@robinmordasiewicz/f5xc-terraform-mcp 2.4.6 → 2.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/docs/resources/addon_subscription.md +5 -5
- package/dist/docs/resources/address_allocator.md +3 -3
- package/dist/docs/resources/advertise_policy.md +39 -39
- package/dist/docs/resources/alert_policy.md +6 -6
- package/dist/docs/resources/alert_receiver.md +57 -57
- package/dist/docs/resources/api_crawler.md +9 -9
- package/dist/docs/resources/api_testing.md +40 -40
- package/dist/docs/resources/apm.md +320 -320
- package/dist/docs/resources/app_api_group.md +10 -10
- package/dist/docs/resources/app_firewall.md +36 -36
- package/dist/docs/resources/app_setting.md +46 -46
- package/dist/docs/resources/app_type.md +3 -3
- package/dist/docs/resources/authentication.md +30 -30
- package/dist/docs/resources/aws_tgw_site.md +184 -184
- package/dist/docs/resources/aws_vpc_site.md +296 -296
- package/dist/docs/resources/azure_vnet_site.md +677 -677
- package/dist/docs/resources/bgp.md +20 -20
- package/dist/docs/resources/bgp_routing_policy.md +4 -4
- package/dist/docs/resources/cdn_cache_rule.md +68 -68
- package/dist/docs/resources/cdn_loadbalancer.md +1166 -1166
- package/dist/docs/resources/certificate.md +4 -4
- package/dist/docs/resources/child_tenant.md +2 -2
- package/dist/docs/resources/cloud_connect.md +35 -35
- package/dist/docs/resources/cloud_credentials.md +37 -37
- package/dist/docs/resources/cloud_link.md +16 -16
- package/dist/docs/resources/cluster.md +68 -68
- package/dist/docs/resources/cminstance.md +6 -6
- package/dist/docs/resources/code_base_integration.md +82 -82
- package/dist/docs/resources/container_registry.md +2 -2
- package/dist/docs/resources/data_type.md +12 -12
- package/dist/docs/resources/discovery.md +71 -71
- package/dist/docs/resources/dns_lb_health_check.md +5 -5
- package/dist/docs/resources/dns_load_balancer.md +25 -25
- package/dist/docs/resources/dns_zone.md +24 -877
- package/dist/docs/resources/endpoint.md +1 -1
- package/dist/docs/resources/enhanced_firewall_policy.md +33 -33
- package/dist/docs/resources/external_connector.md +32 -32
- package/dist/docs/resources/fast_acl.md +59 -59
- package/dist/docs/resources/fast_acl_rule.md +2 -2
- package/dist/docs/resources/filter_set.md +3 -3
- package/dist/docs/resources/fleet.md +359 -359
- package/dist/docs/resources/forward_proxy_policy.md +18 -18
- package/dist/docs/resources/gcp_vpc_site.md +280 -280
- package/dist/docs/resources/geo_location_set.md +1 -1
- package/dist/docs/resources/global_log_receiver.md +216 -216
- package/dist/docs/resources/healthcheck.md +2 -2
- package/dist/docs/resources/http_loadbalancer.md +2190 -2190
- package/dist/docs/resources/infraprotect_tunnel.md +9 -9
- package/dist/docs/resources/k8s_cluster.md +39 -39
- package/dist/docs/resources/k8s_cluster_role.md +10 -10
- package/dist/docs/resources/k8s_pod_security_policy.md +9 -9
- package/dist/docs/resources/log_receiver.md +11 -11
- package/dist/docs/resources/malicious_user_mitigation.md +4 -4
- package/dist/docs/resources/nat_policy.md +22 -22
- package/dist/docs/resources/network_connector.md +37 -37
- package/dist/docs/resources/network_firewall.md +15 -15
- package/dist/docs/resources/network_interface.md +78 -78
- package/dist/docs/resources/network_policy.md +21 -21
- package/dist/docs/resources/network_policy_view.md +7 -7
- package/dist/docs/resources/nfv_service.md +306 -306
- package/dist/docs/resources/oidc_provider.md +1 -1
- package/dist/docs/resources/origin_pool.md +151 -151
