@robinmordasiewicz/f5xc-terraform-mcp 2.4.6 → 2.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/child_tenant.md +2 -2
- package/dist/docs/resources/cloud_connect.md +33 -33
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +144 -144
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/managed_tenant.md +2 -2
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -221,7 +221,7 @@ A [`rules`](#rule-list-rules) block (within [`rule_list`](#rule-list)) supports
|
|
|
221
221
|
|
|
222
222
|
A [`metadata`](#rule-list-rules-metadata) block (within [`rule_list.rules`](#rule-list-rules)) supports the following:
|
|
223
223
|
|
|
224
|
-
<a id="
|
|
224
|
+
<a id="spec-118a99"></a>• [`description_spec`](#spec-118a99) - Optional String<br>Description. Human readable description
|
|
225
225
|
|
|
226
226
|
<a id="rule-list-rules-metadata-name"></a>• [`name`](#rule-list-rules-metadata-name) - Optional String<br>Name. This is the name of the message. The value of name has to follow DNS-1035 format
|
|
227
227
|
|
|
@@ -251,7 +251,7 @@ A [`spec`](#rule-list-rules-spec) block (within [`rule_list.rules`](#rule-list-r
|
|
|
251
251
|
|
|
252
252
|
<a id="rule-list-rules-spec-client-name"></a>• [`client_name`](#rule-list-rules-spec-client-name) - Optional String<br>Client Name. The expected name of the client invoking the request API. The predicate evaluates to true if any of the actual names is the same as the expected client name
|
|
253
253
|
|
|
254
|
-
<a id="
|
|
254
|
+
<a id="matcher-ded25d"></a>• [`client_name_matcher`](#matcher-ded25d) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Client Name Matcher](#matcher-ded25d) below.
|
|
255
255
|
|
|
256
256
|
<a id="rule-list-rules-spec-client-selector"></a>• [`client_selector`](#rule-list-rules-spec-client-selector) - Optional Block<br>Label Selector. This type can be used to establish a 'selector reference' from one object(called selector) to a set of other objects(called selectees) based on the value of expresssions. A label selector is a label query over a set of resources. An empty label selector matches all objects. A null label selector matches no objects. Label selector is immutable. expressions is a list of strings of label selection expression. Each string has ',' separated values which are 'AND' and all strings are logically 'OR'. BNF for expression string `<selector-syntax>` ::= `<requirement>` | `<requirement>` ',' `<selector-syntax>` `<requirement>` ::= [!] KEY [ `<set-based-restriction>` | `<exact-match-restriction>` ] `<set-based-restriction>` ::= '' | `<inclusion-exclusion>` `<value-set>` `<inclusion-exclusion>` ::= `<inclusion>` | `<exclusion>` `<exclusion>` ::= 'notin' `<inclusion>` ::= 'in' `<value-set>` ::= '(' `<values>` ')' `<values>` ::= VALUE | VALUE ',' `<values>` `<exact-match-restriction>` ::= ['='|'=='|'!='] VALUE<br>See [Client Selector](#rule-list-rules-spec-client-selector) below.
|
|
257
257
|
|
|
@@ -259,7 +259,7 @@ A [`spec`](#rule-list-rules-spec) block (within [`rule_list.rules`](#rule-list-r
|
|
|
259
259
|
|
|
260
260
|
<a id="rule-list-rules-spec-domain-matcher"></a>• [`domain_matcher`](#rule-list-rules-spec-domain-matcher) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Domain Matcher](#rule-list-rules-spec-domain-matcher) below.
|
|
261
261
|
|
|
262
|
-
<a id="
|
|
262
|
+
<a id="timestamp-8e9743"></a>• [`expiration_timestamp`](#timestamp-8e9743) - Optional String<br>Expiration Timestamp. The expiration_timestamp is the RFC 3339 format timestamp at which the containing rule is considered to be logically expired. The rule continues to exist in the configuration but is not applied anymore
|
|
263
263
|
|
|
264
264
|
<a id="rule-list-rules-spec-headers"></a>• [`headers`](#rule-list-rules-spec-headers) - Optional Block<br>HTTP Headers. A list of predicates for various HTTP headers that need to match. The criteria for matching each HTTP header are described in individual HeaderMatcherType instances. The actual HTTP header values are extracted from the request API as a list of strings for each HTTP header type. Note that all specified header predicates must evaluate to true<br>See [Headers](#rule-list-rules-spec-headers) below.
|
|
265
265
|
|
|
@@ -269,9 +269,9 @@ A [`spec`](#rule-list-rules-spec) block (within [`rule_list.rules`](#rule-list-r
|
|
|
269
269
|
|
|
270
270
|
<a id="rule-list-rules-spec-ip-prefix-list"></a>• [`ip_prefix_list`](#rule-list-rules-spec-ip-prefix-list) - Optional Block<br>IP Prefix Match List. List of IP Prefix strings to match against<br>See [IP Prefix List](#rule-list-rules-spec-ip-prefix-list) below.
|
|
271
271
|
|
|
272
|
-
<a id="
|
|
272
|
+
<a id="list-f2b1f3"></a>• [`ip_threat_category_list`](#list-f2b1f3) - Optional Block<br>IP Threat Category List Type. List of IP threat categories<br>See [IP Threat Category List](#list-f2b1f3) below.
|
|
273
273
|
|
|
274
|
-
<a id="
|
|
274
|
+
<a id="fingerprint-dfb868"></a>• [`ja4_tls_fingerprint`](#fingerprint-dfb868) - Optional Block<br>JA4 TLS Fingerprint Matcher. An extended version of JA3 that includes additional fields for more comprehensive fingerprinting of SSL/TLS clients and potentially has a different structure and length<br>See [Ja4 TLS Fingerprint](#fingerprint-dfb868) below.
|
|
275
275
|
|
|
276
276
|
<a id="rule-list-rules-spec-jwt-claims"></a>• [`jwt_claims`](#rule-list-rules-spec-jwt-claims) - Optional Block<br>JWT Claims. A list of predicates for various JWT claims that need to match. The criteria for matching each JWT claim are described in individual JWTClaimMatcherType instances. The actual JWT claims values are extracted from the JWT payload as a list of strings. Note that all specified JWT claim predicates must evaluate to true<br>See [JWT Claims](#rule-list-rules-spec-jwt-claims) below.
|
|
277
277
|
|
|
@@ -285,13 +285,13 @@ A [`spec`](#rule-list-rules-spec) block (within [`rule_list.rules`](#rule-list-r
|
|
|
285
285
|
|
|
286
286
|
<a id="rule-list-rules-spec-query-params"></a>• [`query_params`](#rule-list-rules-spec-query-params) - Optional Block<br>HTTP Query Parameters. A list of predicates for all query parameters that need to be matched. The criteria for matching each query parameter are described in individual instances of QueryParameterMatcherType. The actual query parameter values are extracted from the request API as a list of strings for each query parameter name. Note that all specified query parameter predicates must evaluate to true<br>See [Query Params](#rule-list-rules-spec-query-params) below.
|
|
287
287
|
|
|
288
|
-
<a id="
|
|
288
|
+
<a id="constraints-a447da"></a>• [`request_constraints`](#constraints-a447da) - Optional Block<br>Request Constraints<br>See [Request Constraints](#constraints-a447da) below.
|
|
289
289
|
|
|
290
290
|
<a id="rule-list-rules-spec-segment-policy"></a>• [`segment_policy`](#rule-list-rules-spec-segment-policy) - Optional Block<br>Configure Segments. Configure source and destination segment for policy<br>See [Segment Policy](#rule-list-rules-spec-segment-policy) below.
|
|
291
291
|
|
|
292
|
-
<a id="
|
|
292
|
+
<a id="matcher-95ee34"></a>• [`tls_fingerprint_matcher`](#matcher-95ee34) - Optional Block<br>TLS Fingerprint Matcher. A TLS fingerprint matcher specifies multiple criteria for matching a TLS fingerprint. The set of supported positve match criteria includes a list of known classes of TLS fingerprints and a list of exact values. The match is considered successful if either of these positive criteria are satisfied and the input fingerprint is not one of the excluded values<br>See [TLS Fingerprint Matcher](#matcher-95ee34) below.
