and values
- Waf
Id - The ID of the Web Application Firewall that the configuration belongs to
- Warning
Anomaly intScore - Score value to add for warning anomalies
- Xss
Score intThreshold - XSS attack threshold
- activate Boolean
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - active Boolean
- Whether a specific firewall version is currently deployed
- allowed
Http StringVersions - Allowed HTTP versions
- allowed
Methods String - A space-separated list of HTTP method names
- allowed
Request StringContent Type - Allowed request content types
- allowed
Request StringContent Type Charset - Allowed request content type charset
- arg
Length Integer - The maximum number of arguments allowed
- arg
Name IntegerLength - The maximum allowed argument name length
- cloned
Version Integer - The latest cloned firewall version by the provider
- combined
File IntegerSizes - The maximum allowed size of all files
- critical
Anomaly IntegerScore - Score value to add for critical anomalies
- crs
Validate BooleanUtf8Encoding - CRS validate UTF8 encoding
- error
Anomaly IntegerScore - Score value to add for error anomalies
- high
Risk StringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http
Violation IntegerScore Threshold - HTTP violation threshold
- inbound
Anomaly IntegerScore Threshold - Inbound anomaly threshold
- lfi
Score IntegerThreshold - Local file inclusion attack threshold
- max
File IntegerSize - The maximum allowed file size, in bytes
- max
Num IntegerArgs - The maximum number of arguments allowed
- notice
Anomaly IntegerScore - Score value to add for notice anomalies
- number Integer
- The WAF firewall version
- paranoia
Level Integer - The configured paranoia level
- php
Injection IntegerScore Threshold - PHP injection threshold
- rce
Score IntegerThreshold - Remote code execution threshold
- restricted
Extensions String - A space-separated list of allowed file extensions
- restricted
Headers String - A space-separated list of allowed header names
- rfi
Score IntegerThreshold - Remote file inclusion attack threshold
- rule
Exclusions List<ServiceWaf Configuration Rule Exclusion> - rules
List<Service
Waf Configuration Rule> - session
Fixation IntegerScore Threshold - Session fixation attack threshold
- sql
Injection IntegerScore Threshold - SQL injection attack threshold
- total
Arg IntegerLength - The maximum size of argument names and values
- waf
Id - The ID of the Web Application Firewall that the configuration belongs to
- warning
Anomaly IntegerScore - Score value to add for warning anomalies
- xss
Score IntegerThreshold - XSS attack threshold
- activate boolean
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - active boolean
- Whether a specific firewall version is currently deployed
- allowed
Http stringVersions - Allowed HTTP versions
- allowed
Methods string - A space-separated list of HTTP method names
- allowed
Request stringContent Type - Allowed request content types
- allowed
Request stringContent Type Charset - Allowed request content type charset
- arg
Length number - The maximum number of arguments allowed
- arg
Name numberLength - The maximum allowed argument name length
- cloned
Version number - The latest cloned firewall version by the provider
- combined
File numberSizes - The maximum allowed size of all files
- critical
Anomaly numberScore - Score value to add for critical anomalies
- crs
Validate booleanUtf8Encoding - CRS validate UTF8 encoding
- error
Anomaly numberScore - Score value to add for error anomalies
- high
Risk stringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http
Violation numberScore Threshold - HTTP violation threshold
- inbound
Anomaly numberScore Threshold - Inbound anomaly threshold
- lfi
Score numberThreshold - Local file inclusion attack threshold
- max
File numberSize - The maximum allowed file size, in bytes
- max
Num numberArgs - The maximum number of arguments allowed
- notice
Anomaly numberScore - Score value to add for notice anomalies
- number number
- The WAF firewall version
- paranoia
Level number - The configured paranoia level
- php
Injection numberScore Threshold - PHP injection threshold
- rce
Score numberThreshold - Remote code execution threshold
- restricted
Extensions string - A space-separated list of allowed file extensions
- restricted
Headers string - A space-separated list of allowed header names
- rfi
Score numberThreshold - Remote file inclusion attack threshold
- rule
Exclusions ServiceWaf Configuration Rule Exclusion[] - rules
Service
Waf Configuration Rule[] - session
Fixation numberScore Threshold - Session fixation attack threshold
- sql
Injection numberScore Threshold - SQL injection attack threshold
- total
Arg numberLength - The maximum size of argument names and values
- waf
Id - The ID of the Web Application Firewall that the configuration belongs to
- warning
Anomaly numberScore - Score value to add for warning anomalies
- xss
Score numberThreshold - XSS attack threshold
- activate bool
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - active bool
- Whether a specific firewall version is currently deployed
- allowed_
http_ strversions - Allowed HTTP versions
- allowed_
methods str - A space-separated list of HTTP method names
- allowed_
request_ strcontent_ type - Allowed request content types
- allowed_
request_ strcontent_ type_ charset - Allowed request content type charset
- arg_