- package/dist/docs/resources/policy_based_routing.md +71 -71
- package/dist/docs/resources/protocol_inspection.md +8 -8
- package/dist/docs/resources/proxy.md +401 -401
- package/dist/docs/resources/rate_limiter_policy.md +4 -4
- package/dist/docs/resources/registration.md +1 -1
- package/dist/docs/resources/route.md +155 -155
- package/dist/docs/resources/secret_management_access.md +103 -103
- package/dist/docs/resources/secret_policy.md +7 -7
- package/dist/docs/resources/securemesh_site.md +274 -274
- package/dist/docs/resources/securemesh_site_v2.md +940 -940
- package/dist/docs/resources/sensitive_data_policy.md +3 -3
- package/dist/docs/resources/service_policy.md +154 -154
- package/dist/docs/resources/service_policy_rule.md +51 -51
- package/dist/docs/resources/subnet.md +7 -7
- package/dist/docs/resources/tcp_loadbalancer.md +138 -138
- package/dist/docs/resources/tenant_configuration.md +1 -1
- package/dist/docs/resources/ticket_tracking_system.md +2 -2
- package/dist/docs/resources/tunnel.md +16 -16
- package/dist/docs/resources/udp_loadbalancer.md +56 -56
- package/dist/docs/resources/virtual_host.md +146 -146
- package/dist/docs/resources/virtual_network.md +7 -7
- package/dist/docs/resources/voltshare_admin_policy.md +22 -22
- package/dist/docs/resources/voltstack_site.md +778 -778
- package/dist/docs/resources/waf_exclusion_policy.md +22 -22
- package/dist/docs/resources/workload.md +2226 -2226
- package/package.json +1 -1
|
@@ -323,7 +323,7 @@ An [`ip_prefix_list`](#ip-prefix-list) block supports the following:
|
|
|
323
323
|
|
|
324
324
|
An [`ip_threat_category_list`](#ip-threat-category-list) block supports the following:
|
|
325
325
|
|
|
326
|
-
<a id="
|
|
326
|
+
<a id="categories-f2b328"></a>• [`ip_threat_categories`](#categories-f2b328) - Optional List Defaults to `SPAM_SOURCES`<br>Possible values are `SPAM_SOURCES`, `WINDOWS_EXPLOITS`, `WEB_ATTACKS`, `BOTNETS`, `SCANNERS`, `REPUTATION`, `PHISHING`, `PROXY`, `MOBILE_THREATS`, `TOR_PROXY`, `DENIAL_OF_SERVICE`, `NETWORK`<br>[Enum: SPAM_SOURCES|WINDOWS_EXPLOITS|WEB_ATTACKS|BOTNETS|SCANNERS|REPUTATION|PHISHING|PROXY|MOBILE_THREATS|TOR_PROXY|DENIAL_OF_SERVICE|NETWORK] List of IP Threat Categories to choose. The IP threat categories is obtained from the list and is used to auto-generate equivalent label selection expressions
|
|
327
327
|
|
|
328
328
|
#### Ja4 TLS Fingerprint
|
|
329
329
|
|
|
@@ -421,55 +421,55 @@ An [`item`](#query-params-item) block (within [`query_params`](#query-params)) s
|
|
|
421
421
|
|
|
422
422
|
A [`request_constraints`](#request-constraints) block supports the following:
|
|
423
423
|
|
|
424
|
-
<a id="
|
|
424
|
+
<a id="exceeds-0e8746"></a>• [`max_cookie_count_exceeds`](#exceeds-0e8746) - Optional Number<br>Match on the Count for all Cookies that exceed this value
|
|
425
425
|
|
|
426
|
-
<a id="
|
|
426
|
+
<a id="none-291d57"></a>• [`max_cookie_count_none`](#none-291d57) - Optional Block<br>Enable this option
|
|
427
427
|
|
|
428
|
-
<a id="
|
|
428
|
+
<a id="exceeds-7352a4"></a>• [`max_cookie_key_size_exceeds`](#exceeds-7352a4) - Optional Number<br>Match on the Name Size per Cookie that exceed this value
|
|
429
429
|
|
|
430
|
-
<a id="
|
|
430
|
+
<a id="none-0c2b38"></a>• [`max_cookie_key_size_none`](#none-0c2b38) - Optional Block<br>Enable this option
|
|
431
431
|
|
|
432
|
-
<a id="
|
|
432
|
+
<a id="exceeds-ec487d"></a>• [`max_cookie_value_size_exceeds`](#exceeds-ec487d) - Optional Number<br>Match on the Value Size per Cookie that exceed this value
