npm - @robinmordasiewicz/f5xc-terraform-mcp - Versions diffs - 2.3.0 → 2.4.3 - Mend

@robinmordasiewicz/f5xc-terraform-mcp 2.3.0 → 2.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (572) hide show

package/dist/docs/resources/service_policy_rule.md ADDED Viewed

@@ -0,0 +1,609 @@
+---
+page_title: "f5xc_service_policy_rule Resource - terraform-provider-f5xc"
+subcategory: "Security"
+description: |-
+  [Namespace: required] Manages service_policy_rule creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.
+---
+# f5xc_service_policy_rule (Resource)
+[Namespace: required] Manages service_policy_rule creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.
+~> **Note** Please refer to [Service Policy Rule API docs](https://docs.cloud.f5.com/docs-v2/api/service-policy-rule) to learn more.
+## Example Usage
+```terraform
+# Service Policy Rule Resource Example
+# [Namespace: required] Manages service_policy_rule creates a new object in the storage backend for metadata.namespace. in F5 Distributed Cloud.
+# Basic Service Policy Rule configuration
+resource "f5xc_service_policy_rule" "example" {
+  name      = "example-service-policy-rule"
+  namespace = "shared"
+  labels = {
+    environment = "production"
+    managed_by  = "terraform"
+  }
+  annotations = {
+    "owner" = "platform-team"
+  }
+  # Resource-specific configuration
+  # [OneOf: any_asn, asn_list, asn_matcher] Enable this option
+  any_asn {
+    # Configure any_asn settings
+  }
+  # [OneOf: any_client, client_name, client_name_matcher, cli...
+  any_client {
+    # Configure any_client settings
+  }
+  # [OneOf: any_ip, ip_matcher, ip_prefix_list] Enable this o...
+  any_ip {
+    # Configure any_ip settings
+  }
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Argument Reference
+### Metadata Argument Reference
+<a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the Service Policy Rule. Must be unique within the namespace
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Required String<br>Namespace where the Service Policy Rule will be created
+<a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
+<a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
+<a id="disable"></a>&#x2022; [`disable`](#disable) - Optional Bool<br>A value of true will administratively disable the object
+<a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
+### Spec Argument Reference
+<a id="action"></a>&#x2022; [`action`](#action) - Optional String  Defaults to `DENY`<br>Possible values are `DENY`, `ALLOW`, `NEXT_POLICY`<br>[Enum: DENY|ALLOW|NEXT_POLICY] Rule Action. The rule action determines the disposition of the input request API. If a policy matches a rule with an ALLOW action, the processing of the request proceeds forward. If it matches a rule with a DENY action, the processing of the request is terminated and an appropriate message/code returned to the originator. If it matches a rule with a NEXT_POLICY_SET action, evaluation of the current policy set terminates and evaluation of the next policy set in the chain begins. - DENY: DENY Deny the request. - ALLOW: ALLOW Allow the request to proceed. - NEXT_POLICY_SET: NEXT_POLICY_SET Terminate evaluation of the current policy set and begin evaluating the next policy set in the chain. Note that the evaluation of any remaining policies in the current policy set is skipped. - NEXT_POLICY: NEXT_POLICY Terminate evaluation of the current policy and begin evaluating the next policy in the policy set. Note that the evaluation of any remaining rules in the current policy is skipped. - LAST_POLICY: LAST_POLICY Terminate evaluation of the current policy and begin evaluating the last policy in the policy set. Note that the evaluation of any remaining rules in the current policy is skipped. - GOTO_POLICY: GOTO_POLICY Terminate evaluation of the current policy and begin evaluating a specific policy in the policy set. The policy is specified using the goto_policy field in the rule and must be after the current policy in the policy set
+-> **One of the following:**
+&#x2022; <a id="any-asn"></a>[`any_asn`](#any-asn) - Optional Block<br>Enable this option
+<br><br>&#x2022; <a id="asn-list"></a>[`asn_list`](#asn-list) - Optional Block<br>ASN Match List. An unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer<br>See [Asn List](#asn-list) below for details.
+<br><br>&#x2022; <a id="asn-matcher"></a>[`asn_matcher`](#asn-matcher) - Optional Block<br>ASN Matcher. Match any AS number contained in the list of bgp_asn_sets<br>See [Asn Matcher](#asn-matcher) below for details.
+-> **One of the following:**
+&#x2022; <a id="any-client"></a>[`any_client`](#any-client) - Optional Block<br>Enable this option
+<br><br>&#x2022; <a id="client-name"></a>[`client_name`](#client-name) - Optional String<br>Client Name. The expected name of the client invoking the request API. The predicate evaluates to true if any of the actual names is the same as the expected client name
+<br><br>&#x2022; <a id="client-name-matcher"></a>[`client_name_matcher`](#client-name-matcher) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Client Name Matcher](#client-name-matcher) below for details.
+<br><br>&#x2022; <a id="client-selector"></a>[`client_selector`](#client-selector) - Optional Block<br>Label Selector. This type can be used to establish a 'selector reference' from one object(called selector) to a set of other objects(called selectees) based on the value of expresssions. A label selector is a label query over a set of resources. An empty label selector matches all objects. A null label selector matches no objects. Label selector is immutable. expressions is a list of strings of label selection expression. Each string has ',' separated values which are 'AND' and all strings are logically 'OR'. BNF for expression string `<selector-syntax>` ::= `<requirement>` | `<requirement>` ',' `<selector-syntax>` `<requirement>` ::= [!] KEY [ `<set-based-restriction>` | `<exact-match-restriction>` ] `<set-based-restriction>` ::= '' | `<inclusion-exclusion>` `<value-set>` `<inclusion-exclusion>` ::= `<inclusion>` | `<exclusion>` `<exclusion>` ::= 'notin' `<inclusion>` ::= 'in' `<value-set>` ::= '(' `<values>` ')' `<values>` ::= VALUE | VALUE ',' `<values>` `<exact-match-restriction>` ::= ['='|'=='|'!='] VALUE<br>See [Client Selector](#client-selector) below for details.
+<br><br>&#x2022; <a id="ip-threat-category-list"></a>[`ip_threat_category_list`](#ip-threat-category-list) - Optional Block<br>IP Threat Category List Type. List of IP threat categories<br>See [IP Threat Category List](#ip-threat-category-list) below for details.
+-> **One of the following:**
+&#x2022; <a id="any-ip"></a>[`any_ip`](#any-ip) - Optional Block<br>Enable this option
+<br><br>&#x2022; <a id="ip-matcher"></a>[`ip_matcher`](#ip-matcher) - Optional Block<br>IP Prefix Matcher. Match any IP prefix contained in the list of ip_prefix_sets. The result of the match is inverted if invert_matcher is true<br>See [IP Matcher](#ip-matcher) below for details.
