@quantcdn/pulumi-quant 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.gitattributes +1 -0
- package/Pulumi.yaml +3 -0
- package/README.md +4 -0
- package/application.ts +281 -0
- package/config/index.ts +5 -0
- package/config/vars.ts +108 -0
- package/crawler.ts +493 -0
- package/crawlerSchedule.ts +214 -0
- package/cronJob.ts +215 -0
- package/domain.ts +144 -0
- package/environment.ts +287 -0
- package/getProject.ts +54 -0
- package/getProjects.ts +29 -0
- package/header.ts +97 -0
- package/index.ts +189 -0
- package/kvItem.ts +165 -0
- package/kvStore.ts +122 -0
- package/package.json +31 -0
- package/project.ts +214 -0
- package/provider.ts +128 -0
- package/ruleAuth.ts +397 -0
- package/ruleBotChallenge.ts +406 -0
- package/ruleContentFilter.ts +378 -0
- package/ruleCustomResponse.ts +420 -0
- package/ruleFunction.ts +378 -0
- package/ruleHeaders.ts +378 -0
- package/ruleProxy.ts +687 -0
- package/ruleRedirect.ts +365 -0
- package/ruleServeStatic.ts +378 -0
- package/tsconfig.json +47 -0
- package/types/index.ts +13 -0
- package/types/input.ts +585 -0
- package/types/output.ts +591 -0
- package/utilities.ts +96 -0
- package/volume.ts +210 -0
package/types/input.ts
ADDED
|
@@ -0,0 +1,585 @@
|
|
|
1
|
+
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
|
|
2
|
+
// *** Do not edit by hand unless you're certain you know what you are doing! ***
|
|
3
|
+
|
|
4
|
+
import * as pulumi from "@pulumi/pulumi";
|
|
5
|
+
import * as inputs from "../types/input";
|
|
6
|
+
import * as outputs from "../types/output";
|
|
7
|
+
|
|
8
|
+
export interface CrawlerAssets {
|
|
9
|
+
/**
|
|
10
|
+
* Network intercept configuration for asset collection
|
|
11
|
+
*/
|
|
12
|
+
networkIntercept?: pulumi.Input<inputs.CrawlerAssetsNetworkIntercept>;
|
|
13
|
+
/**
|
|
14
|
+
* Parser configuration for asset extraction
|
|
15
|
+
*/
|
|
16
|
+
parser?: pulumi.Input<inputs.CrawlerAssetsParser>;
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
export interface CrawlerAssetsNetworkIntercept {
|
|
20
|
+
/**
|
|
21
|
+
* Enable network intercept
|
|
22
|
+
*/
|
|
23
|
+
enabled?: pulumi.Input<boolean>;
|
|
24
|
+
/**
|
|
25
|
+
* Execute JavaScript during asset collection
|
|
26
|
+
*/
|
|
27
|
+
executeJs?: pulumi.Input<boolean>;
|
|
28
|
+
/**
|
|
29
|
+
* Request timeout in seconds
|
|
30
|
+
*/
|
|
31
|
+
timeout?: pulumi.Input<number>;
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
export interface CrawlerAssetsParser {
|
|
35
|
+
/**
|
|
36
|
+
* Enable parser
|
|
37
|
+
*/
|
|
38
|
+
enabled?: pulumi.Input<boolean>;
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
export interface CrawlerSitemap {
|
|
42
|
+
/**
|
|
43
|
+
* Recursively follow sitemap links
|
|
44
|
+
*/
|
|
45
|
+
recursive?: pulumi.Input<boolean>;
|
|
46
|
+
/**
|
|
47
|
+
* Sitemap URL
|
|
48
|
+
*/
|
|
49
|
+