|
|
293
293
|
|
|
294
|
-
<a id="
|
|
294
|
+
<a id="matcher-744036"></a>• [`user_identity_matcher`](#matcher-744036) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [User Identity Matcher](#matcher-744036) below.
|
|
295
295
|
|
|
296
296
|
<a id="rule-list-rules-spec-waf-action"></a>• [`waf_action`](#rule-list-rules-spec-waf-action) - Optional Block<br>App Firewall Action. Modify App Firewall behavior for a matching request. The modification could either be to entirely skip firewall processing or to customize the firewall rules to be applied as defined by App Firewall Rule Control settings<br>See [WAF Action](#rule-list-rules-spec-waf-action) below.
|
|
297
297
|
|
|
@@ -299,19 +299,19 @@ A [`spec`](#rule-list-rules-spec) block (within [`rule_list.rules`](#rule-list-r
|
|
|
299
299
|
|
|
300
300
|
An [`api_group_matcher`](#rule-list-rules-spec-api-group-matcher) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
301
301
|
|
|
302
|
-
<a id="
|
|
302
|
+
<a id="matcher-2a47df"></a>• [`invert_matcher`](#matcher-2a47df) - Optional Bool<br>Invert String Matcher. Invert the match result
|
|
303
303
|
|
|
304
|
-
<a id="
|
|
304
|
+
<a id="match-614318"></a>• [`match`](#match-614318) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
305
305
|
|
|
306
306
|
#### Rule List Rules Spec Arg Matchers
|
|
307
307
|
|
|
308
308
|
An [`arg_matchers`](#rule-list-rules-spec-arg-matchers) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
309
309
|
|
|
310
|
-
<a id="
|
|
310
|
+
<a id="present-2c642d"></a>• [`check_not_present`](#present-2c642d) - Optional Block<br>Enable this option
|
|
311
311
|
|
|
312
|
-
<a id="
|
|
312
|
+
<a id="present-643cdb"></a>• [`check_present`](#present-643cdb) - Optional Block<br>Enable this option
|
|
313
313
|
|
|
314
|
-
<a id="
|
|
314
|
+
<a id="matcher-0461ac"></a>• [`invert_matcher`](#matcher-0461ac) - Optional Bool<br>Invert Matcher. Invert Match of the expression defined
|
|
315
315
|
|
|
316
316
|
<a id="rule-list-rules-spec-arg-matchers-item"></a>• [`item`](#rule-list-rules-spec-arg-matchers-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#rule-list-rules-spec-arg-matchers-item) below.
|
|
317
317
|
|
|
@@ -321,115 +321,115 @@ An [`arg_matchers`](#rule-list-rules-spec-arg-matchers) block (within [`rule_lis
|
|
|
321
321
|
|
|
322
322
|
An [`item`](#rule-list-rules-spec-arg-matchers-item) block (within [`rule_list.rules.spec.arg_matchers`](#rule-list-rules-spec-arg-matchers)) supports the following:
|
|
323
323
|
|
|
324
|
-
<a id="
|
|
324
|
+
<a id="values-c7a648"></a>• [`exact_values`](#values-c7a648) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
325
325
|
|
|
326
|
-
<a id="
|
|
326
|
+
<a id="values-8f2f21"></a>• [`regex_values`](#values-8f2f21) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
327
327
|
|
|
328
|
-
<a id="
|
|
328
|
+
<a id="transformers-0078cd"></a>• [`transformers`](#transformers-0078cd) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
329
329
|
|
|
330
330
|
#### Rule List Rules Spec Asn List
|
|
331
331
|
|
|
332
332
|
An [`asn_list`](#rule-list-rules-spec-asn-list) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
333
333
|
|
|
334
|
-
<a id="
|
|
334
|
+
<a id="numbers-bc48fc"></a>• [`as_numbers`](#numbers-bc48fc) - Optional List<br>AS Numbers. An unordered set of RFC 6793 defined 4-byte AS numbers that can be used to create allow or deny lists for use in network policy or service policy. It can be used to create the allow list only for DNS Load Balancer
|
|
335
335
|
|
|
336
336
|
#### Rule List Rules Spec Asn Matcher
|
|
337
337
|
|
|
338
338
|
An [`asn_matcher`](#rule-list-rules-spec-asn-matcher) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
339
339
|
|
|
340
|
-
<a id="
|
|
340
|
+
<a id="sets-0b3475"></a>• [`asn_sets`](#sets-0b3475) - Optional Block<br>BGP ASN Sets. A list of references to bgp_asn_set objects<br>See [Asn Sets](#sets-0b3475) below.
|
|
341
341
|
|
|
342
342
|
#### Rule List Rules Spec Asn Matcher Asn Sets
|
|
343
343
|
|
|
344
|
-
An [`asn_sets`](#
|
|
344
|
+
An [`asn_sets`](#sets-0b3475) block (within [`rule_list.rules.spec.asn_matcher`](#rule-list-rules-spec-asn-matcher)) supports the following:
|
|
345
345
|
|
|
346
|
-
<a id="
|
|
346
|
+
<a id="kind-5eb208"></a>• [`kind`](#kind-5eb208) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
347
347
|
|
|
348
|
-
<a id="
|
|
348
|
+
<a id="name-15beb2"></a>• [`name`](#name-15beb2) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
349
349
|
|
|
350
|
-
<a id="
|
|
350
|
+
<a id="namespace-92a7ae"></a>• [`namespace`](#namespace-92a7ae) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
351
351
|
|
|
352
|
-
<a id="
|
|
352
|
+
<a id="tenant-98502e"></a>• [`tenant`](#tenant-98502e) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
353
353
|
|
|
354
|
-
<a id="
|
|
354
|
+
<a id="uid-648ca9"></a>• [`uid`](#uid-648ca9) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
355
355
|
|
|
356
356
|
#### Rule List Rules Spec Body Matcher
|
|
357
357
|
|
|
358
358
|
A [`body_matcher`](#rule-list-rules-spec-body-matcher) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
359
359
|
|
|
360
|
-
<a id="
|
|
360
|
+
<a id="values-e56a42"></a>• [`exact_values`](#values-e56a42) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
361
361
|
|
|
362
|
-
<a id="
|
|
362
|
+
<a id="values-156f80"></a>• [`regex_values`](#values-156f80) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
363
363
|
|
|
364
|
-
<a id="
|
|
364
|
+
<a id="transformers-8d4f75"></a>• [`transformers`](#transformers-8d4f75) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
365
365
|
|
|
366
366
|
#### Rule List Rules Spec Bot Action
|
|
367
367
|
|
|
368
368
|
A [`bot_action`](#rule-list-rules-spec-bot-action) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
369
369
|
|
|
370
|
-
<a id="
|
|
370
|
+
<a id="processing-583231"></a>• [`bot_skip_processing`](#processing-583231) - Optional Block<br>Enable this option
|
|
371
371
|
|
|
372
372
|
<a id="rule-list-rules-spec-bot-action-none"></a>• [`none`](#rule-list-rules-spec-bot-action-none) - Optional Block<br>Enable this option
|
|
373
373
|
|
|
374
374
|
#### Rule List Rules Spec Client Name Matcher
|
|
375
375
|
|
|
376
|
-
A [`client_name_matcher`](#
|
|
376
|
+
A [`client_name_matcher`](#matcher-ded25d) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
377
377
|
|
|
378
|
-
<a id="
|
|
378
|
+
<a id="values-835b8f"></a>• [`exact_values`](#values-835b8f) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
379
379
|
|
|
380
|
-
<a id="
|
|
380
|
+
<a id="values-4b3791"></a>• [`regex_values`](#values-4b3791) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
381
381
|
|
|
382
|
-
<a id="
|
|
382
|
+
<a id="transformers-fd5b88"></a>• [`transformers`](#transformers-fd5b88) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
383
383
|
|
|
384
384
|
#### Rule List Rules Spec Client Selector
|
|
385
385
|
|
|
386
386
|
A [`client_selector`](#rule-list-rules-spec-client-selector) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
387
387
|
|
|
388
|
-
<a id="
|
|
388
|
+
<a id="expressions-248d45"></a>• [`expressions`](#expressions-248d45) - Optional List<br>Selector Expression. expressions contains the kubernetes style label expression for selections
|
|
389
389
|
|
|
390
390
|
#### Rule List Rules Spec Cookie Matchers
|
|
391
391
|
|
|
392
392
|
A [`cookie_matchers`](#rule-list-rules-spec-cookie-matchers) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
393
393
|
|
|
394
|
-
<a id="
|
|
394
|
+
<a id="present-485b0a"></a>• [`check_not_present`](#present-485b0a) - Optional Block<br>Enable this option
|
|
395
395
|
|
|
396
|
-
<a id="
|
|
396
|
+
<a id="present-459192"></a>• [`check_present`](#present-459192) - Optional Block<br>Enable this option
|
|
397
397
|
|
|
398
|
-
<a id="
|
|
398
|
+
<a id="matcher-c32a99"></a>• [`invert_matcher`](#matcher-c32a99) - Optional Bool<br>Invert Matcher. Invert Match of the expression defined
|
|
399
399
|
|
|
400
|
-
<a id="
|
|
400
|
+
<a id="item-ab8ab4"></a>• [`item`](#item-ab8ab4) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#item-ab8ab4) below.