+<br><br>&#x2022; <a id="ip-prefix-list"></a>[`ip_prefix_list`](#ip-prefix-list) - Optional Block<br>IP Prefix Match List. List of IP Prefix strings to match against<br>See [IP Prefix List](#ip-prefix-list) below for details.
+<a id="api-group-matcher"></a>&#x2022; [`api_group_matcher`](#api-group-matcher) - Optional Block<br>String Matcher. A matcher specifies a list of values for matching an input string. The match is considered successful if the input value is present in the list. The result of the match is inverted if invert_matcher is true<br>See [API Group Matcher](#api-group-matcher) below for details.
+<a id="arg-matchers"></a>&#x2022; [`arg_matchers`](#arg-matchers) - Optional Block<br>Argument Matchers. A list of predicates for all POST args that need to be matched. The criteria for matching each arg are described in individual instances of ArgMatcherType. The actual arg values are extracted from the request API as a list of strings for each arg selector name. Note that all specified arg matcher predicates must evaluate to true<br>See [Arg Matchers](#arg-matchers) below for details.
+<a id="body-matcher"></a>&#x2022; [`body_matcher`](#body-matcher) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Body Matcher](#body-matcher) below for details.
+<a id="bot-action"></a>&#x2022; [`bot_action`](#bot-action) - Optional Block<br>Bot Action. Modify Bot protection behavior for a matching request. The modification could be to entirely skip Bot processing<br>See [Bot Action](#bot-action) below for details.
+<a id="cookie-matchers"></a>&#x2022; [`cookie_matchers`](#cookie-matchers) - Optional Block<br>Cookie Matchers. A list of predicates for all cookies that need to be matched. The criteria for matching each cookie is described in individual instances of CookieMatcherType. The actual cookie values are extracted from the request API as a list of strings for each cookie name. Note that all specified cookie matcher predicates must evaluate to true<br>See [Cookie Matchers](#cookie-matchers) below for details.
+<a id="domain-matcher"></a>&#x2022; [`domain_matcher`](#domain-matcher) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Domain Matcher](#domain-matcher) below for details.
+<a id="expiration-timestamp"></a>&#x2022; [`expiration_timestamp`](#expiration-timestamp) - Optional String<br>Expiration Timestamp. The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore
+<a id="headers"></a>&#x2022; [`headers`](#headers) - Optional Block<br>HTTP Headers. A list of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type. Note that all specified header predicates must evaluate to true<br>See [Headers](#headers) below for details.
+<a id="http-method"></a>&#x2022; [`http_method`](#http-method) - Optional Block<br>HTTP Method Matcher. A HTTP method matcher specifies a list of methods to match an input HTTP method. The match is considered successful if the input method is a member of the list. The result of the match based on the method list is inverted if invert_matcher is true<br>See [HTTP Method](#http-method) below for details.
+-> **One of the following:**
+&#x2022; <a id="ja4-tls-fingerprint"></a>[`ja4_tls_fingerprint`](#ja4-tls-fingerprint) - Optional Block<br>JA4 TLS Fingerprint Matcher. An extended version of JA3 that includes additional fields for more comprehensive fingerprinting of SSL/TLS clients and potentially has a different structure and length<br>See [Ja4 TLS Fingerprint](#ja4-tls-fingerprint) below for details.
+<br><br>&#x2022; <a id="tls-fingerprint-matcher"></a>[`tls_fingerprint_matcher`](#tls-fingerprint-matcher) - Optional Block<br>TLS Fingerprint Matcher. A TLS fingerprint matcher specifies multiple criteria for matching a TLS fingerprint. The set of supported positve match criteria includes a list of known classes of TLS fingerprints and a list of exact values. The match is considered successful if either of these positive criteria are satisfied and the input fingerprint is not one of the excluded values
+<a id="jwt-claims"></a>&#x2022; [`jwt_claims`](#jwt-claims) - Optional Block<br>JWT Claims. A list of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType instances. The actual JWT claims values are extracted from the JWT payload as a list of strings. Note that all specified JWT claim predicates must evaluate to true<br>See [JWT Claims](#jwt-claims) below for details.
+<a id="label-matcher"></a>&#x2022; [`label_matcher`](#label-matcher) - Optional Block<br>Label Matcher. A label matcher specifies a list of label keys whose values need to match for source/client and destination/server. Note that the actual label values are not specified and do not matter. This allows an ability to scope grouping by the label key name<br>See [Label Matcher](#label-matcher) below for details.
+<a id="mum-action"></a>&#x2022; [`mum_action`](#mum-action) - Optional Block<br>Select Modification Action. Modify behavior for a matching request. The modification could be to entirely skip processing<br>See [Mum Action](#mum-action) below for details.
+<a id="path"></a>&#x2022; [`path`](#path) - Optional Block<br>Path Matcher. A path matcher specifies multiple criteria for matching an HTTP path string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of path prefixes, a list of exact path values and a list of regular expressions<br>See [Path](#path) below for details.
+<a id="port-matcher"></a>&#x2022; [`port_matcher`](#port-matcher) - Optional Block<br>Port Matcher. A port matcher specifies a list of port ranges as match criteria. The match is considered successful if the input port falls within any of the port ranges. The result of the match is inverted if invert_matcher is true<br>See [Port Matcher](#port-matcher) below for details.
+<a id="query-params"></a>&#x2022; [`query_params`](#query-params) - Optional Block<br>HTTP Query Parameters. A list of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query parameter name. Note that all specified query parameter predicates must evaluate to true<br>See [Query Params](#query-params) below for details.
+<a id="request-constraints"></a>&#x2022; [`request_constraints`](#request-constraints) - Optional Block<br>Request Constraints<br>See [Request Constraints](#request-constraints) below for details.
+<a id="segment-policy"></a>&#x2022; [`segment_policy`](#segment-policy) - Optional Block<br>Configure Segments. Configure source and destination segment for policy
+<a id="timeouts"></a>&#x2022; [`timeouts`](#timeouts) - Optional Block
+<a id="waf-action"></a>&#x2022; [`waf_action`](#waf-action) - Optional Block<br>App Firewall Action. Modify App Firewall behavior for a matching request. The modification could either be to entirely skip firewall processing or to customize the firewall rules to be applied as defined by App Firewall Rule Control settings
+### Attributes Reference
+In addition to all arguments above, the following attributes are exported:
+<a id="id"></a>&#x2022; [`id`](#id) - Optional String<br>Unique identifier for the resource
+---
+#### API Group Matcher
+An [`api_group_matcher`](#api-group-matcher) block supports the following:
+<a id="api-group-matcher-invert-matcher"></a>&#x2022; [`invert_matcher`](#api-group-matcher-invert-matcher) - Optional Bool<br>Invert String Matcher. Invert the match result
+<a id="api-group-matcher-match"></a>&#x2022; [`match`](#api-group-matcher-match) - Optional List<br>Exact Values. A list of exact values to match the input against
+#### Arg Matchers
+An [`arg_matchers`](#arg-matchers) block supports the following:
+<a id="arg-matchers-check-not-present"></a>&#x2022; [`check_not_present`](#arg-matchers-check-not-present) - Optional Block<br>Enable this option
+<a id="arg-matchers-check-present"></a>&#x2022; [`check_present`](#arg-matchers-check-present) - Optional Block<br>Enable this option
+<a id="arg-matchers-invert-matcher"></a>&#x2022; [`invert_matcher`](#arg-matchers-invert-matcher) - Optional Bool<br>Invert Matcher. Invert Match of the expression defined
+<a id="arg-matchers-item"></a>&#x2022; [`item`](#arg-matchers-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#arg-matchers-item) below.