url?: pulumi.Input<string>;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
export interface DomainDnsGoLiveRecord {
|
|
53
|
+
/**
|
|
54
|
+
* Human-readable instructions for configuring this DNS record
|
|
55
|
+
*/
|
|
56
|
+
description?: pulumi.Input<string>;
|
|
57
|
+
/**
|
|
58
|
+
* DNS record name/host (@ for apex/root domains, subdomain name for subdomains)
|
|
59
|
+
*/
|
|
60
|
+
name?: pulumi.Input<string>;
|
|
61
|
+
/**
|
|
62
|
+
* DNS record type (CNAME, A, or ALIAS)
|
|
63
|
+
*/
|
|
64
|
+
type?: pulumi.Input<string>;
|
|
65
|
+
/**
|
|
66
|
+
* DNS record value (IP addresses for A records, domain name for CNAME/ALIAS)
|
|
67
|
+
*/
|
|
68
|
+
value?: pulumi.Input<string>;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
export interface DomainDnsValidationRecord {
|
|
72
|
+
/**
|
|
73
|
+
* DNS record name (host/subdomain)
|
|
74
|
+
*/
|
|
75
|
+
name?: pulumi.Input<string>;
|
|
76
|
+
/**
|
|
77
|
+
* DNS record type (typically CNAME)
|
|
78
|
+
*/
|
|
79
|
+
type?: pulumi.Input<string>;
|
|
80
|
+
/**
|
|
81
|
+
* DNS record value to point to
|
|
82
|
+
*/
|
|
83
|
+
value?: pulumi.Input<string>;
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
export interface RuleAuthActionConfig {
|
|
87
|
+
/**
|
|
88
|
+
* Authentication password
|
|
89
|
+
*/
|
|
90
|
+
authPass?: pulumi.Input<string>;
|
|
91
|
+
/**
|
|
92
|
+
* Authentication username
|
|
93
|
+
*/
|
|
94
|
+
authUser?: pulumi.Input<string>;
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
export interface RuleBotChallengeActionConfig {
|
|
98
|
+
/**
|
|
99
|
+
* Challenge TTL in seconds
|
|
100
|
+
*/
|
|
101
|
+
robotChallengeChallengeTtl?: pulumi.Input<number>;
|
|
102
|
+
/**
|
|
103
|
+
* Challenge type (invisible or checkbox)
|
|
104
|
+
*/
|
|
105
|
+
robotChallengeType?: pulumi.Input<string>;
|
|
106
|
+
/**
|
|
107
|
+
* Verification TTL in seconds
|
|
108
|
+
*/
|
|
109
|
+
robotChallengeVerificationTtl?: pulumi.Input<number>;
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
export interface RuleContentFilterActionConfig {
|
|
113
|
+
/**
|
|
114
|
+
* Function UUID
|
|
115
|
+
*/
|
|
116
|
+
fnUuid?: pulumi.Input<string>;
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
export interface RuleCustomResponseActionConfig {
|
|
120
|
+
/**
|
|
121
|
+
* Custom response body content
|
|
122
|
+
*/
|
|
123
|
+
customResponseBody?: pulumi.Input<string>;
|
|
124
|
+
/**
|
|
125
|
+
* HTTP status code for custom response
|
|
126
|
+
*/
|
|
127
|
+
customResponseStatusCode?: pulumi.Input<number>;
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
export interface RuleFunctionActionConfig {
|
|
131
|
+
/**
|
|
132
|
+
* Function UUID
|
|
133
|
+
*/
|
|
134
|
+
fnUuid?: pulumi.Input<string>;
|
|
135
|
+
}
|
|
136
|
+
|
|
137
|
+
export interface RuleHeadersActionConfig {
|
|
138
|
+
/**
|
|
139
|
+