length int - The maximum number of arguments allowed
- arg_
name_ intlength - The maximum allowed argument name length
- cloned_
version int - The latest cloned firewall version by the provider
- combined_
file_ intsizes - The maximum allowed size of all files
- critical_
anomaly_ intscore - Score value to add for critical anomalies
- crs_
validate_ boolutf8_ encoding - CRS validate UTF8 encoding
- error_
anomaly_ intscore - Score value to add for error anomalies
- high_
risk_ strcountry_ codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http_
violation_ intscore_ threshold - HTTP violation threshold
- inbound_
anomaly_ intscore_ threshold - Inbound anomaly threshold
- lfi_
score_ intthreshold - Local file inclusion attack threshold
- max_
file_ intsize - The maximum allowed file size, in bytes
- max_
num_ intargs - The maximum number of arguments allowed
- notice_
anomaly_ intscore - Score value to add for notice anomalies
- number int
- The WAF firewall version
- paranoia_
level int - The configured paranoia level
- php_
injection_ intscore_ threshold - PHP injection threshold
- rce_
score_ intthreshold - Remote code execution threshold
- restricted_
extensions str - A space-separated list of allowed file extensions
- restricted_
headers str - A space-separated list of allowed header names
- rfi_
score_ intthreshold - Remote file inclusion attack threshold
- rule_
exclusions Sequence[ServiceWaf Configuration Rule Exclusion Args] - rules
Sequence[Service
Waf Configuration Rule Args] - session_
fixation_ intscore_ threshold - Session fixation attack threshold
- sql_
injection_ intscore_ threshold - SQL injection attack threshold
- total_
arg_ intlength - The maximum size of argument names and values
- waf_
id - The ID of the Web Application Firewall that the configuration belongs to
- warning_
anomaly_ intscore - Score value to add for warning anomalies
- xss_
score_ intthreshold - XSS attack threshold
- activate Boolean
- Conditionally prevents a new firewall version from being activated. The apply step will continue to create a new draft version but will not activate it if this is set to
false. Defaulttrue - active Boolean
- Whether a specific firewall version is currently deployed
- allowed
Http StringVersions - Allowed HTTP versions
- allowed
Methods String - A space-separated list of HTTP method names
- allowed
Request StringContent Type - Allowed request content types
- allowed
Request StringContent Type Charset - Allowed request content type charset
- arg
Length Number - The maximum number of arguments allowed
- arg
Name NumberLength - The maximum allowed argument name length
- cloned
Version Number - The latest cloned firewall version by the provider
- combined
File NumberSizes - The maximum allowed size of all files
- critical
Anomaly NumberScore - Score value to add for critical anomalies
- crs
Validate BooleanUtf8Encoding - CRS validate UTF8 encoding
- error
Anomaly NumberScore - Score value to add for error anomalies
- high
Risk StringCountry Codes - A space-separated list of country codes in ISO 3166-1 (two-letter) format
- http
Violation NumberScore Threshold - HTTP violation threshold
- inbound
Anomaly NumberScore Threshold - Inbound anomaly threshold
- lfi
Score NumberThreshold - Local file inclusion attack threshold
- max
File NumberSize - The maximum allowed file size, in bytes
- max
Num NumberArgs - The maximum number of arguments allowed
- notice
Anomaly NumberScore - Score value to add for notice anomalies
- number Number
- The WAF firewall version
- paranoia
Level Number - The configured paranoia level
- php
Injection NumberScore Threshold - PHP injection threshold
- rce
Score NumberThreshold - Remote code execution threshold
- restricted
Extensions String - A space-separated list of allowed file extensions
- restricted
Headers String - A space-separated list of allowed header names
- rfi
Score NumberThreshold - Remote file inclusion attack threshold
- rule
Exclusions List<Property Map> - rules List<Property Map>
- session
Fixation NumberScore Threshold - Session fixation attack threshold
- sql
Injection NumberScore Threshold - SQL injection attack threshold
- total
Arg NumberLength - The maximum size of argument names and values
- waf
Id - The ID of the Web Application Firewall that the configuration belongs to
- warning
Anomaly NumberScore - Score value to add for warning anomalies
- xss
Score NumberThreshold - XSS attack threshold
Supporting Types
ServiceWafConfigurationRule, ServiceWafConfigurationRuleArgs
, ServiceWafConfigurationRuleArgs
- Modsec
Rule Id This property is required. int - The Web Application Firewall rule's modsecurity ID
- Status
This property is required. string - The Web Application Firewall rule's status. Allowed values are (
log,blockandscore) - Revision int
- The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
- Modsec
Rule Id This property is required. int - The Web Application Firewall rule's modsecurity ID
- Status
This property is required. string - The Web Application Firewall rule's status. Allowed values are (
log,blockandscore) - Revision int
- The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
- modsec
Rule Id This property is required. Integer - The Web Application Firewall rule's modsecurity ID
- status
This property is required. String - The Web Application Firewall rule's status. Allowed values are (
log,blockandscore) - revision Integer