|
|
433
433
|
|
|
434
|
-
<a id="
|
|
434
|
+
<a id="none-cfea13"></a>• [`max_cookie_value_size_none`](#none-cfea13) - Optional Block<br>Enable this option
|
|
435
435
|
|
|
436
|
-
<a id="
|
|
436
|
+
<a id="exceeds-d461a1"></a>• [`max_header_count_exceeds`](#exceeds-d461a1) - Optional Number<br>Match on the Count for all Headers that exceed this value
|
|
437
437
|
|
|
438
|
-
<a id="
|
|
438
|
+
<a id="none-d12b83"></a>• [`max_header_count_none`](#none-d12b83) - Optional Block<br>Enable this option
|
|
439
439
|
|
|
440
|
-
<a id="
|
|
440
|
+
<a id="exceeds-87df1c"></a>• [`max_header_key_size_exceeds`](#exceeds-87df1c) - Optional Number<br>Match on the Name Size per Header that exceed this value
|
|
441
441
|
|
|
442
|
-
<a id="
|
|
442
|
+
<a id="none-6ea93c"></a>• [`max_header_key_size_none`](#none-6ea93c) - Optional Block<br>Enable this option
|
|
443
443
|
|
|
444
|
-
<a id="
|
|
444
|
+
<a id="exceeds-883323"></a>• [`max_header_value_size_exceeds`](#exceeds-883323) - Optional Number<br>Match on the Value Size per Header that exceed this value
|
|
445
445
|
|
|
446
|
-
<a id="
|
|
446
|
+
<a id="none-d2e74f"></a>• [`max_header_value_size_none`](#none-d2e74f) - Optional Block<br>Enable this option
|
|
447
447
|
|
|
448
|
-
<a id="
|
|
448
|
+
<a id="exceeds-480590"></a>• [`max_parameter_count_exceeds`](#exceeds-480590) - Optional Number<br>Match on the Parameter Count that exceed this value
|
|
449
449
|
|
|
450
|
-
<a id="
|
|
450
|
+
<a id="none-cea22c"></a>• [`max_parameter_count_none`](#none-cea22c) - Optional Block<br>Enable this option
|
|
451
451
|
|
|
452
|
-
<a id="
|
|
452
|
+
<a id="exceeds-c96298"></a>• [`max_parameter_name_size_exceeds`](#exceeds-c96298) - Optional Number<br>Match on the Parameter Name Size that exceed this value
|
|
453
453
|
|
|
454
|
-
<a id="
|
|
454
|
+
<a id="none-b2e47d"></a>• [`max_parameter_name_size_none`](#none-b2e47d) - Optional Block<br>Enable this option
|
|
455
455
|
|
|
456
|
-
<a id="
|
|
456
|
+
<a id="exceeds-c345d4"></a>• [`max_parameter_value_size_exceeds`](#exceeds-c345d4) - Optional Number<br>Match on the Parameter Value Size that exceed this value
|
|
457
457
|
|
|
458
|
-
<a id="
|
|
458
|
+
<a id="none-bd1b4b"></a>• [`max_parameter_value_size_none`](#none-bd1b4b) - Optional Block<br>Enable this option
|
|
459
459
|
|
|
460
|
-
<a id="
|
|
460
|
+
<a id="exceeds-a9b09b"></a>• [`max_query_size_exceeds`](#exceeds-a9b09b) - Optional Number<br>Match on the URL Query Size that exceed this value
|
|
461
461
|
|
|
462
462
|
<a id="request-constraints-max-query-size-none"></a>• [`max_query_size_none`](#request-constraints-max-query-size-none) - Optional Block<br>Enable this option
|
|
463
463
|
|
|
464
|
-
<a id="
|
|
464
|
+
<a id="exceeds-80bd97"></a>• [`max_request_line_size_exceeds`](#exceeds-80bd97) - Optional Number<br>Match on the Request Line Size that exceed this value
|
|
465
465
|
|
|
466
|
-
<a id="
|
|
466
|
+
<a id="none-76b27d"></a>• [`max_request_line_size_none`](#none-76b27d) - Optional Block<br>Enable this option
|
|
467
467
|
|
|
468
|
-
<a id="
|
|
468
|
+
<a id="exceeds-2156ce"></a>• [`max_request_size_exceeds`](#exceeds-2156ce) - Optional Number<br>Match on the Request Size that exceed this value
|
|
469
469
|
|
|
470
|
-
<a id="
|
|
470
|
+
<a id="none-250223"></a>• [`max_request_size_none`](#none-250223) - Optional Block<br>Enable this option
|
|
471
471
|
|
|
472
|
-
<a id="
|
|
472
|
+
<a id="exceeds-4ce081"></a>• [`max_url_size_exceeds`](#exceeds-4ce081) - Optional Number<br>Match on the URL Size that exceed this value