* Headers to set
|
|
140
|
+
*/
|
|
141
|
+
headers?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
export interface RuleProxyActionConfig {
|
|
145
|
+
/**
|
|
146
|
+
* Quant Cloud application container (required when applicationProxy is true)
|
|
147
|
+
*/
|
|
148
|
+
applicationContainer?: pulumi.Input<string>;
|
|
149
|
+
/**
|
|
150
|
+
* Quant Cloud application environment (required when applicationProxy is true)
|
|
151
|
+
*/
|
|
152
|
+
applicationEnvironment?: pulumi.Input<string>;
|
|
153
|
+
/**
|
|
154
|
+
* Quant Cloud application name (required when applicationProxy is true)
|
|
155
|
+
*/
|
|
156
|
+
applicationName?: pulumi.Input<string>;
|
|
157
|
+
/**
|
|
158
|
+
* Quant Cloud application port (required when applicationProxy is true)
|
|
159
|
+
*/
|
|
160
|
+
applicationPort?: pulumi.Input<number>;
|
|
161
|
+
/**
|
|
162
|
+
* Enable Quant Cloud application proxy mode
|
|
163
|
+
*/
|
|
164
|
+
applicationProxy?: pulumi.Input<boolean>;
|
|
165
|
+
/**
|
|
166
|
+
* Basic auth password
|
|
167
|
+
*/
|
|
168
|
+
authPass?: pulumi.Input<string>;
|
|
169
|
+
/**
|
|
170
|
+
* Basic auth username
|
|
171
|
+
*/
|
|
172
|
+
authUser?: pulumi.Input<string>;
|
|
173
|
+
/**
|
|
174
|
+
* Cache lifetime
|
|
175
|
+
*/
|
|
176
|
+
cacheLifetime?: pulumi.Input<string>;
|
|
177
|
+
/**
|
|
178
|
+
* Disable SSL verification
|
|
179
|
+
*/
|
|
180
|
+
disableSslVerify?: pulumi.Input<boolean>;
|
|
181
|
+
/**
|
|
182
|
+
* Failover cache lifetime
|
|
183
|
+
*/
|
|
184
|
+
failoverLifetime?: pulumi.Input<string>;
|
|
185
|
+
/**
|
|
186
|
+
* Enable failover mode
|
|
187
|
+
*/
|
|
188
|
+
failoverMode?: pulumi.Input<boolean>;
|
|
189
|
+
/**
|
|
190
|
+
* Status codes for failover (default: 200,404,301,302,304)
|
|
191
|
+
*/
|
|
192
|
+
failoverOriginStatusCodes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
193
|
+
/**
|
|
194
|
+
* Failover TTFB threshold
|
|
195
|
+
*/
|
|
196
|
+
failoverOriginTtfb?: pulumi.Input<string>;
|
|
197
|
+
/**
|
|
198
|
+
* Host header override
|
|
199
|
+
*/
|
|
200
|
+
host?: pulumi.Input<string>;
|
|
201
|
+
/**
|
|
202
|
+
* Headers to inject
|
|
203
|
+
*/
|
|
204
|
+
injectHeaders?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
|
|
205
|
+
/**
|
|
206
|
+
* Notification type (none, slack)
|
|
207
|
+
*/
|
|
208
|
+
notify?: pulumi.Input<string>;
|
|
209
|
+
/**
|
|
210
|
+
* Notification configuration (required when notify is slack)
|
|
211
|
+
*/
|
|
212
|
+
notifyConfig?: pulumi.Input<inputs.RuleProxyActionConfigNotifyConfig>;
|
|
213
|
+
/**
|
|
214
|
+
* Only proxy 404 responses
|
|
215
|
+
*/
|
|
216
|
+
onlyProxy404?: pulumi.Input<boolean>;
|
|
217
|
+
/**
|
|
218
|
+
* Origin timeout
|
|
219
|
+
*/
|
|
220
|
+
originTimeout?: pulumi.Input<string>;
|
|
221
|
+
/**
|
|
222
|
+
* Proxy alert enabled
|
|
223
|
+
*/
|
|
224
|
+