+<a id="arg-matchers-name"></a>&#x2022; [`name`](#arg-matchers-name) - Optional String<br>Argument Name. A case-sensitive JSON path in the HTTP request body
+#### Arg Matchers Item
+An [`item`](#arg-matchers-item) block (within [`arg_matchers`](#arg-matchers)) supports the following:
+<a id="arg-matchers-item-exact-values"></a>&#x2022; [`exact_values`](#arg-matchers-item-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="arg-matchers-item-regex-values"></a>&#x2022; [`regex_values`](#arg-matchers-item-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+<a id="arg-matchers-item-transformers"></a>&#x2022; [`transformers`](#arg-matchers-item-transformers) - Optional List  Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
+#### Asn List
+An [`asn_list`](#asn-list) block supports the following:
+<a id="asn-list-as-numbers"></a>&#x2022; [`as_numbers`](#asn-list-as-numbers) - Optional List<br>AS Numbers. An unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer
+#### Asn Matcher
+An [`asn_matcher`](#asn-matcher) block supports the following:
+<a id="asn-matcher-asn-sets"></a>&#x2022; [`asn_sets`](#asn-matcher-asn-sets) - Optional Block<br>BGP ASN Sets. A list of references to bgp_asn_set objects<br>See [Asn Sets](#asn-matcher-asn-sets) below.
+#### Asn Matcher Asn Sets
+An [`asn_sets`](#asn-matcher-asn-sets) block (within [`asn_matcher`](#asn-matcher)) supports the following:
+<a id="asn-matcher-asn-sets-kind"></a>&#x2022; [`kind`](#asn-matcher-asn-sets-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+<a id="asn-matcher-asn-sets-name"></a>&#x2022; [`name`](#asn-matcher-asn-sets-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+<a id="asn-matcher-asn-sets-namespace"></a>&#x2022; [`namespace`](#asn-matcher-asn-sets-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+<a id="asn-matcher-asn-sets-tenant"></a>&#x2022; [`tenant`](#asn-matcher-asn-sets-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+<a id="asn-matcher-asn-sets-uid"></a>&#x2022; [`uid`](#asn-matcher-asn-sets-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+#### Body Matcher
+A [`body_matcher`](#body-matcher) block supports the following:
+<a id="body-matcher-exact-values"></a>&#x2022; [`exact_values`](#body-matcher-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="body-matcher-regex-values"></a>&#x2022; [`regex_values`](#body-matcher-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+<a id="body-matcher-transformers"></a>&#x2022; [`transformers`](#body-matcher-transformers) - Optional List  Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
+#### Bot Action
+A [`bot_action`](#bot-action) block supports the following:
+<a id="bot-action-bot-skip-processing"></a>&#x2022; [`bot_skip_processing`](#bot-action-bot-skip-processing) - Optional Block<br>Enable this option
+<a id="bot-action-none"></a>&#x2022; [`none`](#bot-action-none) - Optional Block<br>Enable this option
+#### Client Name Matcher
+A [`client_name_matcher`](#client-name-matcher) block supports the following:
+<a id="client-name-matcher-exact-values"></a>&#x2022; [`exact_values`](#client-name-matcher-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="client-name-matcher-regex-values"></a>&#x2022; [`regex_values`](#client-name-matcher-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+#### Client Selector
+A [`client_selector`](#client-selector) block supports the following:
+<a id="client-selector-expressions"></a>&#x2022; [`expressions`](#client-selector-expressions) - Optional List<br>Selector Expression. expressions contains the kubernetes style label expression for selections
+#### Cookie Matchers
+A [`cookie_matchers`](#cookie-matchers) block supports the following:
+<a id="cookie-matchers-check-not-present"></a>&#x2022; [`check_not_present`](#cookie-matchers-check-not-present) - Optional Block<br>Enable this option
+<a id="cookie-matchers-check-present"></a>&#x2022; [`check_present`](#cookie-matchers-check-present) - Optional Block<br>Enable this option
+<a id="cookie-matchers-invert-matcher"></a>&#x2022; [`invert_matcher`](#cookie-matchers-invert-matcher) - Optional Bool<br>Invert Matcher. Invert Match of the expression defined
+<a id="cookie-matchers-item"></a>&#x2022; [`item`](#cookie-matchers-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#cookie-matchers-item) below.
+<a id="cookie-matchers-name"></a>&#x2022; [`name`](#cookie-matchers-name) - Optional String<br>Cookie Name. A case-sensitive cookie name
+#### Cookie Matchers Item
+An [`item`](#cookie-matchers-item) block (within [`cookie_matchers`](#cookie-matchers)) supports the following:
+<a id="cookie-matchers-item-exact-values"></a>&#x2022; [`exact_values`](#cookie-matchers-item-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="cookie-matchers-item-regex-values"></a>&#x2022; [`regex_values`](#cookie-matchers-item-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+<a id="cookie-matchers-item-transformers"></a>&#x2022; [`transformers`](#cookie-matchers-item-transformers) - Optional List  Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
+#### Domain Matcher
+A [`domain_matcher`](#domain-matcher) block supports the following:
+<a id="domain-matcher-exact-values"></a>&#x2022; [`exact_values`](#domain-matcher-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="domain-matcher-regex-values"></a>&#x2022; [`regex_values`](#domain-matcher-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+#### Headers
+A [`headers`](#headers) block supports the following:
+<a id="headers-check-not-present"></a>&#x2022; [`check_not_present`](#headers-check-not-present) - Optional Block<br>Enable this option
+<a id="headers-check-present"></a>&#x2022; [`check_present`](#headers-check-present) - Optional Block<br>Enable this option
+<a id="headers-invert-matcher"></a>&#x2022; [`invert_matcher`](#headers-invert-matcher) - Optional Bool<br>Invert Header Matcher. Invert the match result
+<a id="headers-item"></a>&#x2022; [`item`](#headers-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#headers-item) below.