|
|
473
473
|
|
|
474
474
|
<a id="request-constraints-max-url-size-none"></a>• [`max_url_size_none`](#request-constraints-max-url-size-none) - Optional Block<br>Enable this option
|
|
475
475
|
|
|
@@ -497,11 +497,11 @@ A [`dst_segments`](#segment-policy-dst-segments) block (within [`segment_policy`
|
|
|
497
497
|
|
|
498
498
|
A [`segments`](#segment-policy-dst-segments-segments) block (within [`segment_policy.dst_segments`](#segment-policy-dst-segments)) supports the following:
|
|
499
499
|
|
|
500
|
-
<a id="
|
|
500
|
+
<a id="name-f84b81"></a>• [`name`](#name-f84b81) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
501
501
|
|
|
502
|
-
<a id="
|
|
502
|
+
<a id="namespace-6bd8a4"></a>• [`namespace`](#namespace-6bd8a4) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
503
503
|
|
|
504
|
-
<a id="
|
|
504
|
+
<a id="tenant-0605a6"></a>• [`tenant`](#tenant-0605a6) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
505
505
|
|
|
506
506
|
#### Segment Policy Src Segments
|
|
507
507
|
|
|
@@ -513,11 +513,11 @@ A [`src_segments`](#segment-policy-src-segments) block (within [`segment_policy`
|
|
|
513
513
|
|
|
514
514
|
A [`segments`](#segment-policy-src-segments-segments) block (within [`segment_policy.src_segments`](#segment-policy-src-segments)) supports the following:
|
|
515
515
|
|
|
516
|
-
<a id="
|
|
516
|
+
<a id="name-cd8043"></a>• [`name`](#name-cd8043) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
517
517
|
|
|
518
|
-
<a id="
|
|
518
|
+
<a id="namespace-692ca8"></a>• [`namespace`](#namespace-692ca8) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
519
519
|
|
|
520
|
-
<a id="
|
|
520
|
+
<a id="tenant-b9608a"></a>• [`tenant`](#tenant-b9608a) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
521
521
|
|
|
522
522
|
#### Timeouts
|
|
523
523
|
|
|
@@ -545,7 +545,7 @@ A [`tls_fingerprint_matcher`](#tls-fingerprint-matcher) block supports the follo
|
|
|
545
545
|
|
|
546
546
|
A [`waf_action`](#waf-action) block supports the following:
|
|
547
547
|
|
|
548
|
-
<a id="
|
|
548
|
+
<a id="control-b9f62f"></a>• [`app_firewall_detection_control`](#control-b9f62f) - Optional Block<br>App Firewall Detection Control. Define the list of Signature IDs, Violations, Attack Types and Bot Names that should be excluded from triggering on the defined match criteria<br>See [App Firewall Detection Control](#control-b9f62f) below.
|
|
549
549
|
|
|
550
550
|
<a id="waf-action-none"></a>• [`none`](#waf-action-none) - Optional Block<br>Enable this option
|
|
551
551
|
|
|
@@ -553,51 +553,51 @@ A [`waf_action`](#waf-action) block supports the following:
|
|
|
553
553
|
|
|
554
554
|
#### WAF Action App Firewall Detection Control
|
|
555
555
|
|
|
556
|
-
An [`app_firewall_detection_control`](#
|
|
556
|
+
An [`app_firewall_detection_control`](#control-b9f62f) block (within [`waf_action`](#waf-action)) supports the following:
|
|
557
557
|
|
|
558
|
-
<a id="
|
|
558
|
+
<a id="contexts-69b36c"></a>• [`exclude_attack_type_contexts`](#contexts-69b36c) - Optional Block<br>Attack Types. Attack Types to be excluded for the defined match criteria<br>See [Exclude Attack Type Contexts](#contexts-69b36c) below.
|
|
559
559
|
|
|
560
|
-
<a id="
|
|
560
|
+
<a id="contexts-08d37e"></a>• [`exclude_bot_name_contexts`](#contexts-08d37e) - Optional Block<br>Bot Names. Bot Names to be excluded for the defined match criteria<br>See [Exclude Bot Name Contexts](#contexts-08d37e) below.