proxyAlertEnabled?: pulumi.Input<boolean>;
|
|
225
|
+
/**
|
|
226
|
+
* Proxy inline function enabled
|
|
227
|
+
*/
|
|
228
|
+
proxyInlineFnEnabled?: pulumi.Input<boolean>;
|
|
229
|
+
/**
|
|
230
|
+
* Headers to strip from response
|
|
231
|
+
*/
|
|
232
|
+
proxyStripHeaders?: pulumi.Input<pulumi.Input<string>[]>;
|
|
233
|
+
/**
|
|
234
|
+
* Headers to strip from request
|
|
235
|
+
*/
|
|
236
|
+
proxyStripRequestHeaders?: pulumi.Input<pulumi.Input<string>[]>;
|
|
237
|
+
/**
|
|
238
|
+
* Quant Cloud application proxy selection (populated automatically when applicationProxy is enabled)
|
|
239
|
+
*/
|
|
240
|
+
quantCloudSelection?: pulumi.Input<inputs.RuleProxyActionConfigQuantCloudSelection>;
|
|
241
|
+
/**
|
|
242
|
+
* Static error page content (HTML) to serve on origin errors
|
|
243
|
+
*/
|
|
244
|
+
staticErrorPage?: pulumi.Input<string>;
|
|
245
|
+
/**
|
|
246
|
+
* Origin status codes that trigger static error page
|
|
247
|
+
*/
|
|
248
|
+
staticErrorPageStatusCodes?: pulumi.Input<pulumi.Input<string>[]>;
|
|
249
|
+
/**
|
|
250
|
+
* Target URL to proxy to
|
|
251
|
+
*/
|
|
252
|
+
to?: pulumi.Input<string>;
|
|
253
|
+
/**
|
|
254
|
+
* Web Application Firewall configuration
|
|
255
|
+
*/
|
|
256
|
+
wafConfig?: pulumi.Input<inputs.RuleProxyActionConfigWafConfig>;
|
|
257
|
+
/**
|
|
258
|
+
* WAF enabled
|
|
259
|
+
*/
|
|
260
|
+
wafEnabled?: pulumi.Input<boolean>;
|
|
261
|
+
}
|
|
262
|
+
|
|
263
|
+
export interface RuleProxyActionConfigNotifyConfig {
|
|
264
|
+
/**
|
|
265
|
+
* Slack webhook URL
|
|
266
|
+
*/
|
|
267
|
+
webhookUrl?: pulumi.Input<string>;
|
|
268
|
+
}
|
|
269
|
+
|
|
270
|
+
export interface RuleProxyActionConfigQuantCloudSelection {
|
|
271
|
+
/**
|
|
272
|
+
* Application name
|
|
273
|
+
*/
|
|
274
|
+
app?: pulumi.Input<string>;
|
|
275
|
+
/**
|
|
276
|
+
* Container name
|
|
277
|
+
*/
|
|
278
|
+
container?: pulumi.Input<string>;
|
|
279
|
+
/**
|
|
280
|
+
* Environment name
|
|
281
|
+
*/
|
|
282
|
+
env?: pulumi.Input<string>;
|
|
283
|
+
/**
|
|
284
|
+
* Container port
|
|
285
|
+
*/
|
|
286
|
+
port?: pulumi.Input<number>;
|
|
287
|
+
}
|
|
288
|
+
|
|
289
|
+
export interface RuleProxyActionConfigWafConfig {
|
|
290
|
+
/**
|
|
291
|
+
* IP addresses to allow
|
|
292
|
+
*/
|
|
293
|
+
allowIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
294
|
+
/**
|
|
295
|
+
* WAF rule IDs to allow/whitelist
|
|
296
|
+
*/
|
|
297
|
+
allowRules?: pulumi.Input<pulumi.Input<string>[]>;
|
|
298
|
+
/**
|
|
299
|
+
* ASN numbers to block
|
|
300
|
+
*/
|
|
301
|
+
blockAsns?: pulumi.Input<pulumi.Input<string>[]>;
|
|
302
|
+
/**
|
|
303
|
+
* IP addresses to block
|
|
304
|
+
*/
|
|
305
|
+
blockIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
306
|
+
/**
|
|
307
|
+
* Enable predefined block lists
|
|
308
|
+
*/
|
|
309
|
+