+<a id="headers-name"></a>&#x2022; [`name`](#headers-name) - Optional String<br>Header Name. A case-insensitive HTTP header name
+#### Headers Item
+An [`item`](#headers-item) block (within [`headers`](#headers)) supports the following:
+<a id="headers-item-exact-values"></a>&#x2022; [`exact_values`](#headers-item-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="headers-item-regex-values"></a>&#x2022; [`regex_values`](#headers-item-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+<a id="headers-item-transformers"></a>&#x2022; [`transformers`](#headers-item-transformers) - Optional List  Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
+#### HTTP Method
+A [`http_method`](#http-method) block supports the following:
+<a id="http-method-invert-matcher"></a>&#x2022; [`invert_matcher`](#http-method-invert-matcher) - Optional Bool<br>Invert Method Matcher. Invert the match result
+<a id="http-method-methods"></a>&#x2022; [`methods`](#http-method-methods) - Optional List  Defaults to `ANY`<br>Possible values are `ANY`, `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`, `COPY`<br>[Enum: ANY|GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH|COPY] Method List. List of methods values to match against
+#### IP Matcher
+An [`ip_matcher`](#ip-matcher) block supports the following:
+<a id="ip-matcher-invert-matcher"></a>&#x2022; [`invert_matcher`](#ip-matcher-invert-matcher) - Optional Bool<br>Invert IP Matcher. Invert the match result
+<a id="ip-matcher-prefix-sets"></a>&#x2022; [`prefix_sets`](#ip-matcher-prefix-sets) - Optional Block<br>IP Prefix Sets. A list of references to ip_prefix_set objects<br>See [Prefix Sets](#ip-matcher-prefix-sets) below.
+#### IP Matcher Prefix Sets
+A [`prefix_sets`](#ip-matcher-prefix-sets) block (within [`ip_matcher`](#ip-matcher)) supports the following:
+<a id="ip-matcher-prefix-sets-kind"></a>&#x2022; [`kind`](#ip-matcher-prefix-sets-kind) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
+<a id="ip-matcher-prefix-sets-name"></a>&#x2022; [`name`](#ip-matcher-prefix-sets-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+<a id="ip-matcher-prefix-sets-namespace"></a>&#x2022; [`namespace`](#ip-matcher-prefix-sets-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+<a id="ip-matcher-prefix-sets-tenant"></a>&#x2022; [`tenant`](#ip-matcher-prefix-sets-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+<a id="ip-matcher-prefix-sets-uid"></a>&#x2022; [`uid`](#ip-matcher-prefix-sets-uid) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
+#### IP Prefix List
+An [`ip_prefix_list`](#ip-prefix-list) block supports the following:
+<a id="ip-prefix-list-invert-match"></a>&#x2022; [`invert_match`](#ip-prefix-list-invert-match) - Optional Bool<br>Invert Match Result. Invert the match result
+<a id="ip-prefix-list-ip-prefixes"></a>&#x2022; [`ip_prefixes`](#ip-prefix-list-ip-prefixes) - Optional List<br>IPv4 Prefix List. List of IPv4 prefix strings
+#### IP Threat Category List
+An [`ip_threat_category_list`](#ip-threat-category-list) block supports the following:
+<a id="ip-threat-category-list-ip-threat-categories"></a>&#x2022; [`ip_threat_categories`](#ip-threat-category-list-ip-threat-categories) - Optional List  Defaults to `SPAM_SOURCES`<br>Possible values are `SPAM_SOURCES`, `WINDOWS_EXPLOITS`, `WEB_ATTACKS`, `BOTNETS`, `SCANNERS`, `REPUTATION`, `PHISHING`, `PROXY`, `MOBILE_THREATS`, `TOR_PROXY`, `DENIAL_OF_SERVICE`, `NETWORK`<br>[Enum: SPAM_SOURCES|WINDOWS_EXPLOITS|WEB_ATTACKS|BOTNETS|SCANNERS|REPUTATION|PHISHING|PROXY|MOBILE_THREATS|TOR_PROXY|DENIAL_OF_SERVICE|NETWORK] List of IP Threat Categories to choose. The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions
+#### Ja4 TLS Fingerprint
+A [`ja4_tls_fingerprint`](#ja4-tls-fingerprint) block supports the following:
+<a id="ja4-tls-fingerprint-exact-values"></a>&#x2022; [`exact_values`](#ja4-tls-fingerprint-exact-values) - Optional List<br>Exact Values. A list of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against
+#### JWT Claims
+A [`jwt_claims`](#jwt-claims) block supports the following:
+<a id="jwt-claims-check-not-present"></a>&#x2022; [`check_not_present`](#jwt-claims-check-not-present) - Optional Block<br>Enable this option
+<a id="jwt-claims-check-present"></a>&#x2022; [`check_present`](#jwt-claims-check-present) - Optional Block<br>Enable this option
+<a id="jwt-claims-invert-matcher"></a>&#x2022; [`invert_matcher`](#jwt-claims-invert-matcher) - Optional Bool<br>Invert Matcher. Invert the match result
+<a id="jwt-claims-item"></a>&#x2022; [`item`](#jwt-claims-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#jwt-claims-item) below.
+<a id="jwt-claims-name"></a>&#x2022; [`name`](#jwt-claims-name) - Optional String<br>JWT Claim Name. JWT claim name
+#### JWT Claims Item
+An [`item`](#jwt-claims-item) block (within [`jwt_claims`](#jwt-claims)) supports the following:
+<a id="jwt-claims-item-exact-values"></a>&#x2022; [`exact_values`](#jwt-claims-item-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="jwt-claims-item-regex-values"></a>&#x2022; [`regex_values`](#jwt-claims-item-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+<a id="jwt-claims-item-transformers"></a>&#x2022; [`transformers`](#jwt-claims-item-transformers) - Optional List  Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
+#### Label Matcher
+A [`label_matcher`](#label-matcher) block supports the following:
+<a id="label-matcher-keys"></a>&#x2022; [`keys`](#label-matcher-keys) - Optional List<br>Keys. The list of label key names that have to match
+#### Mum Action
+A [`mum_action`](#mum-action) block supports the following:
+<a id="mum-action-default"></a>&#x2022; [`default`](#mum-action-default) - Optional Block<br>Enable this option
+<a id="mum-action-skip-processing"></a>&#x2022; [`skip_processing`](#mum-action-skip-processing) - Optional Block<br>Enable this option
+#### Path
+A [`path`](#path) block supports the following:
+<a id="path-exact-values"></a>&#x2022; [`exact_values`](#path-exact-values) - Optional List<br>Exact Values. A list of exact path values to match the input HTTP path against
+<a id="path-invert-matcher"></a>&#x2022; [`invert_matcher`](#path-invert-matcher) - Optional Bool<br>Invert Path Matcher. Invert the match result
+<a id="path-prefix-values"></a>&#x2022; [`prefix_values`](#path-prefix-values) - Optional List<br>Prefix Values. A list of path prefix values to match the input HTTP path against
+<a id="path-regex-values"></a>&#x2022; [`regex_values`](#path-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input HTTP path against
+<a id="path-suffix-values"></a>&#x2022; [`suffix_values`](#path-suffix-values) - Optional List<br>Suffix Values. A list of path suffix values to match the input HTTP path against
+<a id="path-transformers"></a>&#x2022; [`transformers`](#path-transformers) - Optional List  Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
+#### Port Matcher
+A [`port_matcher`](#port-matcher) block supports the following:
+<a id="port-matcher-invert-matcher"></a>&#x2022; [`invert_matcher`](#port-matcher-invert-matcher) - Optional Bool<br>Invert Port Matcher. Invert the match result
+<a id="port-matcher-ports"></a>&#x2022; [`ports`](#port-matcher-ports) - Optional List<br>Port Ranges. A list of strings, each of which is a single port value or a tuple of start and end port values separated by '-'. The start and end values are considered to be part of the range
+#### Query Params
+A [`query_params`](#query-params) block supports the following:
+<a id="query-params-check-not-present"></a>&#x2022; [`check_not_present`](#query-params-check-not-present) - Optional Block<br>Enable this option
+<a id="query-params-check-present"></a>&#x2022; [`check_present`](#query-params-check-present) - Optional Block<br>Enable this option
+<a id="query-params-invert-matcher"></a>&#x2022; [`invert_matcher`](#query-params-invert-matcher) - Optional Bool<br>Invert Query Parameter Matcher. Invert the match result
+<a id="query-params-item"></a>&#x2022; [`item`](#query-params-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#query-params-item) below.