|
|
401
401
|
|
|
402
|
-
<a id="
|
|
402
|
+
<a id="name-6a6bd0"></a>• [`name`](#name-6a6bd0) - Optional String<br>Cookie Name. A case-sensitive cookie name
|
|
403
403
|
|
|
404
404
|
#### Rule List Rules Spec Cookie Matchers Item
|
|
405
405
|
|
|
406
|
-
An [`item`](#
|
|
406
|
+
An [`item`](#item-ab8ab4) block (within [`rule_list.rules.spec.cookie_matchers`](#rule-list-rules-spec-cookie-matchers)) supports the following:
|
|
407
407
|
|
|
408
|
-
<a id="
|
|
408
|
+
<a id="values-c48c4e"></a>• [`exact_values`](#values-c48c4e) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
409
409
|
|
|
410
|
-
<a id="
|
|
410
|
+
<a id="values-8e4fe5"></a>• [`regex_values`](#values-8e4fe5) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
411
411
|
|
|
412
|
-
<a id="
|
|
412
|
+
<a id="transformers-c061db"></a>• [`transformers`](#transformers-c061db) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
413
413
|
|
|
414
414
|
#### Rule List Rules Spec Domain Matcher
|
|
415
415
|
|
|
416
416
|
A [`domain_matcher`](#rule-list-rules-spec-domain-matcher) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
417
417
|
|
|
418
|
-
<a id="
|
|
418
|
+
<a id="values-4e4043"></a>• [`exact_values`](#values-4e4043) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
419
419
|
|
|
420
|
-
<a id="
|
|
420
|
+
<a id="values-e318f7"></a>• [`regex_values`](#values-e318f7) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
421
421
|
|
|
422
|
-
<a id="
|
|
422
|
+
<a id="transformers-f69aff"></a>• [`transformers`](#transformers-f69aff) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
423
423
|
|
|
424
424
|
#### Rule List Rules Spec Headers
|
|
425
425
|
|
|
426
426
|
A [`headers`](#rule-list-rules-spec-headers) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
427
427
|
|
|
428
|
-
<a id="
|
|
428
|
+
<a id="present-652e97"></a>• [`check_not_present`](#present-652e97) - Optional Block<br>Enable this option
|
|
429
429
|
|
|
430
|
-
<a id="
|
|
430
|
+
<a id="present-fe2629"></a>• [`check_present`](#present-fe2629) - Optional Block<br>Enable this option
|
|
431
431
|
|
|
432
|
-
<a id="
|
|
432
|
+
<a id="matcher-0d0548"></a>• [`invert_matcher`](#matcher-0d0548) - Optional Bool<br>Invert Header Matcher. Invert the match result
|
|
433
433
|
|
|
434
434
|
<a id="rule-list-rules-spec-headers-item"></a>• [`item`](#rule-list-rules-spec-headers-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#rule-list-rules-spec-headers-item) below.
|
|
435
435
|
|
|
@@ -439,71 +439,71 @@ A [`headers`](#rule-list-rules-spec-headers) block (within [`rule_list.rules.spe
|
|
|
439
439
|
|
|
440
440
|
An [`item`](#rule-list-rules-spec-headers-item) block (within [`rule_list.rules.spec.headers`](#rule-list-rules-spec-headers)) supports the following:
|
|
441
441
|
|
|
442
|
-
<a id="
|
|
442
|
+
<a id="values-781f57"></a>• [`exact_values`](#values-781f57) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
443
443
|
|
|
444
|
-
<a id="
|
|
444
|
+
<a id="values-0db8b4"></a>• [`regex_values`](#values-0db8b4) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
445
445
|
|
|
446
|
-
<a id="
|
|
446
|
+
<a id="transformers-a3008a"></a>• [`transformers`](#transformers-a3008a) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
447
447
|
|
|
448
448
|
#### Rule List Rules Spec HTTP Method
|
|
449
449
|
|
|
450
450
|
A [`http_method`](#rule-list-rules-spec-http-method) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
451
451
|
|
|
452
|
-
<a id="
|
|
452
|
+
<a id="matcher-ea16cd"></a>• [`invert_matcher`](#matcher-ea16cd) - Optional Bool<br>Invert Method Matcher. Invert the match result
|
|
453
453
|
|
|
454
|
-
<a id="
|
|
454
|
+
<a id="methods-7419c4"></a>• [`methods`](#methods-7419c4) - Optional List Defaults to `ANY`<br>Possible values are `ANY`, `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`, `COPY`<br>[Enum: ANY|GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH|COPY] Method List. List of methods values to match against
|
|
455
455
|
|
|
456
456
|
#### Rule List Rules Spec IP Matcher
|
|
457
457
|
|
|
458
458
|
An [`ip_matcher`](#rule-list-rules-spec-ip-matcher) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
459
459
|
|
|
460
|
-
<a id="
|
|
460
|
+
<a id="matcher-fb6425"></a>• [`invert_matcher`](#matcher-fb6425) - Optional Bool<br>Invert IP Matcher. Invert the match result
|
|
461
461
|
|
|
462
|
-
<a id="
|
|
462
|
+
<a id="sets-e4318a"></a>• [`prefix_sets`](#sets-e4318a) - Optional Block<br>IP Prefix Sets. A list of references to ip_prefix_set objects<br>See [Prefix Sets](#sets-e4318a) below.