blockLists?: pulumi.Input<inputs.RuleProxyActionConfigWafConfigBlockLists>;
|
|
310
|
+
/**
|
|
311
|
+
* Referer patterns to block
|
|
312
|
+
*/
|
|
313
|
+
blockReferers?: pulumi.Input<pulumi.Input<string>[]>;
|
|
314
|
+
/**
|
|
315
|
+
* User agent patterns to block
|
|
316
|
+
*/
|
|
317
|
+
blockUas?: pulumi.Input<pulumi.Input<string>[]>;
|
|
318
|
+
/**
|
|
319
|
+
* Project Honey Pot HTTP:BL configuration
|
|
320
|
+
*/
|
|
321
|
+
httpbl?: pulumi.Input<inputs.RuleProxyActionConfigWafConfigHttpbl>;
|
|
322
|
+
/**
|
|
323
|
+
* WAF operation mode
|
|
324
|
+
*/
|
|
325
|
+
mode?: pulumi.Input<string>;
|
|
326
|
+
/**
|
|
327
|
+
* Email addresses for notifications
|
|
328
|
+
*/
|
|
329
|
+
notifyEmails?: pulumi.Input<pulumi.Input<string>[]>;
|
|
330
|
+
/**
|
|
331
|
+
* Slack webhook URL for notifications
|
|
332
|
+
*/
|
|
333
|
+
notifySlack?: pulumi.Input<string>;
|
|
334
|
+
/**
|
|
335
|
+
* Minimum hits per minute to trigger Slack notification
|
|
336
|
+
*/
|
|
337
|
+
notifySlackHitsRpm?: pulumi.Input<number>;
|
|
338
|
+
/**
|
|
339
|
+
* OWASP paranoia level
|
|
340
|
+
*/
|
|
341
|
+
paranoiaLevel?: pulumi.Input<number>;
|
|
342
|
+
/**
|
|
343
|
+
* Rate limiting thresholds
|
|
344
|
+
*/
|
|
345
|
+
thresholds?: pulumi.Input<pulumi.Input<inputs.RuleProxyActionConfigWafConfigThreshold>[]>;
|
|
346
|
+
}
|
|
347
|
+
|
|
348
|
+
export interface RuleProxyActionConfigWafConfigBlockLists {
|
|
349
|
+
/**
|
|
350
|
+
* Block AI crawlers
|
|
351
|
+
*/
|
|
352
|
+
ai?: pulumi.Input<boolean>;
|
|
353
|
+
/**
|
|
354
|
+
* Block known bad IPs
|
|
355
|
+
*/
|
|
356
|
+
ip?: pulumi.Input<boolean>;
|
|
357
|
+
/**
|
|
358
|
+
* Block known bad referers
|
|
359
|
+
*/
|
|
360
|
+
referer?: pulumi.Input<boolean>;
|
|
361
|
+
/**
|
|
362
|
+
* Block known bad user agents
|
|
363
|
+
*/
|
|
364
|
+
userAgent?: pulumi.Input<boolean>;
|
|
365
|
+
}
|
|
366
|
+
|
|
367
|
+
export interface RuleProxyActionConfigWafConfigHttpbl {
|
|
368
|
+
/**
|
|
369
|
+
* Block email harvesters
|
|
370
|
+
*/
|
|
371
|
+
blockHarvester?: pulumi.Input<boolean>;
|
|
372
|
+
/**
|
|
373
|
+
* Block search engines
|
|
374
|
+
*/
|
|
375
|
+
blockSearchEngine?: pulumi.Input<boolean>;
|
|
376
|
+
/**
|
|
377
|
+
* Block spam sources
|
|
378
|
+
*/
|
|
379
|
+
blockSpam?: pulumi.Input<boolean>;
|
|
380
|
+
/**
|
|
381
|
+
* Block suspicious IPs
|
|
382
|
+
*/
|
|
383
|
+
blockSuspicious?: pulumi.Input<boolean>;
|
|
384
|
+
/**
|
|
385
|
+
* Enable HTTP:BL
|
|
386
|
+
*/
|
|
387
|
+
httpblEnabled?: pulumi.Input<boolean>;
|
|
388
|
+
/**
|
|
389
|
+
* HTTP:BL API key
|
|
390
|
+
*/
|
|
391
|
+
httpblKey?: pulumi.Input<string>;
|
|
392
|
+
}
|
|
393
|
+
|
|
394
|
+
export interface RuleProxyActionConfigWafConfigThreshold {
|
|
395
|
+
/**
|
|
396
|
+
* Cooldown period in seconds
|
|
397
|
+
*/
|
|
398
|
+
cooldown?: pulumi.Input<number>;
|