+<a id="query-params-key"></a>&#x2022; [`key`](#query-params-key) - Optional String<br>Query Parameter Name. A case-sensitive HTTP query parameter name
+#### Query Params Item
+An [`item`](#query-params-item) block (within [`query_params`](#query-params)) supports the following:
+<a id="query-params-item-exact-values"></a>&#x2022; [`exact_values`](#query-params-item-exact-values) - Optional List<br>Exact Values. A list of exact values to match the input against
+<a id="query-params-item-regex-values"></a>&#x2022; [`regex_values`](#query-params-item-regex-values) - Optional List<br>Regex Values. A list of regular expressions to match the input against
+<a id="query-params-item-transformers"></a>&#x2022; [`transformers`](#query-params-item-transformers) - Optional List  Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
+#### Request Constraints
+A [`request_constraints`](#request-constraints) block supports the following:
+<a id="request-constraints-max-cookie-count-exceeds"></a>&#x2022; [`max_cookie_count_exceeds`](#request-constraints-max-cookie-count-exceeds) - Optional Number<br>Match on the Count for all Cookies that exceed this value
+<a id="request-constraints-max-cookie-count-none"></a>&#x2022; [`max_cookie_count_none`](#request-constraints-max-cookie-count-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-cookie-key-size-exceeds"></a>&#x2022; [`max_cookie_key_size_exceeds`](#request-constraints-max-cookie-key-size-exceeds) - Optional Number<br>Match on the Name Size per Cookie that exceed this value
+<a id="request-constraints-max-cookie-key-size-none"></a>&#x2022; [`max_cookie_key_size_none`](#request-constraints-max-cookie-key-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-cookie-value-size-exceeds"></a>&#x2022; [`max_cookie_value_size_exceeds`](#request-constraints-max-cookie-value-size-exceeds) - Optional Number<br>Match on the Value Size per Cookie that exceed this value
+<a id="request-constraints-max-cookie-value-size-none"></a>&#x2022; [`max_cookie_value_size_none`](#request-constraints-max-cookie-value-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-header-count-exceeds"></a>&#x2022; [`max_header_count_exceeds`](#request-constraints-max-header-count-exceeds) - Optional Number<br>Match on the Count for all Headers that exceed this value
+<a id="request-constraints-max-header-count-none"></a>&#x2022; [`max_header_count_none`](#request-constraints-max-header-count-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-header-key-size-exceeds"></a>&#x2022; [`max_header_key_size_exceeds`](#request-constraints-max-header-key-size-exceeds) - Optional Number<br>Match on the Name Size per Header that exceed this value
+<a id="request-constraints-max-header-key-size-none"></a>&#x2022; [`max_header_key_size_none`](#request-constraints-max-header-key-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-header-value-size-exceeds"></a>&#x2022; [`max_header_value_size_exceeds`](#request-constraints-max-header-value-size-exceeds) - Optional Number<br>Match on the Value Size per Header that exceed this value
+<a id="request-constraints-max-header-value-size-none"></a>&#x2022; [`max_header_value_size_none`](#request-constraints-max-header-value-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-parameter-count-exceeds"></a>&#x2022; [`max_parameter_count_exceeds`](#request-constraints-max-parameter-count-exceeds) - Optional Number<br>Match on the Parameter Count that exceed this value
+<a id="request-constraints-max-parameter-count-none"></a>&#x2022; [`max_parameter_count_none`](#request-constraints-max-parameter-count-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-parameter-name-size-exceeds"></a>&#x2022; [`max_parameter_name_size_exceeds`](#request-constraints-max-parameter-name-size-exceeds) - Optional Number<br>Match on the Parameter Name Size that exceed this value
+<a id="request-constraints-max-parameter-name-size-none"></a>&#x2022; [`max_parameter_name_size_none`](#request-constraints-max-parameter-name-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-parameter-value-size-exceeds"></a>&#x2022; [`max_parameter_value_size_exceeds`](#request-constraints-max-parameter-value-size-exceeds) - Optional Number<br>Match on the Parameter Value Size that exceed this value
+<a id="request-constraints-max-parameter-value-size-none"></a>&#x2022; [`max_parameter_value_size_none`](#request-constraints-max-parameter-value-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-query-size-exceeds"></a>&#x2022; [`max_query_size_exceeds`](#request-constraints-max-query-size-exceeds) - Optional Number<br>Match on the URL Query Size that exceed this value
+<a id="request-constraints-max-query-size-none"></a>&#x2022; [`max_query_size_none`](#request-constraints-max-query-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-request-line-size-exceeds"></a>&#x2022; [`max_request_line_size_exceeds`](#request-constraints-max-request-line-size-exceeds) - Optional Number<br>Match on the Request Line Size that exceed this value
+<a id="request-constraints-max-request-line-size-none"></a>&#x2022; [`max_request_line_size_none`](#request-constraints-max-request-line-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-request-size-exceeds"></a>&#x2022; [`max_request_size_exceeds`](#request-constraints-max-request-size-exceeds) - Optional Number<br>Match on the Request Size that exceed this value
+<a id="request-constraints-max-request-size-none"></a>&#x2022; [`max_request_size_none`](#request-constraints-max-request-size-none) - Optional Block<br>Enable this option
+<a id="request-constraints-max-url-size-exceeds"></a>&#x2022; [`max_url_size_exceeds`](#request-constraints-max-url-size-exceeds) - Optional Number<br>Match on the URL Size that exceed this value
+<a id="request-constraints-max-url-size-none"></a>&#x2022; [`max_url_size_none`](#request-constraints-max-url-size-none) - Optional Block<br>Enable this option
+#### Segment Policy
+A [`segment_policy`](#segment-policy) block supports the following:
+<a id="segment-policy-dst-any"></a>&#x2022; [`dst_any`](#segment-policy-dst-any) - Optional Block<br>Enable this option
+<a id="segment-policy-dst-segments"></a>&#x2022; [`dst_segments`](#segment-policy-dst-segments) - Optional Block<br>Segment List. List of references to Segments<br>See [Dst Segments](#segment-policy-dst-segments) below.