|
|
561
561
|
|
|
562
|
-
<a id="
|
|
562
|
+
<a id="contexts-6b7dbc"></a>• [`exclude_signature_contexts`](#contexts-6b7dbc) - Optional Block<br>Signature IDs. Signature IDs to be excluded for the defined match criteria<br>See [Exclude Signature Contexts](#contexts-6b7dbc) below.
|
|
563
563
|
|
|
564
|
-
<a id="
|
|
564
|
+
<a id="contexts-af5804"></a>• [`exclude_violation_contexts`](#contexts-af5804) - Optional Block<br>Violations. Violations to be excluded for the defined match criteria<br>See [Exclude Violation Contexts](#contexts-af5804) below.
|
|
565
565
|
|
|
566
566
|
#### WAF Action App Firewall Detection Control Exclude Attack Type Contexts
|
|
567
567
|
|
|
568
|
-
An [`exclude_attack_type_contexts`](#
|
|
568
|
+
An [`exclude_attack_type_contexts`](#contexts-69b36c) block (within [`waf_action.app_firewall_detection_control`](#control-b9f62f)) supports the following:
|
|
569
569
|
|
|
570
|
-
<a id="
|
|
570
|
+
<a id="context-ede23d"></a>• [`context`](#context-ede23d) - Optional String Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
|
|
571
571
|
|
|
572
|
-
<a id="
|
|
572
|
+
<a id="name-08fd7c"></a>• [`context_name`](#name-08fd7c) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
|
|
573
573
|
|
|
574
|
-
<a id="
|
|
574
|
+
<a id="type-e46d7c"></a>• [`exclude_attack_type`](#type-e46d7c) - Optional String Defaults to `ATTACK_TYPE_NONE`<br>Possible values are `ATTACK_TYPE_NONE`, `ATTACK_TYPE_NON_BROWSER_CLIENT`, `ATTACK_TYPE_OTHER_APPLICATION_ATTACKS`, `ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE`, `ATTACK_TYPE_DETECTION_EVASION`, `ATTACK_TYPE_VULNERABILITY_SCAN`, `ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY`, `ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS`, `ATTACK_TYPE_BUFFER_OVERFLOW`, `ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION`, `ATTACK_TYPE_INFORMATION_LEAKAGE`, `ATTACK_TYPE_DIRECTORY_INDEXING`, `ATTACK_TYPE_PATH_TRAVERSAL`, `ATTACK_TYPE_XPATH_INJECTION`, `ATTACK_TYPE_LDAP_INJECTION`, `ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION`, `ATTACK_TYPE_COMMAND_EXECUTION`, `ATTACK_TYPE_SQL_INJECTION`, `ATTACK_TYPE_CROSS_SITE_SCRIPTING`, `ATTACK_TYPE_DENIAL_OF_SERVICE`, `ATTACK_TYPE_HTTP_PARSER_ATTACK`, `ATTACK_TYPE_SESSION_HIJACKING`, `ATTACK_TYPE_HTTP_RESPONSE_SPLITTING`, `ATTACK_TYPE_FORCEFUL_BROWSING`, `ATTACK_TYPE_REMOTE_FILE_INCLUDE`, `ATTACK_TYPE_MALICIOUS_FILE_UPLOAD`, `ATTACK_TYPE_GRAPHQL_PARSER_ATTACK`<br>[Enum: ATTACK_TYPE_NONE|ATTACK_TYPE_NON_BROWSER_CLIENT|ATTACK_TYPE_OTHER_APPLICATION_ATTACKS|ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE|ATTACK_TYPE_DETECTION_EVASION|ATTACK_TYPE_VULNERABILITY_SCAN|ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY|ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS|ATTACK_TYPE_BUFFER_OVERFLOW|ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION|ATTACK_TYPE_INFORMATION_LEAKAGE|ATTACK_TYPE_DIRECTORY_INDEXING|ATTACK_TYPE_PATH_TRAVERSAL|ATTACK_TYPE_XPATH_INJECTION|ATTACK_TYPE_LDAP_INJECTION|ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION|ATTACK_TYPE_COMMAND_EXECUTION|ATTACK_TYPE_SQL_INJECTION|ATTACK_TYPE_CROSS_SITE_SCRIPTING|ATTACK_TYPE_DENIAL_OF_SERVICE|ATTACK_TYPE_HTTP_PARSER_ATTACK|ATTACK_TYPE_SESSION_HIJACKING|ATTACK_TYPE_HTTP_RESPONSE_SPLITTING|ATTACK_TYPE_FORCEFUL_BROWSING|ATTACK_TYPE_REMOTE_FILE_INCLUDE|ATTACK_TYPE_MALICIOUS_FILE_UPLOAD|ATTACK_TYPE_GRAPHQL_PARSER_ATTACK] Attack