- The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
- modsec
Rule Id This property is required. number - The Web Application Firewall rule's modsecurity ID
- status
This property is required. string - The Web Application Firewall rule's status. Allowed values are (
log,blockandscore) - revision number
- The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
- modsec_
rule_ id This property is required. int - The Web Application Firewall rule's modsecurity ID
- status
This property is required. str - The Web Application Firewall rule's status. Allowed values are (
log,blockandscore) - revision int
- The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
- modsec
Rule Id This property is required. Number - The Web Application Firewall rule's modsecurity ID
- status
This property is required. String - The Web Application Firewall rule's status. Allowed values are (
log,blockandscore) - revision Number
- The Web Application Firewall rule's revision. The latest revision will be used if this is not provided
ServiceWafConfigurationRuleExclusion, ServiceWafConfigurationRuleExclusionArgs
, ServiceWafConfigurationRuleExclusionArgs
- Condition
This property is required. string - A conditional expression in VCL used to determine if the condition is met
- Exclusion
Type This property is required. string - The type of rule exclusion. Values are
ruleto exclude the specified rule(s), orwafto disable the Web Application Firewall - Name
This property is required. string - The name of rule exclusion
- Modsec
Rule List<int>Ids - Set of modsecurity IDs to be excluded. No rules should be provided when
exclusion_typeiswaf. The rules need to be configured on the Web Application Firewall to be excluded - Number int
- The numeric ID assigned to the WAF Rule Exclusion
- Condition
This property is required. string - A conditional expression in VCL used to determine if the condition is met
- Exclusion
Type This property is required. string - The type of rule exclusion. Values are
ruleto exclude the specified rule(s), orwafto disable the Web Application Firewall - Name
This property is required. string - The name of rule exclusion
- Modsec
Rule []intIds - Set of modsecurity IDs to be excluded. No rules should be provided when
exclusion_typeiswaf. The rules need to be configured on the Web Application Firewall to be excluded - Number int
- The numeric ID assigned to the WAF Rule Exclusion
- condition
This property is required. String - A conditional expression in VCL used to determine if the condition is met
- exclusion
Type This property is required. String - The type of rule exclusion. Values are
ruleto exclude the specified rule(s), orwafto disable the Web Application Firewall - name
This property is required. String - The name of rule exclusion
- modsec
Rule List<Integer>Ids - Set of modsecurity IDs to be excluded. No rules should be provided when
exclusion_typeiswaf. The rules need to be configured on the Web Application Firewall to be excluded - number Integer
- The numeric ID assigned to the WAF Rule Exclusion
- condition
This property is required. string - A conditional expression in VCL used to determine if the condition is met
- exclusion
Type This property is required. string - The type of rule exclusion. Values are
ruleto exclude the specified rule(s), orwafto disable the Web Application Firewall - name
This property is required. string - The name of rule exclusion
- modsec
Rule number[]Ids - Set of modsecurity IDs to be excluded. No rules should be provided when
exclusion_typeiswaf. The rules need to be configured on the Web Application Firewall to be excluded - number number
- The numeric ID assigned to the WAF Rule Exclusion
- condition
This property is required. str - A conditional expression in VCL used to determine if the condition is met
- exclusion_
type This property is required. str - The type of rule exclusion. Values are
ruleto exclude the specified rule(s), orwafto disable the Web Application Firewall - name
This property is required. str - The name of rule exclusion
- modsec_
rule_ Sequence[int]ids - Set of modsecurity IDs to be excluded. No rules should be provided when
exclusion_typeiswaf. The rules need to be configured on the Web Application Firewall to be excluded - number int
- The numeric ID assigned to the WAF Rule Exclusion
- condition
This property is required. String - A conditional expression in VCL used to determine if the condition is met
- exclusion
Type This property is required. String - The type of rule exclusion. Values are
ruleto exclude the specified rule(s), orwafto disable the Web Application Firewall - name
This property is required. String - The name of rule exclusion
- modsec
Rule List<Number>Ids - Set of modsecurity IDs to be excluded. No rules should be provided when
exclusion_typeiswaf. The rules need to be configured on the Web Application Firewall to be excluded - number Number
- The numeric ID assigned to the WAF Rule Exclusion
Import
This is an example of the import command being applied to the resource named fastly_service_waf_configuration.waf
The resource ID should be the WAF ID.
$ pulumi import fastly:index/serviceWafConfiguration:ServiceWafConfiguration waf xxxxxxxxxxxxxxxxxxxx
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Fastly pulumi/pulumi-fastly
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fastlyTerraform Provider.