|
399
|
+
/**
|
|
400
|
+
* Hit count limit (for waf_hit_by_ip)
|
|
401
|
+
*/
|
|
402
|
+
hits?: pulumi.Input<number>;
|
|
403
|
+
/**
|
|
404
|
+
* Time window in minutes (for waf_hit_by_ip)
|
|
405
|
+
*/
|
|
406
|
+
minutes?: pulumi.Input<number>;
|
|
407
|
+
/**
|
|
408
|
+
* Threshold enforcement mode
|
|
409
|
+
*/
|
|
410
|
+
mode?: pulumi.Input<string>;
|
|
411
|
+
/**
|
|
412
|
+
* Slack webhook for this threshold
|
|
413
|
+
*/
|
|
414
|
+
notifySlack?: pulumi.Input<string>;
|
|
415
|
+
/**
|
|
416
|
+
* Requests per second limit (for ip/header)
|
|
417
|
+
*/
|
|
418
|
+
rps?: pulumi.Input<number>;
|
|
419
|
+
/**
|
|
420
|
+
* Threshold type
|
|
421
|
+
*/
|
|
422
|
+
type?: pulumi.Input<string>;
|
|
423
|
+
/**
|
|
424
|
+
* Header name (for header type)
|
|
425
|
+
*/
|
|
426
|
+
value?: pulumi.Input<string>;
|
|
427
|
+
}
|
|
428
|
+
|
|
429
|
+
export interface RuleProxyWafConfig {
|
|
430
|
+
/**
|
|
431
|
+
* IP addresses to allow
|
|
432
|
+
*/
|
|
433
|
+
allowIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
434
|
+
/**
|
|
435
|
+
* WAF rule IDs to allow/whitelist
|
|
436
|
+
*/
|
|
437
|
+
allowRules?: pulumi.Input<pulumi.Input<string>[]>;
|
|
438
|
+
/**
|
|
439
|
+
* ASN numbers to block
|
|
440
|
+
*/
|
|
441
|
+
blockAsns?: pulumi.Input<pulumi.Input<string>[]>;
|
|
442
|
+
/**
|
|
443
|
+
* IP addresses to block
|
|
444
|
+
*/
|
|
445
|
+
blockIps?: pulumi.Input<pulumi.Input<string>[]>;
|
|
446
|
+
/**
|
|
447
|
+
* Enable predefined block lists
|
|
448
|
+
*/
|
|
449
|
+
blockLists?: pulumi.Input<inputs.RuleProxyWafConfigBlockLists>;
|
|
450
|
+
/**
|
|
451
|
+
* Referer patterns to block
|
|
452
|
+
*/
|
|
453
|
+
blockReferers?: pulumi.Input<pulumi.Input<string>[]>;
|
|
454
|
+
/**
|
|
455
|
+
* User agent patterns to block
|
|
456
|
+
*/
|
|
457
|
+
blockUas?: pulumi.Input<pulumi.Input<string>[]>;
|
|
458
|
+
/**
|
|
459
|
+
* Project Honey Pot HTTP:BL configuration
|
|
460
|
+
*/
|
|
461
|
+
httpbl?: pulumi.Input<inputs.RuleProxyWafConfigHttpbl>;
|
|
462
|
+
/**
|
|
463
|
+
* WAF operation mode
|
|
464
|
+
*/
|
|
465
|
+
mode?: pulumi.Input<string>;
|
|
466
|
+
/**
|
|
467
|
+
* Email addresses for notifications
|
|
468
|
+
*/
|
|
469
|
+
notifyEmails?: pulumi.Input<pulumi.Input<string>[]>;
|
|
470
|
+
/**
|
|
471
|
+
* Slack webhook URL for notifications
|
|
472
|
+
*/
|
|
473
|
+
notifySlack?: pulumi.Input<string>;
|
|
474
|
+
/**
|
|
475
|
+
* Minimum hits per minute to trigger Slack notification
|
|
476
|
+
*/
|
|
477
|
+
notifySlackHitsRpm?: pulumi.Input<number>;
|
|
478
|
+
/**
|
|
479
|
+
* OWASP paranoia level
|
|
480
|
+
*/
|
|
481
|
+
paranoiaLevel?: pulumi.Input<number>;
|
|
482
|
+
/**
|
|
483
|
+
* Rate limiting thresholds
|
|
484
|
+
*/
|
|
485
|
+
thresholds?: pulumi.Input<pulumi.Input<inputs.RuleProxyWafConfigThreshold>[]>;
|
|
486
|
+
}
|
|
487
|
+