|
|
463
463
|
|
|
464
464
|
#### Rule List Rules Spec IP Matcher Prefix Sets
|
|
465
465
|
|
|
466
|
-
A [`prefix_sets`](#
|
|
466
|
+
A [`prefix_sets`](#sets-e4318a) block (within [`rule_list.rules.spec.ip_matcher`](#rule-list-rules-spec-ip-matcher)) supports the following:
|
|
467
467
|
|
|
468
|
-
<a id="
|
|
468
|
+
<a id="kind-2cf0f9"></a>• [`kind`](#kind-2cf0f9) - Optional String<br>Kind. When a configuration object(e.g. virtual_host) refers to another(e.g route) then kind will hold the referred object's kind (e.g. 'route')
|
|
469
469
|
|
|
470
|
-
<a id="
|
|
470
|
+
<a id="name-5f1c1f"></a>• [`name`](#name-5f1c1f) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
471
471
|
|
|
472
|
-
<a id="
|
|
472
|
+
<a id="namespace-ff5432"></a>• [`namespace`](#namespace-ff5432) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
473
473
|
|
|
474
|
-
<a id="
|
|
474
|
+
<a id="tenant-362f28"></a>• [`tenant`](#tenant-362f28) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
475
475
|
|
|
476
|
-
<a id="
|
|
476
|
+
<a id="uid-38c7d3"></a>• [`uid`](#uid-38c7d3) - Optional String<br>UID. When a configuration object(e.g. virtual_host) refers to another(e.g route) then uid will hold the referred object's(e.g. route's) uid
|
|
477
477
|
|
|
478
478
|
#### Rule List Rules Spec IP Prefix List
|
|
479
479
|
|
|
480
480
|
An [`ip_prefix_list`](#rule-list-rules-spec-ip-prefix-list) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
481
481
|
|
|
482
|
-
<a id="
|
|
482
|
+
<a id="match-b3e878"></a>• [`invert_match`](#match-b3e878) - Optional Bool<br>Invert Match Result. Invert the match result
|
|
483
483
|
|
|
484
|
-
<a id="
|
|
484
|
+
<a id="prefixes-88a918"></a>• [`ip_prefixes`](#prefixes-88a918) - Optional List<br>IPv4 Prefix List. List of IPv4 prefix strings
|
|
485
485
|
|
|
486
486
|
#### Rule List Rules Spec IP Threat Category List
|
|
487
487
|
|
|
488
|
-
An [`ip_threat_category_list`](#
|
|
488
|
+
An [`ip_threat_category_list`](#list-f2b1f3) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
489
489
|
|
|
490
|
-
<a id="
|
|
490
|
+
<a id="categories-ff2d46"></a>• [`ip_threat_categories`](#categories-ff2d46) - Optional List Defaults to `SPAM_SOURCES`<br>Possible values are `SPAM_SOURCES`, `WINDOWS_EXPLOITS`, `WEB_ATTACKS`, `BOTNETS`, `SCANNERS`, `REPUTATION`, `PHISHING`, `PROXY`, `MOBILE_THREATS`, `TOR_PROXY`, `DENIAL_OF_SERVICE`, `NETWORK`<br>[Enum: SPAM_SOURCES|WINDOWS_EXPLOITS|WEB_ATTACKS|BOTNETS|SCANNERS|REPUTATION|PHISHING|PROXY|MOBILE_THREATS|TOR_PROXY|DENIAL_OF_SERVICE|NETWORK] List of IP Threat Categories to choose. The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions
|
|
491
491
|
|
|
492
492
|
#### Rule List Rules Spec Ja4 TLS Fingerprint
|
|
493
493
|
|
|
494
|
-
A [`ja4_tls_fingerprint`](#
|
|
494
|
+
A [`ja4_tls_fingerprint`](#fingerprint-dfb868) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
495
495
|
|
|
496
|
-
<a id="
|
|
496
|
+
<a id="values-1d5d4e"></a>• [`exact_values`](#values-1d5d4e) - Optional List<br>Exact Values. A list of exact JA4 TLS fingerprint to match the input JA4 TLS fingerprint against
|
|
497
497
|
|
|
498
498
|
#### Rule List Rules Spec JWT Claims
|
|
499
499
|
|
|
500
500
|
A [`jwt_claims`](#rule-list-rules-spec-jwt-claims) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
501
501
|
|
|
502
|
-
<a id="
|
|
502
|
+
<a id="present-2d6113"></a>• [`check_not_present`](#present-2d6113) - Optional Block<br>Enable this option
|
|
503
503
|
|
|
504
|
-
<a id="
|
|
504
|
+
<a id="present-4eb640"></a>• [`check_present`](#present-4eb640) - Optional Block<br>Enable this option
|
|
505
505
|
|
|
506
|
-
<a id="
|
|
506
|
+
<a id="matcher-03ed8d"></a>• [`invert_matcher`](#matcher-03ed8d) - Optional Bool<br>Invert Matcher. Invert the match result
|
|
507
507
|
|
|
508
508
|
<a id="rule-list-rules-spec-jwt-claims-item"></a>• [`item`](#rule-list-rules-spec-jwt-claims-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#rule-list-rules-spec-jwt-claims-item) below.
|
|
509
509
|
|
|
@@ -513,11 +513,11 @@ A [`jwt_claims`](#rule-list-rules-spec-jwt-claims) block (within [`rule_list.rul
|
|
|
513
513
|
|
|
514
514
|
An [`item`](#rule-list-rules-spec-jwt-claims-item) block (within [`rule_list.rules.spec.jwt_claims`](#rule-list-rules-spec-jwt-claims)) supports the following:
|
|
515
515
|
|
|
516
|
-
<a id="
|
|
516
|
+
<a id="values-5cab64"></a>• [`exact_values`](#values-5cab64) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
517
517
|
|
|
518
|
-
<a id="
|
|
518
|
+
<a id="values-abf135"></a>• [`regex_values`](#values-abf135) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
519
519
|
|
|
520
|
-
<a id="
|
|
520
|
+
<a id="transformers-365d8a"></a>• [`transformers`](#transformers-365d8a) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
521
521
|
|
|
522
522
|
#### Rule List Rules Spec Label Matcher
|
|
523
523
|
|
|
@@ -531,7 +531,7 @@ A [`mum_action`](#rule-list-rules-spec-mum-action) block (within [`rule_list.rul
|
|
|
531
531
|
|
|
532
532
|
<a id="rule-list-rules-spec-mum-action-default"></a>• [`default`](#rule-list-rules-spec-mum-action-default) - Optional Block<br>Enable this option
|
|
533
533
|
|
|
534
|
-
<a id="
|
|
534
|
+
<a id="processing-d7aff9"></a>• [`skip_processing`](#processing-d7aff9) - Optional Block<br>Enable this option
|
|
535
535
|
|
|
536
536
|
#### Rule List Rules Spec Path
|
|
537
537
|
|
|
@@ -539,7 +539,7 @@ A [`path`](#rule-list-rules-spec-path) block (within [`rule_list.rules.spec`](#r
|
|
|
539
539
|
|
|
540
540
|
<a id="rule-list-rules-spec-path-exact-values"></a>• [`exact_values`](#rule-list-rules-spec-path-exact-values) - Optional List<br>Exact Values. A list of exact path values to match the input HTTP path against
|
|
541
541
|
|
|
542
|
-
<a id="
|
|
542
|
+
<a id="matcher-895246"></a>• [`invert_matcher`](#matcher-895246) - Optional Bool<br>Invert Path Matcher. Invert the match result
|
|
543
543
|
|
|
544
544
|
<a id="rule-list-rules-spec-path-prefix-values"></a>• [`prefix_values`](#rule-list-rules-spec-path-prefix-values) - Optional List<br>Prefix Values. A list of path prefix values to match the input HTTP path against
|
|
545
545
|
|
|
@@ -553,7 +553,7 @@ A [`path`](#rule-list-rules-spec-path) block (within [`rule_list.rules.spec`](#r
|
|
|
553
553
|
|
|
554
554
|
A [`port_matcher`](#rule-list-rules-spec-port-matcher) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
555
555
|
|
|
556
|
-
<a id="
|
|
556
|
+
<a id="matcher-aee96e"></a>• [`invert_matcher`](#matcher-aee96e) - Optional Bool<br>Invert Port Matcher. Invert the match result
|
|
557
557
|
|
|
558
558
|
<a id="rule-list-rules-spec-port-matcher-ports"></a>• [`ports`](#rule-list-rules-spec-port-matcher-ports) - Optional List<br>Port Ranges. A list of strings, each of which is a single port value or a tuple of start and end port values separated by '-'. The start and end values are considered to be part of the range
|
|
559
559
|
|
|
@@ -561,11 +561,11 @@ A [`port_matcher`](#rule-list-rules-spec-port-matcher) block (within [`rule_list
|
|
|
561
561
|
|
|
562
562
|
A [`query_params`](#rule-list-rules-spec-query-params) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
563
563
|
|
|
564
|
-
<a id="
|
|
564
|
+
<a id="present-d92889"></a>• [`check_not_present`](#present-d92889) - Optional Block<br>Enable this option
|
|
565
565
|
|
|
566
|
-
<a id="
|
|
566
|
+
<a id="present-bd865e"></a>• [`check_present`](#present-bd865e) - Optional Block<br>Enable this option
|
|
567
567
|
|
|
568
|
-
<a id="
|
|
568
|
+
<a id="matcher-ea3b3a"></a>• [`invert_matcher`](#matcher-ea3b3a) - Optional Bool<br>Invert Query Parameter Matcher. Invert the match result
|
|
569
569
|
|
|
570
570
|
<a id="rule-list-rules-spec-query-params-item"></a>• [`item`](#rule-list-rules-spec-query-params-item) - Optional Block<br>Matcher. A matcher specifies multiple criteria for matching an input string. The match is considered successful if any of the criteria are satisfied. The set of supported match criteria includes a list of exact values and a list of regular expressions<br>See [Item](#rule-list-rules-spec-query-params-item) below.