Types. List of all Attack Types ATTACK_TYPE_NONE ATTACK_TYPE_NON_BROWSER_CLIENT ATTACK_TYPE_OTHER_APPLICATION_ATTACKS ATTACK_TYPE_TROJAN_BACKDOOR_SPYWARE ATTACK_TYPE_DETECTION_EVASION ATTACK_TYPE_VULNERABILITY_SCAN ATTACK_TYPE_ABUSE_OF_FUNCTIONALITY ATTACK_TYPE_AUTHENTICATION_AUTHORIZATION_ATTACKS ATTACK_TYPE_BUFFER_OVERFLOW ATTACK_TYPE_PREDICTABLE_RESOURCE_LOCATION ATTACK_TYPE_INFORMATION_LEAKAGE ATTACK_TYPE_DIRECTORY_INDEXING ATTACK_TYPE_PATH_TRAVERSAL ATTACK_TYPE_XPATH_INJECTION ATTACK_TYPE_LDAP_INJECTION ATTACK_TYPE_SERVER_SIDE_CODE_INJECTION ATTACK_TYPE_COMMAND_EXECUTION ATTACK_TYPE_SQL_INJECTION ATTACK_TYPE_CROSS_SITE_SCRIPTING ATTACK_TYPE_DENIAL_OF_SERVICE ATTACK_TYPE_HTTP_PARSER_ATTACK ATTACK_TYPE_SESSION_HIJACKING ATTACK_TYPE_HTTP_RESPONSE_SPLITTING ATTACK_TYPE_FORCEFUL_BROWSING ATTACK_TYPE_REMOTE_FILE_INCLUDE ATTACK_TYPE_MALICIOUS_FILE_UPLOAD ATTACK_TYPE_GRAPHQL_PARSER_ATTACK
|
|
575
575
|
|
|
576
576
|
#### WAF Action App Firewall Detection Control Exclude Bot Name Contexts
|
|
577
577
|
|
|
578
|
-
An [`exclude_bot_name_contexts`](#
|
|
578
|
+
An [`exclude_bot_name_contexts`](#contexts-08d37e) block (within [`waf_action.app_firewall_detection_control`](#control-b9f62f)) supports the following:
|
|
579
579
|
|
|
580
|
-
<a id="
|
|
580
|
+
<a id="name-bc958c"></a>• [`bot_name`](#name-bc958c) - Optional String<br>Bot Name
|
|
581
581
|
|
|
582
582
|
#### WAF Action App Firewall Detection Control Exclude Signature Contexts
|
|
583
583
|
|
|
584
|
-
An [`exclude_signature_contexts`](#
|
|
584
|
+
An [`exclude_signature_contexts`](#contexts-6b7dbc) block (within [`waf_action.app_firewall_detection_control`](#control-b9f62f)) supports the following:
|
|
585
585
|
|
|
586
|
-
<a id="
|
|
586
|
+
<a id="context-c90302"></a>• [`context`](#context-c90302) - Optional String Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
|
|
587
587
|
|
|
588
|
-
<a id="
|
|
588
|
+
<a id="name-d69ea8"></a>• [`context_name`](#name-d69ea8) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
|
|
589
589
|
|
|
590
|
-
<a id="
|
|
590
|
+
<a id="signature-id-275087"></a>• [`signature_id`](#signature-id-275087) - Optional Number<br>SignatureID. The allowed values for signature ID are 0 and in the range of 200000001-299999999. 0 implies that all signatures will be excluded for the specified context
|
|
591
591
|
|
|
592
592
|
#### WAF Action App Firewall Detection Control Exclude Violation Contexts
|
|
593
593
|
|
|
594
|
-
An [`exclude_violation_contexts`](#
|
|
594
|
+
An [`exclude_violation_contexts`](#contexts-af5804) block (within [`waf_action.app_firewall_detection_control`](#control-b9f62f)) supports the following:
|
|
595
595
|
|
|
596
|
-
<a id="
|
|
596
|
+