|
|
488
|
+
export interface RuleProxyWafConfigBlockLists {
|
|
489
|
+
/**
|
|
490
|
+
* Block AI crawlers
|
|
491
|
+
*/
|
|
492
|
+
ai?: pulumi.Input<boolean>;
|
|
493
|
+
/**
|
|
494
|
+
* Block known bad IPs
|
|
495
|
+
*/
|
|
496
|
+
ip?: pulumi.Input<boolean>;
|
|
497
|
+
/**
|
|
498
|
+
* Block known bad referers
|
|
499
|
+
*/
|
|
500
|
+
referer?: pulumi.Input<boolean>;
|
|
501
|
+
/**
|
|
502
|
+
* Block known bad user agents
|
|
503
|
+
*/
|
|
504
|
+
userAgent?: pulumi.Input<boolean>;
|
|
505
|
+
}
|
|
506
|
+
|
|
507
|
+
export interface RuleProxyWafConfigHttpbl {
|
|
508
|
+
/**
|
|
509
|
+
* Block email harvesters
|
|
510
|
+
*/
|
|
511
|
+
blockHarvester?: pulumi.Input<boolean>;
|
|
512
|
+
/**
|
|
513
|
+
* Block search engines
|
|
514
|
+
*/
|
|
515
|
+
blockSearchEngine?: pulumi.Input<boolean>;
|
|
516
|
+
/**
|
|
517
|
+
* Block spam sources
|
|
518
|
+
*/
|
|
519
|
+
blockSpam?: pulumi.Input<boolean>;
|
|
520
|
+
/**
|
|
521
|
+
* Block suspicious IPs
|
|
522
|
+
*/
|
|
523
|
+
blockSuspicious?: pulumi.Input<boolean>;
|
|
524
|
+
/**
|
|
525
|
+
* Enable HTTP:BL
|
|
526
|
+
*/
|
|
527
|
+
httpblEnabled?: pulumi.Input<boolean>;
|
|
528
|
+
/**
|
|
529
|
+
* HTTP:BL API key
|
|
530
|
+
*/
|
|
531
|
+
httpblKey?: pulumi.Input<string>;
|
|
532
|
+
}
|
|
533
|
+
|
|
534
|
+
export interface RuleProxyWafConfigThreshold {
|
|
535
|
+
/**
|
|
536
|
+
* Cooldown period in seconds
|
|
537
|
+
*/
|
|
538
|
+
cooldown?: pulumi.Input<number>;
|
|
539
|
+
/**
|
|
540
|
+
* Hit count limit (for waf_hit_by_ip)
|
|
541
|
+
*/
|
|
542
|
+
hits?: pulumi.Input<number>;
|
|
543
|
+
/**
|
|
544
|
+
* Time window in minutes (for waf_hit_by_ip)
|
|
545
|
+
*/
|
|
546
|
+
minutes?: pulumi.Input<number>;
|
|
547
|
+
/**
|
|
548
|
+
* Threshold enforcement mode
|
|
549
|
+
*/
|
|
550
|
+
mode?: pulumi.Input<string>;
|
|
551
|
+
/**
|
|
552
|
+
* Slack webhook for this threshold
|
|
553
|
+
*/
|
|
554
|
+
notifySlack?: pulumi.Input<string>;
|
|
555
|
+
/**
|
|
556
|
+
* Requests per second limit (for ip/header)
|
|
557
|
+
*/
|
|
558
|
+
rps?: pulumi.Input<number>;
|
|
559
|
+
/**
|
|
560
|
+
* Threshold type
|
|
561
|
+
*/
|
|
562
|
+
type?: pulumi.Input<string>;
|
|
563
|
+
/**
|
|
564
|
+
* Header name (for header type)
|
|
565
|
+
*/
|
|
566
|
+
value?: pulumi.Input<string>;
|
|
567
|
+
}
|
|
568
|
+
|
|
569
|
+
export interface RuleRedirectActionConfig {
|
|
570
|
+
/**
|
|
571
|
+
* HTTP status code for redirect
|
|
572
|
+
*/
|
|
573
|
+
statusCode?: pulumi.Input<string>;
|
|
574
|
+
/**
|
|
575
|
+
* Redirect destination URL
|
|
576
|
+
*/
|
|
577
|
+
to?: pulumi.Input<string>;
|
|
578
|
+
}
|
|
579
|
+
|
|
580
|
+
export interface RuleServeStaticActionConfig {
|
|
581
|
+
/**
|
|
582
|
+
* Path to the static file to serve
|
|
583
|
+
*/
|
|
584
|
+
staticFilePath?: pulumi.Input<string>;
|
|
585
|
+
}
|