|
|
571
571
|
|
|
@@ -575,189 +575,189 @@ A [`query_params`](#rule-list-rules-spec-query-params) block (within [`rule_list
|
|
|
575
575
|
|
|
576
576
|
An [`item`](#rule-list-rules-spec-query-params-item) block (within [`rule_list.rules.spec.query_params`](#rule-list-rules-spec-query-params)) supports the following:
|
|
577
577
|
|
|
578
|
-
<a id="
|
|
578
|
+
<a id="values-0c3add"></a>• [`exact_values`](#values-0c3add) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
579
579
|
|
|
580
|
-
<a id="
|
|
580
|
+
<a id="values-b50c1e"></a>• [`regex_values`](#values-b50c1e) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
581
581
|
|
|
582
|
-
<a id="
|
|
582
|
+
<a id="transformers-499060"></a>• [`transformers`](#transformers-499060) - Optional List Defaults to `TRANSFORMER_NONE`<br>Possible values are `LOWER_CASE`, `UPPER_CASE`, `BASE64_DECODE`, `NORMALIZE_PATH`, `REMOVE_WHITESPACE`, `URL_DECODE`, `TRIM_LEFT`, `TRIM_RIGHT`, `TRIM`<br>[Enum: LOWER_CASE|UPPER_CASE|BASE64_DECODE|NORMALIZE_PATH|REMOVE_WHITESPACE|URL_DECODE|TRIM_LEFT|TRIM_RIGHT|TRIM] Transformers. An ordered list of transformers (starting from index 0) to be applied to the path before matching
|
|
583
583
|
|
|
584
584
|
#### Rule List Rules Spec Request Constraints
|
|
585
585
|
|
|
586
|
-
A [`request_constraints`](#
|
|
586
|
+
A [`request_constraints`](#constraints-a447da) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
587
587
|
|
|
588
|
-
<a id="
|
|
588
|
+
<a id="exceeds-88210d"></a>• [`max_cookie_count_exceeds`](#exceeds-88210d) - Optional Number<br>Match on the Count for all Cookies that exceed this value
|
|
589
589
|
|
|
590
|
-
<a id="
|
|
590
|
+
<a id="none-3e70e3"></a>• [`max_cookie_count_none`](#none-3e70e3) - Optional Block<br>Enable this option
|
|
591
591
|
|
|
592
|
-
<a id="
|
|
592
|
+
<a id="exceeds-a151df"></a>• [`max_cookie_key_size_exceeds`](#exceeds-a151df) - Optional Number<br>Match on the Name Size per Cookie that exceed this value
|
|
593
593
|
|
|
594
|
-
<a id="
|
|
594
|
+
<a id="none-9984be"></a>• [`max_cookie_key_size_none`](#none-9984be) - Optional Block<br>Enable this option
|
|
595
595
|
|
|
596
|
-
<a id="
|
|
596
|
+
<a id="exceeds-8f6fd2"></a>• [`max_cookie_value_size_exceeds`](#exceeds-8f6fd2) - Optional Number<br>Match on the Value Size per Cookie that exceed this value
|
|
597
597
|
|
|
598
|
-
<a id="
|
|
598
|
+
<a id="none-7f78ad"></a>• [`max_cookie_value_size_none`](#none-7f78ad) - Optional Block<br>Enable this option
|
|
599
599
|
|
|
600
|
-
<a id="
|
|
600
|
+
<a id="exceeds-5dc80b"></a>• [`max_header_count_exceeds`](#exceeds-5dc80b) - Optional Number<br>Match on the Count for all Headers that exceed this value
|
|
601
601
|
|
|
602
|
-
<a id="
|
|
602
|
+
<a id="none-162eb4"></a>• [`max_header_count_none`](#none-162eb4) - Optional Block<br>Enable this option
|
|
603
603
|
|
|
604
|
-
<a id="
|
|
604
|
+
<a id="exceeds-e960c1"></a>• [`max_header_key_size_exceeds`](#exceeds-e960c1) - Optional Number<br>Match on the Name Size per Header that exceed this value
|
|
605
605
|
|
|
606
|
-
<a id="
|
|
606
|
+
<a id="none-b86486"></a>• [`max_header_key_size_none`](#none-b86486) - Optional Block<br>Enable this option
|
|
607
607
|
|
|
608
|
-
<a id="
|
|
608
|
+
<a id="exceeds-2f6bfd"></a>• [`max_header_value_size_exceeds`](#exceeds-2f6bfd) - Optional Number<br>Match on the Value Size per Header that exceed this value
|
|
609
609
|
|
|
610
|
-
<a id="
|
|
610
|
+
<a id="none-e5927d"></a>• [`max_header_value_size_none`](#none-e5927d) - Optional Block<br>Enable this option
|
|
611
611
|
|
|
612
|
-
<a id="
|
|
612
|
+
<a id="exceeds-c0dcef"></a>• [`max_parameter_count_exceeds`](#exceeds-c0dcef) - Optional Number<br>Match on the Parameter Count that exceed this value
|
|
613
613
|
|
|
614
|
-
<a id="
|
|
614
|
+
<a id="none-6a4f57"></a>• [`max_parameter_count_none`](#none-6a4f57) - Optional Block<br>Enable this option
|
|
615
615
|
|
|
616
|
-
<a id="
|
|
616
|
+
<a id="exceeds-878a8c"></a>• [`max_parameter_name_size_exceeds`](#exceeds-878a8c) - Optional Number<br>Match on the Parameter Name Size that exceed this value
|
|
617
617
|
|
|
618
|
-
<a id="
|
|
618
|
+
<a id="none-ed3f5c"></a>• [`max_parameter_name_size_none`](#none-ed3f5c) - Optional Block<br>Enable this option
|
|
619
619
|
|
|
620
|
-
<a id="
|
|
620
|
+
<a id="exceeds-2753a2"></a>• [`max_parameter_value_size_exceeds`](#exceeds-2753a2) - Optional Number<br>Match on the Parameter Value Size that exceed this value
|
|
621
621
|
|
|
622
|
-
<a id="
|
|
622
|
+
<a id="none-aa518b"></a>• [`max_parameter_value_size_none`](#none-aa518b) - Optional Block<br>Enable this option
|
|
623
623
|
|
|
624
|
-
<a id="
|
|
624
|
+
<a id="exceeds-09d792"></a>• [`max_query_size_exceeds`](#exceeds-09d792) - Optional Number<br>Match on the URL Query Size that exceed this value
|
|
625
625
|
|
|
626
|
-
<a id="
|
|
626
|
+
<a id="none-420f9c"></a>• [`max_query_size_none`](#none-420f9c) - Optional Block<br>Enable this option
|
|
627
627
|
|
|
628
|
-
<a id="
|
|
628
|
+
<a id="exceeds-e9386b"></a>• [`max_request_line_size_exceeds`](#exceeds-e9386b) - Optional Number<br>Match on the Request Line Size that exceed this value
|
|
629
629
|
|
|
630
|
-
<a id="
|
|
630
|
+
<a id="none-c1b4c5"></a>• [`max_request_line_size_none`](#none-c1b4c5) - Optional Block<br>Enable this option
|
|
631
631
|
|
|
632
|
-
<a id="
|
|
632
|
+
<a id="exceeds-c9584b"></a>• [`max_request_size_exceeds`](#exceeds-c9584b) - Optional Number<br>Match on the Request Size that exceed this value
|
|
633
633
|
|
|
634
|
-
<a id="
|
|
634
|
+
<a id="none-a7d587"></a>• [`max_request_size_none`](#none-a7d587) - Optional Block<br>Enable this option
|
|
635
635
|
|
|
636
|
-
<a id="
|
|
636
|
+
<a id="exceeds-36b3ef"></a>• [`max_url_size_exceeds`](#exceeds-36b3ef) - Optional Number<br>Match on the URL Size that exceed this value
|
|
637
637
|
|
|
638
|
-
<a id="
|
|
638
|
+
<a id="none-ce96c1"></a>• [`max_url_size_none`](#none-ce96c1) - Optional Block<br>Enable this option
|
|
639
639
|
|
|
640
640
|
#### Rule List Rules Spec Segment Policy
|
|
641
641
|
|
|
642
642
|
A [`segment_policy`](#rule-list-rules-spec-segment-policy) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
643
643
|
|
|
644
|
-
<a id="
|
|
644
|
+
<a id="any-9c58b4"></a>• [`dst_any`](#any-9c58b4) - Optional Block<br>Enable this option
|
|
645
645
|
|
|
646
|
-
<a id="
|
|
646
|
+
<a id="segments-478f34"></a>• [`dst_segments`](#segments-478f34) - Optional Block<br>Segment List. List of references to Segments<br>See [Dst Segments](#segments-478f34) below.