+<a id="segment-policy-intra-segment"></a>&#x2022; [`intra_segment`](#segment-policy-intra-segment) - Optional Block<br>Enable this option
+<a id="segment-policy-src-any"></a>&#x2022; [`src_any`](#segment-policy-src-any) - Optional Block<br>Enable this option
+<a id="segment-policy-src-segments"></a>&#x2022; [`src_segments`](#segment-policy-src-segments) - Optional Block<br>Segment List. List of references to Segments<br>See [Src Segments](#segment-policy-src-segments) below.
+#### Segment Policy Dst Segments
+A [`dst_segments`](#segment-policy-dst-segments) block (within [`segment_policy`](#segment-policy)) supports the following:
+<a id="segment-policy-dst-segments-segments"></a>&#x2022; [`segments`](#segment-policy-dst-segments-segments) - Optional Block<br>Segments. Select list of segments<br>See [Segments](#segment-policy-dst-segments-segments) below.
+#### Segment Policy Dst Segments Segments
+A [`segments`](#segment-policy-dst-segments-segments) block (within [`segment_policy.dst_segments`](#segment-policy-dst-segments)) supports the following:
+<a id="segment-policy-dst-segments-segments-name"></a>&#x2022; [`name`](#segment-policy-dst-segments-segments-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+<a id="segment-policy-dst-segments-segments-namespace"></a>&#x2022; [`namespace`](#segment-policy-dst-segments-segments-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+<a id="segment-policy-dst-segments-segments-tenant"></a>&#x2022; [`tenant`](#segment-policy-dst-segments-segments-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+#### Segment Policy Src Segments
+A [`src_segments`](#segment-policy-src-segments) block (within [`segment_policy`](#segment-policy)) supports the following:
+<a id="segment-policy-src-segments-segments"></a>&#x2022; [`segments`](#segment-policy-src-segments-segments) - Optional Block<br>Segments. Select list of segments<br>See [Segments](#segment-policy-src-segments-segments) below.
+#### Segment Policy Src Segments Segments
+A [`segments`](#segment-policy-src-segments-segments) block (within [`segment_policy.src_segments`](#segment-policy-src-segments)) supports the following:
+<a id="segment-policy-src-segments-segments-name"></a>&#x2022; [`name`](#segment-policy-src-segments-segments-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
+<a id="segment-policy-src-segments-segments-namespace"></a>&#x2022; [`namespace`](#segment-policy-src-segments-segments-namespace) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
+<a id="segment-policy-src-segments-segments-tenant"></a>&#x2022; [`tenant`](#segment-policy-src-segments-segments-tenant) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
+#### Timeouts
+A [`timeouts`](#timeouts) block supports the following:
+<a id="timeouts-create"></a>&#x2022; [`create`](#timeouts-create) - Optional String (Defaults to `10 minutes`)<br>Used when creating the resource
+<a id="timeouts-delete"></a>&#x2022; [`delete`](#timeouts-delete) - Optional String (Defaults to `10 minutes`)<br>Used when deleting the resource
+<a id="timeouts-read"></a>&#x2022; [`read`](#timeouts-read) - Optional String (Defaults to `5 minutes`)<br>Used when retrieving the resource
+<a id="timeouts-update"></a>&#x2022; [`update`](#timeouts-update) - Optional String (Defaults to `10 minutes`)<br>Used when updating the resource
+#### TLS Fingerprint Matcher
+A [`tls_fingerprint_matcher`](#tls-fingerprint-matcher) block supports the following:
+<a id="tls-fingerprint-matcher-classes"></a>&#x2022; [`classes`](#tls-fingerprint-matcher-classes) - Optional List  Defaults to `TLS_FINGERPRINT_NONE`<br>Possible values are `TLS_FINGERPRINT_NONE`, `ANY_MALICIOUS_FINGERPRINT`, `ADWARE`, `ADWIND`, `DRIDEX`, `GOOTKIT`, `GOZI`, `JBIFROST`, `QUAKBOT`, `RANSOMWARE`, `TROLDESH`, `TOFSEE`, `TORRENTLOCKER`, `TRICKBOT`<br>[Enum: TLS_FINGERPRINT_NONE|ANY_MALICIOUS_FINGERPRINT|ADWARE|ADWIND|DRIDEX|GOOTKIT|GOZI|JBIFROST|QUAKBOT|RANSOMWARE|TROLDESH|TOFSEE|TORRENTLOCKER|TRICKBOT] TLS fingerprint classes. A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against
+<a id="tls-fingerprint-matcher-exact-values"></a>&#x2022; [`exact_values`](#tls-fingerprint-matcher-exact-values) - Optional List<br>Exact Values. A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against
+<a id="tls-fingerprint-matcher-excluded-values"></a>&#x2022; [`excluded_values`](#tls-fingerprint-matcher-excluded-values) - Optional List<br>Excluded Values. A list of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint. This can be used to skip known false positives when using one or more known TLS fingerprint classes in the enclosing matcher
+#### WAF Action
+A [`waf_action`](#waf-action) block supports the following:
+<a id="waf-action-app-firewall-detection-control"></a>&#x2022; [`app_firewall_detection_control`](#waf-action-app-firewall-detection-control) - Optional Block<br>App Firewall Detection Control. Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria<br>See [App Firewall Detection Control](#waf-action-app-firewall-detection-control) below.
+<a id="waf-action-none"></a>&#x2022; [`none`](#waf-action-none) - Optional Block<br>Enable this option
+<a id="waf-action-waf-skip-processing"></a>&#x2022; [`waf_skip_processing`](#waf-action-waf-skip-processing) - Optional Block<br>Enable this option
+#### WAF Action App Firewall Detection Control
+An [`app_firewall_detection_control`](#waf-action-app-firewall-detection-control) block (within [`waf_action`](#waf-action)) supports the following:
+<a id="waf-action-app-firewall-detection-control-exclude-attack-type-contexts"></a>&#x2022; [`exclude_attack_type_contexts`](#waf-action-app-firewall-detection-control-exclude-attack-type-contexts) - Optional Block<br>Attack Types. Attack Types to be excluded for the defined match criteria<br>See [Exclude Attack Type Contexts](#waf-action-app-firewall-detection-control-exclude-attack-type-contexts) below.
+<a id="waf-action-app-firewall-detection-control-exclude-bot-name-contexts"></a>&#x2022; [`exclude_bot_name_contexts`](#waf-action-app-firewall-detection-control-exclude-bot-name-contexts) - Optional Block<br>Bot Names. Bot Names to be excluded for the defined match criteria<br>See [Exclude Bot Name Contexts](#waf-action-app-firewall-detection-control-exclude-bot-name-contexts) below.