|
|
647
647
|
|
|
648
|
-
<a id="
|
|
648
|
+
<a id="segment-431a3a"></a>• [`intra_segment`](#segment-431a3a) - Optional Block<br>Enable this option
|
|
649
649
|
|
|
650
|
-
<a id="
|
|
650
|
+
<a id="any-f3d551"></a>• [`src_any`](#any-f3d551) - Optional Block<br>Enable this option
|
|
651
651
|
|
|
652
|
-
<a id="
|
|
652
|
+
<a id="segments-191ada"></a>• [`src_segments`](#segments-191ada) - Optional Block<br>Segment List. List of references to Segments<br>See [Src Segments](#segments-191ada) below.
|
|
653
653
|
|
|
654
654
|
#### Rule List Rules Spec Segment Policy Dst Segments
|
|
655
655
|
|
|
656
|
-
A [`dst_segments`](#
|
|
656
|
+
A [`dst_segments`](#segments-478f34) block (within [`rule_list.rules.spec.segment_policy`](#rule-list-rules-spec-segment-policy)) supports the following:
|
|
657
657
|
|
|
658
|
-
<a id="
|
|
658
|
+
<a id="segments-c03bbe"></a>• [`segments`](#segments-c03bbe) - Optional Block<br>Segments. Select list of segments<br>See [Segments](#segments-c03bbe) below.
|
|
659
659
|
|
|
660
660
|
#### Rule List Rules Spec Segment Policy Dst Segments Segments
|
|
661
661
|
|
|
662
|
-
A [`segments`](#
|
|
662
|
+
A [`segments`](#segments-c03bbe) block (within [`rule_list.rules.spec.segment_policy.dst_segments`](#segments-478f34)) supports the following:
|
|
663
663
|
|
|
664
|
-
<a id="
|
|
664
|
+
<a id="name-218ae8"></a>• [`name`](#name-218ae8) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
665
665
|
|
|
666
|
-
<a id="
|
|
666
|
+
<a id="namespace-42b54f"></a>• [`namespace`](#namespace-42b54f) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
667
667
|
|
|
668
|
-
<a id="
|
|
668
|
+
<a id="tenant-9e07d0"></a>• [`tenant`](#tenant-9e07d0) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
669
669
|
|
|
670
670
|
#### Rule List Rules Spec Segment Policy Src Segments
|
|
671
671
|
|
|
672
|
-
A [`src_segments`](#
|
|
672
|
+
A [`src_segments`](#segments-191ada) block (within [`rule_list.rules.spec.segment_policy`](#rule-list-rules-spec-segment-policy)) supports the following:
|
|
673
673
|
|
|
674
|
-
<a id="
|
|
674
|
+
<a id="segments-7a67c9"></a>• [`segments`](#segments-7a67c9) - Optional Block<br>Segments. Select list of segments<br>See [Segments](#segments-7a67c9) below.
|
|
675
675
|
|
|
676
676
|
#### Rule List Rules Spec Segment Policy Src Segments Segments
|
|
677
677
|
|
|
678
|
-
A [`segments`](#
|
|
678
|
+
A [`segments`](#segments-7a67c9) block (within [`rule_list.rules.spec.segment_policy.src_segments`](#segments-191ada)) supports the following:
|
|
679
679
|
|
|
680
|
-
<a id="
|
|
680
|
+
<a id="name-bb44ac"></a>• [`name`](#name-bb44ac) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
681
681
|
|
|
682
|
-
<a id="
|
|
682
|
+
<a id="namespace-e269e8"></a>• [`namespace`](#namespace-e269e8) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
683
683
|
|
|
684
|
-
<a id="
|
|
684
|
+
<a id="tenant-29af01"></a>• [`tenant`](#tenant-29af01) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
685
685
|
|
|
686
686
|
#### Rule List Rules Spec TLS Fingerprint Matcher
|
|
687
687
|
|
|
688
|
-
A [`tls_fingerprint_matcher`](#
|
|
688
|
+
A [`tls_fingerprint_matcher`](#matcher-95ee34) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
689
689
|
|
|
690
|
-
<a id="
|
|
690
|
+
<a id="classes-8d3695"></a>• [`classes`](#classes-8d3695) - Optional List Defaults to `TLS_FINGERPRINT_NONE`<br>Possible values are `TLS_FINGERPRINT_NONE`, `ANY_MALICIOUS_FINGERPRINT`, `ADWARE`, `ADWIND`, `DRIDEX`, `GOOTKIT`, `GOZI`, `JBIFROST`, `QUAKBOT`, `RANSOMWARE`, `TROLDESH`, `TOFSEE`, `TORRENTLOCKER`, `TRICKBOT`<br>[Enum: TLS_FINGERPRINT_NONE|ANY_MALICIOUS_FINGERPRINT|ADWARE|ADWIND|DRIDEX|GOOTKIT|GOZI|JBIFROST|QUAKBOT|RANSOMWARE|TROLDESH|TOFSEE|TORRENTLOCKER|TRICKBOT] TLS fingerprint classes. A list of known classes of TLS fingerprints to match the input TLS JA3 fingerprint against
|
|
691
691
|
|
|
692
|
-
<a id="
|
|
692
|
+
<a id="values-e523b3"></a>• [`exact_values`](#values-e523b3) - Optional List<br>Exact Values. A list of exact TLS JA3 fingerprints to match the input TLS JA3 fingerprint against
|
|
693
693
|
|
|
694
|
-
<a id="
|
|
694
|
+
<a id="values-8723e5"></a>• [`excluded_values`](#values-8723e5) - Optional List<br>Excluded Values. A list of TLS JA3 fingerprints to be excluded when matching the input TLS JA3 fingerprint. This can be used to skip known false positives when using one or more known TLS fingerprint classes in the enclosing matcher
|
|
695
695
|
|
|
696
696
|
#### Rule List Rules Spec User Identity Matcher
|
|
697
697
|
|
|
698
|
-
An [`user_identity_matcher`](#
|
|
698
|
+
An [`user_identity_matcher`](#matcher-744036) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
699
699
|
|
|
700
|
-
<a id="
|
|
700
|
+
<a id="values-b8a285"></a>• [`exact_values`](#values-b8a285) - Optional List<br>Exact Values. A list of exact values to match the input against
|
|
701
701
|
|
|
702
|
-
<a id="
|
|
702
|
+
<a id="values-f0a0b2"></a>• [`regex_values`](#values-f0a0b2) - Optional List<br>Regex Values. A list of regular expressions to match the input against
|
|
703
703
|
|
|
704
704
|
#### Rule List Rules Spec WAF Action
|
|
705
705
|
|
|
706
706
|
A [`waf_action`](#rule-list-rules-spec-waf-action) block (within [`rule_list.rules.spec`](#rule-list-rules-spec)) supports the following:
|
|
707
707
|
|
|
708
|
-
<a id="
|
|
708
|
+
<a id="control-4fbf89"></a>• [`app_firewall_detection_control`](#control-4fbf89) - Optional Block<br>App Firewall Detection Control. Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria<br>See [App Firewall Detection Control](#control-4fbf89) below.
|
|
709
709
|
|
|
710
710
|
<a id="rule-list-rules-spec-waf-action-none"></a>• [`none`](#rule-list-rules-spec-waf-action-none) - Optional Block<br>Enable this option
|
|
711
711
|
|
|
712
|
-
<a id="
|
|
712
|
+
<a id="processing-e97520"></a>• [`waf_skip_processing`](#processing-e97520) - Optional Block<br>Enable this option
|
|
713
713
|
|
|
714
714
|
#### Rule List Rules Spec WAF Action App Firewall Detection Control
|
|
715
715
|
|
|
716
|
-
An [`app_firewall_detection_control`](#
|
|
716
|
+
An [`app_firewall_detection_control`](#control-4fbf89) block (within [`rule_list.rules.spec.waf_action`](#rule-list-rules-spec-waf-action)) supports the following:
|
|
717
717
|
|
|
718
|
-
<a id="
|
|
718
|
+
<a id="contexts-37ecbb"></a>• [`exclude_attack_type_contexts`](#contexts-37ecbb) - Optional Block<br>Attack Types. Attack Types to be excluded for the defined match criteria<br>See [Exclude Attack Type Contexts](#contexts-37ecbb) below.
|
|
719
719
|
|
|
720
|
-
<a id="
|
|
720
|
+
<a id="contexts-e1b02b"></a>• [`exclude_bot_name_contexts`](#contexts-e1b02b) - Optional Block<br>Bot Names. Bot Names to be excluded for the defined match criteria<br>See [Exclude Bot Name Contexts](#contexts-e1b02b) below.
|
|
721
721
|
|
|
722
|
-
<a id="
|
|
722
|
+
<a id="contexts-2da85d"></a>• [`exclude_signature_contexts`](#contexts-2da85d) - Optional Block<br>Signature IDs. Signature IDs to be excluded for the defined match criteria<br>See [Exclude Signature Contexts](#contexts-2da85d) below.
|
|
723
723
|
|
|
724
|
-
<a id="
|
|
724
|
+
<a id="contexts-716dd3"></a>• [`exclude_violation_contexts`](#contexts-716dd3) - Optional Block<br>Violations. Violations to be excluded for the defined match criteria<br>See [Exclude Violation Contexts](#contexts-716dd3) below.
|
|
725
725
|
|
|
726
726
|
#### Rule List Rules Spec WAF Action App Firewall Detection Control Exclude Attack Type Contexts
|
|
727
727
|
|
|
728
|
-
An [`exclude_attack_type_contexts`](#
|
|
728
|
+
An [`exclude_attack_type_contexts`](#contexts-37ecbb) block (within [`rule_list.rules.spec.waf_action.app_firewall_detection_control`](#control-4fbf89)) supports the following:
|
|
729
729
|
|
|
730
|
-
<a id="
|
|
730
|
+
<a id="context-db3d53"></a>• [`context`](#context-db3d53) - Optional String Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
|
|
731
731
|
|
|
732
|
-
<a id="
|
|
732
|
+
<a id="name-dcda5a"></a>• [`context_name`](#name-dcda5a) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
|
|
733
733
|
|
|
734
|
-
<a id="
|
|
734
|
+
<a id="type-0b6341"></a>• [`exclude_attack_type`](#type-0b6341) - Optional String Defaults to `ATTACK_TYPE_NONE`<br>Possible values are `ATTACK_TYPE_NONE`, `ATTACK_TYPE_NON_BROWSER_CLIENT`, `ATTACK_TYPE_OTHER_APPLICATION_ATTACKS`, `ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE`, `ATTACK_TYPE_DETECTION_EVASION`, `ATTACK_TYPE_VULNERABILITY_SCAN`, `ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY`, `ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS`, `ATTACK_TYPE_BUFFER_OVERFLOW`, `ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION`, `ATTACK_TYPE_INFORMATION_LEAKAGE`, `ATTACK_TYPE_DIRECTORY_INDEXING`, `ATTACK_TYPE_PATH_TRAVERSAL`, `ATTACK_TYPE_XPATH_INJECTION`, `ATTACK_TYPE_LDAP_INJECTION`, `ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION`, `ATTACK_TYPE_COMMAND_EXECUTION`, `ATTACK_TYPE_SQL_INJECTION`, `ATTACK_TYPE_CROSS_SITE_SCRIPTING`, `ATTACK_TYPE_DENIAL_OF_SERVICE`, `ATTACK_TYPE_HTTP_PARSER_ATTACK`, `ATTACK_TYPE_SESSION_HIJACKING`, `ATTACK_TYPE_HTTP_RESPONSE_SPLITTING`, `ATTACK_TYPE_FORCEFUL_BROWSING`, `ATTACK_TYPE_REMOTE_FILE_INCLUDE`, `ATTACK_TYPE_MALICIOUS_FILE_UPLOAD`, `ATTACK_TYPE_GRAPHQL_PARSER_ATTACK`<br>[Enum: ATTACK_TYPE_NONE|ATTACK_TYPE_NON_BROWSER_CLIENT|ATTACK_TYPE_OTHER_APPLICATION_ATTACKS|ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE|ATTACK_TYPE_DETECTION_EVASION|ATTACK_TYPE_VULNERABILITY_SCAN|ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY|ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS|ATTACK_TYPE_BUFFER_OVERFLOW|ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION|ATTACK_TYPE_INFORMATION_LEAKAGE|ATTACK_TYPE_DIRECTORY_INDEXING|ATTACK_TYPE_PATH_TRAVERSAL|ATTACK_TYPE_XPATH_INJECTION|ATTACK_TYPE_LDAP_INJECTION|ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION|ATTACK_TYPE_COMMAND_EXECUTION|ATTACK_TYPE_SQL_INJECTION|ATTACK_TYPE_CROSS_SITE_SCRIPTING|ATTACK_TYPE_DENIAL_OF_SERVICE|ATTACK_TYPE_HTTP_PARSER_ATTACK|ATTACK_TYPE_SESSION_HIJACKING|ATTACK_TYPE_HTTP_RESPONSE_SPLITTING|ATTACK_TYPE_FORCEFUL_BROWSING|ATTACK_TYPE_REMOTE_FILE_INCLUDE|ATTACK_TYPE_MALICIOUS_FILE_UPLOAD|ATTACK_TYPE_GRAPHQL_PARSER_ATTACK] Attack Types. List of all Attack Types ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE ATTACK_TYPE_DETECTION_EVASION ATTACK_TYPE_VULNERABILITY_SCAN ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS ATTACK_TYPE_BUFFER_OVERFLOW ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION ATTACK_TYPE_INFORMATION_LEAKAGE ATTACK_TYPE_DIRECTORY_INDEXING ATTACK_TYPE_PATH_TRAVERSAL ATTACK_TYPE_XPATH_INJECTION ATTACK_TYPE_LDAP_INJECTION ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION ATTACK_TYPE_COMMAND_EXECUTION ATTACK_TYPE_SQL_INJECTION ATTACK_TYPE_CROSS_SITE_SCRIPTING ATTACK_TYPE_DENIAL_OF_SERVICE ATTACK_TYPE_HTTP_PARSER_ATTACK ATTACK_TYPE_SESSION_HIJACKING ATTACK_TYPE_HTTP_RESPONSE_SPLITTING ATTACK_TYPE_FORCEFUL_BROWSING ATTACK_TYPE_REMOTE_FILE_INCLUDE ATTACK_TYPE_MALICIOUS_FILE_UPLOAD ATTACK_TYPE_GRAPHQL_PARSER_ATTACK
|
|
735
735
|
|
|
736
736
|
#### Rule List Rules Spec WAF Action App Firewall Detection Control Exclude Bot Name Contexts
|