+<a id="waf-action-app-firewall-detection-control-exclude-signature-contexts"></a>&#x2022; [`exclude_signature_contexts`](#waf-action-app-firewall-detection-control-exclude-signature-contexts) - Optional Block<br>Signature IDs. Signature IDs to be excluded for the defined match criteria<br>See [Exclude Signature Contexts](#waf-action-app-firewall-detection-control-exclude-signature-contexts) below.
+<a id="waf-action-app-firewall-detection-control-exclude-violation-contexts"></a>&#x2022; [`exclude_violation_contexts`](#waf-action-app-firewall-detection-control-exclude-violation-contexts) - Optional Block<br>Violations. Violations to be excluded for the defined match criteria<br>See [Exclude Violation Contexts](#waf-action-app-firewall-detection-control-exclude-violation-contexts) below.
+#### WAF Action App Firewall Detection Control Exclude Attack Type Contexts
+An [`exclude_attack_type_contexts`](#waf-action-app-firewall-detection-control-exclude-attack-type-contexts) block (within [`waf_action.app_firewall_detection_control`](#waf-action-app-firewall-detection-control)) supports the following:
+<a id="waf-action-app-firewall-detection-control-exclude-attack-type-contexts-context"></a>&#x2022; [`context`](#waf-action-app-firewall-detection-control-exclude-attack-type-contexts-context) - Optional String  Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
+<a id="waf-action-app-firewall-detection-control-exclude-attack-type-contexts-context-name"></a>&#x2022; [`context_name`](#waf-action-app-firewall-detection-control-exclude-attack-type-contexts-context-name) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
+<a id="waf-action-app-firewall-detection-control-exclude-attack-type-contexts-exclude-attack-type"></a>&#x2022; [`exclude_attack_type`](#waf-action-app-firewall-detection-control-exclude-attack-type-contexts-exclude-attack-type) - Optional String  Defaults to `ATTACK_TYPE_NONE`<br>Possible values are `ATTACK_TYPE_NONE`, `ATTACK_TYPE_NON_BROWSER_CLIENT`, `ATTACK_TYPE_OTHER_APPLICATION_ATTACKS`, `ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE`, `ATTACK_TYPE_DETECTION_EVASION`, `ATTACK_TYPE_VULNERABILITY_SCAN`, `ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY`, `ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS`, `ATTACK_TYPE_BUFFER_OVERFLOW`, `ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION`, `ATTACK_TYPE_INFORMATION_LEAKAGE`, `ATTACK_TYPE_DIRECTORY_INDEXING`, `ATTACK_TYPE_PATH_TRAVERSAL`, `ATTACK_TYPE_XPATH_INJECTION`, `ATTACK_TYPE_LDAP_INJECTION`, `ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION`, `ATTACK_TYPE_COMMAND_EXECUTION`, `ATTACK_TYPE_SQL_INJECTION`, `ATTACK_TYPE_CROSS_SITE_SCRIPTING`, `ATTACK_TYPE_DENIAL_OF_SERVICE`, `ATTACK_TYPE_HTTP_PARSER_ATTACK`, `ATTACK_TYPE_SESSION_HIJACKING`, `ATTACK_TYPE_HTTP_RESPONSE_SPLITTING`, `ATTACK_TYPE_FORCEFUL_BROWSING`, `ATTACK_TYPE_REMOTE_FILE_INCLUDE`, `ATTACK_TYPE_MALICIOUS_FILE_UPLOAD`, `ATTACK_TYPE_GRAPHQL_PARSER_ATTACK`<br>[Enum: ATTACK_TYPE_NONE|ATTACK_TYPE_NON_BROWSER_CLIENT|ATTACK_TYPE_OTHER_APPLICATION_ATTACKS|ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE|ATTACK_TYPE_DETECTION_EVASION|ATTACK_TYPE_VULNERABILITY_SCAN|ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY|ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS|ATTACK_TYPE_BUFFER_OVERFLOW|ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION|ATTACK_TYPE_INFORMATION_LEAKAGE|ATTACK_TYPE_DIRECTORY_INDEXING|ATTACK_TYPE_PATH_TRAVERSAL|ATTACK_TYPE_XPATH_INJECTION|ATTACK_TYPE_LDAP_INJECTION|ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION|ATTACK_TYPE_COMMAND_EXECUTION|ATTACK_TYPE_SQL_INJECTION|ATTACK_TYPE_CROSS_SITE_SCRIPTING|ATTACK_TYPE_DENIAL_OF_SERVICE|ATTACK_TYPE_HTTP_PARSER_ATTACK|ATTACK_TYPE_SESSION_HIJACKING|ATTACK_TYPE_HTTP_RESPONSE_SPLITTING|ATTACK_TYPE_FORCEFUL_BROWSING|ATTACK_TYPE_REMOTE_FILE_INCLUDE|ATTACK_TYPE_MALICIOUS_FILE_UPLOAD|ATTACK_TYPE_GRAPHQL_PARSER_ATTACK] Attack Types. List of all Attack Types ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE ATTACK_TYPE_DETECTION_EVASION ATTACK_TYPE_VULNERABILITY_SCAN ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS ATTACK_TYPE_BUFFER_OVERFLOW ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION ATTACK_TYPE_INFORMATION_LEAKAGE ATTACK_TYPE_DIRECTORY_INDEXING ATTACK_TYPE_PATH_TRAVERSAL ATTACK_TYPE_XPATH_INJECTION ATTACK_TYPE_LDAP_INJECTION ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION ATTACK_TYPE_COMMAND_EXECUTION ATTACK_TYPE_SQL_INJECTION ATTACK_TYPE_CROSS_SITE_SCRIPTING ATTACK_TYPE_DENIAL_OF_SERVICE ATTACK_TYPE_HTTP_PARSER_ATTACK ATTACK_TYPE_SESSION_HIJACKING ATTACK_TYPE_HTTP_RESPONSE_SPLITTING ATTACK_TYPE_FORCEFUL_BROWSING ATTACK_TYPE_REMOTE_FILE_INCLUDE ATTACK_TYPE_MALICIOUS_FILE_UPLOAD ATTACK_TYPE_GRAPHQL_PARSER_ATTACK
+#### WAF Action App Firewall Detection Control Exclude Bot Name Contexts
+An [`exclude_bot_name_contexts`](#waf-action-app-firewall-detection-control-exclude-bot-name-contexts) block (within [`waf_action.app_firewall_detection_control`](#waf-action-app-firewall-detection-control)) supports the following:
+<a id="waf-action-app-firewall-detection-control-exclude-bot-name-contexts-bot-name"></a>&#x2022; [`bot_name`](#waf-action-app-firewall-detection-control-exclude-bot-name-contexts-bot-name) - Optional String<br>Bot Name
+#### WAF Action App Firewall Detection Control Exclude Signature Contexts
+An [`exclude_signature_contexts`](#waf-action-app-firewall-detection-control-exclude-signature-contexts) block (within [`waf_action.app_firewall_detection_control`](#waf-action-app-firewall-detection-control)) supports the following:
+<a id="waf-action-app-firewall-detection-control-exclude-signature-contexts-context"></a>&#x2022; [`context`](#waf-action-app-firewall-detection-control-exclude-signature-contexts-context) - Optional String  Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
+<a id="waf-action-app-firewall-detection-control-exclude-signature-contexts-context-name"></a>&#x2022; [`context_name`](#waf-action-app-firewall-detection-control-exclude-signature-contexts-context-name) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
+<a id="waf-action-app-firewall-detection-control-exclude-signature-contexts-signature-id"></a>&#x2022; [`signature_id`](#waf-action-app-firewall-detection-control-exclude-signature-contexts-signature-id) - Optional Number<br>SignatureID. The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context
+#### WAF Action App Firewall Detection Control Exclude Violation Contexts
+An [`exclude_violation_contexts`](#waf-action-app-firewall-detection-control-exclude-violation-contexts) block (within [`waf_action.app_firewall_detection_control`](#waf-action-app-firewall-detection-control)) supports the following:
+<a id="waf-action-app-firewall-detection-control-exclude-violation-contexts-context"></a>&#x2022; [`context`](#waf-action-app-firewall-detection-control-exclude-violation-contexts-context) - Optional String  Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
+<a id="waf-action-app-firewall-detection-control-exclude-violation-contexts-context-name"></a>&#x2022; [`context_name`](#waf-action-app-firewall-detection-control-exclude-violation-contexts-context-name) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
+<a id="waf-action-app-firewall-detection-control-exclude-violation-contexts-exclude-violation"></a>&#x2022; [`exclude_violation`](#waf-action-app-firewall-detection-control-exclude-violation-contexts-exclude-violation) - Optional String  Defaults to `VIOL_NONE`<br>Possible values are `VIOL_NONE`, `VIOL_FILETYPE`, `VIOL_METHOD`, `VIOL_MANDATORY_HEADER`, `VIOL_HTTP_RESPONSE_STATUS`, `VIOL_REQUEST_MAX_LENGTH`, `VIOL_FILE_UPLOAD`, `VIOL_FILE_UPLOAD_IN_BODY`, `VIOL_XML_MALFORMED`, `VIOL_JSON_MALFORMED`, `VIOL_ASM_COOKIE_MODIFIED`, `VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS`, `VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE`, `VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT`, `VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST`, `VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION`, `VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS`, `VIOL_EVASION_DIRECTORY_TRAVERSALS`, `VIOL_MALFORMED_REQUEST`, `VIOL_EVASION_MULTIPLE_DECODING`, `VIOL_DATA_GUARD`, `VIOL_EVASION_APACHE_WHITESPACE`, `VIOL_COOKIE_MODIFIED`, `VIOL_EVASION_IIS_UNICODE_CODEPOINTS`, `VIOL_EVASION_IIS_BACKSLASHES`, `VIOL_EVASION_PERCENT_U_DECODING`, `VIOL_EVASION_BARE_BYTE_DECODING`, `VIOL_EVASION_BAD_UNESCAPE`, `VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST`, `VIOL_ENCODING`, `VIOL_COOKIE_MALFORMED`, `VIOL_GRAPHQL_FORMAT`, `VIOL_GRAPHQL_MALFORMED`, `VIOL_GRAPHQL_INTROSPECTION_QUERY`<br>[Enum: VIOL_NONE|VIOL_FILETYPE|VIOL_METHOD|VIOL_MANDATORY_HEADER|VIOL_HTTP_RESPONSE_STATUS|VIOL_REQUEST_MAX_LENGTH|VIOL_FILE_UPLOAD|VIOL_FILE_UPLOAD_IN_BODY|VIOL_XML_MALFORMED|VIOL_JSON_MALFORMED|VIOL_ASM_COOKIE_MODIFIED|VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS|VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE|VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT|VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST|VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION|VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS|VIOL_EVASION_DIRECTORY_TRAVERSALS|VIOL_MALFORMED_REQUEST|VIOL_EVASION_MULTIPLE_DECODING|VIOL_DATA_GUARD|VIOL_EVASION_APACHE_WHITESPACE|VIOL_COOKIE_MODIFIED|VIOL_EVASION_IIS_UNICODE_CODEPOINTS|VIOL_EVASION_IIS_BACKSLASHES|VIOL_EVASION_PERCENT_U_DECODING|VIOL_EVASION_BARE_BYTE_DECODING|VIOL_EVASION_BAD_UNESCAPE|VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST|VIOL_ENCODING|VIOL_COOKIE_MALFORMED|VIOL_GRAPHQL_FORMAT|VIOL_GRAPHQL_MALFORMED|VIOL_GRAPHQL_INTROSPECTION_QUERY] App Firewall Violation Type. List of all supported Violation Types VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH VIOL_FILE_UPLOAD VIOL_FILE_UPLOAD_IN_BODY VIOL_XML_MALFORMED VIOL_JSON_MALFORMED VIOL_ASM_COOKIE_MODIFIED VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION VIOL_HTTP_PROTOCOL_CRLF_CHARACTERS_BEFORE_REQUEST_START VIOL_HTTP_PROTOCOL_NO_HOST_HEADER_IN_HTTP_1_1_REQUEST VIOL_HTTP_PROTOCOL_BAD_MULTIPART_PARAMETERS_PARSING VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS VIOL_HTTP_PROTOCOL_CONTENT_LENGTH_SHOULD_BE_A_POSITIVE_NUMBER VIOL_EVASION_DIRECTORY_TRAVERSALS VIOL_MALFORMED_REQUEST VIOL_EVASION_MULTIPLE_DECODING VIOL_DATA_GUARD VIOL_EVASION_APACHE_WHITESPACE VIOL_COOKIE_MODIFIED VIOL_EVASION_IIS_UNICODE_CODEPOINTS VIOL_EVASION_IIS_BACKSLASHES VIOL_EVASION_PERCENT_U_DECODING VIOL_EVASION_BARE_BYTE_DECODING VIOL_EVASION_BAD_UNESCAPE VIOL_HTTP_PROTOCOL_BAD_MULTIPART_FORMDATA_REQUEST_PARSING VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST VIOL_HTTP_PROTOCOL_HIGH_ASCII_CHARACTERS_IN_HEADERS VIOL_ENCODING VIOL_COOKIE_MALFORMED VIOL_GRAPHQL_FORMAT VIOL_GRAPHQL_MALFORMED VIOL_GRAPHQL_INTROSPECTION_QUERY
+## Import
+Import is supported using the following syntax:
+```shell
+# Import using namespace/name format
+terraform import f5xc_service_policy_rule.example system/example
+```