|
737
737
|
|
|
738
|
-
An [`exclude_bot_name_contexts`](#
|
|
738
|
+
An [`exclude_bot_name_contexts`](#contexts-e1b02b) block (within [`rule_list.rules.spec.waf_action.app_firewall_detection_control`](#control-4fbf89)) supports the following:
|
|
739
739
|
|
|
740
|
-
<a id="
|
|
740
|
+
<a id="name-b71242"></a>• [`bot_name`](#name-b71242) - Optional String<br>Bot Name
|
|
741
741
|
|
|
742
742
|
#### Rule List Rules Spec WAF Action App Firewall Detection Control Exclude Signature Contexts
|
|
743
743
|
|
|
744
|
-
An [`exclude_signature_contexts`](#
|
|
744
|
+
An [`exclude_signature_contexts`](#contexts-2da85d) block (within [`rule_list.rules.spec.waf_action.app_firewall_detection_control`](#control-4fbf89)) supports the following:
|
|
745
745
|
|
|
746
|
-
<a id="
|
|
746
|
+
<a id="context-1d6f79"></a>• [`context`](#context-1d6f79) - Optional String Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
|
|
747
747
|
|
|
748
|
-
<a id="
|
|
748
|
+
<a id="name-2c4afd"></a>• [`context_name`](#name-2c4afd) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
|
|
749
749
|
|
|
750
|
-
<a id="
|
|
750
|
+
<a id="signature-id-c5ea27"></a>• [`signature_id`](#signature-id-c5ea27) - Optional Number<br>SignatureID. The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context
|
|
751
751
|
|
|
752
752
|
#### Rule List Rules Spec WAF Action App Firewall Detection Control Exclude Violation Contexts
|
|
753
753
|
|
|
754
|
-
An [`exclude_violation_contexts`](#
|
|
754
|
+
An [`exclude_violation_contexts`](#contexts-716dd3) block (within [`rule_list.rules.spec.waf_action.app_firewall_detection_control`](#control-4fbf89)) supports the following:
|
|
755
755
|
|
|
756
|
-
<a id="
|
|
756
|
+
<a id="context-c1896e"></a>• [`context`](#context-c1896e) - Optional String Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
|
|
757
757
|
|
|
758
|
-
<a id="
|
|
758
|
+
<a id="name-4dc87b"></a>• [`context_name`](#name-4dc87b) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
|
|
759
759
|
|
|
760
|
-
<a id="
|
|
760
|
+
<a id="violation-dfe3e0"></a>• [`exclude_violation`](#violation-dfe3e0) - Optional String Defaults to `VIOL_NONE`<br>Possible values are `VIOL_NONE`, `VIOL_FILETYPE`, `VIOL_METHOD`, `VIOL_MANDATORY_HEADER`, `VIOL_HTTP_RESPONSE_STATUS`, `VIOL_REQUEST_MAX_LENGTH`, `VIOL_FILE_UPLOAD`, `VIOL_FILE_UPLOAD_IN_BODY`, `VIOL_XML_MALFORMED`, `VIOL_JSON_MALFORMED`, `VIOL_ASM_COOKIE_MODIFIED`, `VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS`, `VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE`, `VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT`, `VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST`, `VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION`, `VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS`, `VIOL_EVASION_DIRECTORY_TRAVERSALS`, `VIOL_MALFORMED_REQUEST`, `VIOL_EVASION_MULTIPLE_DECODING`, `VIOL_DATA_GUARD`, `VIOL_EVASION_APACHE_WHITESPACE`, `VIOL_COOKIE_MODIFIED`, `VIOL_EVASION_IIS_UNICODE_CODEPOINTS`, `VIOL_EVASION_IIS_BACKSLASHES`, `VIOL_EVASION_PERCENT_U_DECODING`, `VIOL_EVASION_BARE_BYTE_DECODING`, `VIOL_EVASION_BAD_UNESCAPE`, `VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST`, `VIOL_ENCODING`, `VIOL_COOKIE_MALFORMED`, `VIOL_GRAPHQL_FORMAT`, `VIOL_GRAPHQL_MALFORMED`, `VIOL_GRAPHQL_INTROSPECTION_QUERY`<br>[Enum: VIOL_NONE|VIOL_FILETYPE|VIOL_METHOD|VIOL_MANDATORY_HEADER|VIOL_HTTP_RESPONSE_STATUS|VIOL_REQUEST_MAX_LENGTH|VIOL_FILE_UPLOAD|VIOL_FILE_UPLOAD_IN_BODY|VIOL_XML_MALFORMED|VIOL_JSON_MALFORMED|VIOL_ASM_COOKIE_MODIFIED|VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS|VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE|VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT|VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST|VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION|VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS|VIOL_EVASION_DIRECTORY_TRAVERSALS|VIOL_MALFORMED_REQUEST|VIOL_EVASION_MULTIPLE_DECODING|VIOL_DATA_GUARD|VIOL_EVASION_APACHE_WHITESPACE|VIOL_COOKIE_MODIFIED|VIOL_EVASION_IIS_UNICODE_CODEPOINTS|VIOL_EVASION_IIS_BACKSLASHES|VIOL_EVASION_PERCENT_U_DECODING|VIOL_EVASION_BARE_BYTE_DECODING|VIOL_EVASION_BAD_UNESCAPE|VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST|VIOL_ENCODING|VIOL_COOKIE_MALFORMED|VIOL_GRAPHQL_FORMAT|VIOL_GRAPHQL_MALFORMED|VIOL_GRAPHQL_INTROSPECTION_QUERY] App Firewall Violation Type. List of all supported Violation Types VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH VIOL_FILE_UPLOAD VIOL_FILE_UPLOAD_IN_BODY VIOL_XML_MALFORMED VIOL_JSON_MALFORMED VIOL_ASM_COOKIE_MODIFIED VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION VIOL_HTTP_PROTOCOL_CRLF_CHARACTERS_BEFORE_REQUEST_START VIOL_HTTP_PROTOCOL_NO_HOST_HEADER_IN_HTTP_1_1_REQUEST VIOL_HTTP_PROTOCOL_BAD_MULTIPART_PARAMETERS_PARSING VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS VIOL_HTTP_PROTOCOL_CONTENT_LENGTH_SHOULD_BE_A_POSITIVE_NUMBER VIOL_EVASION_DIRECTORY_TRAVERSALS VIOL_MALFORMED_REQUEST VIOL_EVASION_MULTIPLE_DECODING VIOL_DATA_GUARD VIOL_EVASION_APACHE_WHITESPACE VIOL_COOKIE_MODIFIED VIOL_EVASION_IIS_UNICODE_CODEPOINTS VIOL_EVASION_IIS_BACKSLASHES VIOL_EVASION_PERCENT_U_DECODING VIOL_EVASION_BARE_BYTE_DECODING VIOL_EVASION_BAD_UNESCAPE VIOL_HTTP_PROTOCOL_BAD_MULTIPART_FORMDATA_REQUEST_PARSING VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST VIOL_HTTP_PROTOCOL_HIGH_ASCII_CHARACTERS_IN_HEADERS VIOL_ENCODING VIOL_COOKIE_MALFORMED VIOL_GRAPHQL_FORMAT VIOL_GRAPHQL_MALFORMED VIOL_GRAPHQL_INTROSPECTION_QUERY
|
|
761
761
|
|
|
762
762
|
#### Server Name Matcher
|
|
763
763
|
|