<a id="context-ffaa91"></a>• [`context`](#context-ffaa91) - Optional String Defaults to `CONTEXT_ANY`<br>Possible values are `CONTEXT_ANY`, `CONTEXT_BODY`, `CONTEXT_REQUEST`, `CONTEXT_RESPONSE`, `CONTEXT_PARAMETER`, `CONTEXT_HEADER`, `CONTEXT_COOKIE`, `CONTEXT_URL`, `CONTEXT_URI`<br>[Enum: CONTEXT_ANY|CONTEXT_BODY|CONTEXT_REQUEST|CONTEXT_RESPONSE|CONTEXT_PARAMETER|CONTEXT_HEADER|CONTEXT_COOKIE|CONTEXT_URL|CONTEXT_URI] WAF Exclusion Context Options. The available contexts for Exclusion rules. - CONTEXT_ANY: CONTEXT_ANY Detection will be excluded for all contexts. - CONTEXT_BODY: CONTEXT_BODY Detection will be excluded for the request body. - CONTEXT_REQUEST: CONTEXT_REQUEST Detection will be excluded for the request. - CONTEXT_RESPONSE: CONTEXT_RESPONSE - CONTEXT_PARAMETER: CONTEXT_PARAMETER Detection will be excluded for the parameters. The parameter name is required in the Context name field. If the field is left empty, the detection will be excluded for all parameters. - CONTEXT_HEADER: CONTEXT_HEADER Detection will be excluded for the headers. The header name is required in the Context name field. If the field is left empty, the detection will be excluded for all headers. - CONTEXT_COOKIE: CONTEXT_COOKIE Detection will be excluded for the cookies. The cookie name is required in the Context name field. If the field is left empty, the detection will be excluded for all cookies. - CONTEXT_URL: CONTEXT_URL Detection will be excluded for the request URL. - CONTEXT_URI: CONTEXT_URI
|
|
597
597
|
|
|
598
|
-
<a id="
|
|
598
|
+
<a id="name-823a68"></a>• [`context_name`](#name-823a68) - Optional String<br>Context Name. Relevant only for contexts: Header, Cookie and Parameter. Name of the Context that the WAF Exclusion Rules will check. Wildcard matching can be used by prefixing or suffixing the context name with an wildcard asterisk (*)
|
|
599
599
|
|
|
600
|
-
<a id="
|
|
600
|
+
<a id="violation-835cfd"></a>• [`exclude_violation`](#violation-835cfd) - Optional String Defaults to `VIOL_NONE`<br>Possible values are `VIOL_NONE`, `VIOL_FILETYPE`, `VIOL_METHOD`, `VIOL_MANDATORY_HEADER`, `VIOL_HTTP_RESPONSE_STATUS`, `VIOL_REQUEST_MAX_LENGTH`, `VIOL_FILE_UPLOAD`, `VIOL_FILE_UPLOAD_IN_BODY`, `VIOL_XML_MALFORMED`, `VIOL_JSON_MALFORMED`, `VIOL_ASM_COOKIE_MODIFIED`, `VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS`, `VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE`, `VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT`, `VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST`, `VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION`, `VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS`, `VIOL_EVASION_DIRECTORY_TRAVERSALS`, `VIOL_MALFORMED_REQUEST`, `VIOL_EVASION_MULTIPLE_DECODING`, `VIOL_DATA_GUARD`, `VIOL_EVASION_APACHE_WHITESPACE`, `VIOL_COOKIE_MODIFIED`, `VIOL_EVASION_IIS_UNICODE_CODEPOINTS`, `VIOL_EVASION_IIS_BACKSLASHES`, `VIOL_EVASION_PERCENT_U_DECODING`, `VIOL_EVASION_BARE_BYTE_DECODING`, `VIOL_EVASION_BAD_UNESCAPE`, `VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST`, `VIOL_ENCODING`, `VIOL_COOKIE_MALFORMED`, `VIOL_GRAPHQL_FORMAT`, `VIOL_GRAPHQL_MALFORMED`, `VIOL_GRAPHQL_INTROSPECTION_QUERY`<br>[Enum: VIOL_NONE|VIOL_FILETYPE|VIOL_METHOD|VIOL_MANDATORY_HEADER|VIOL_HTTP_RESPONSE_STATUS|VIOL_REQUEST_MAX_LENGTH|VIOL_FILE_UPLOAD|VIOL_FILE_UPLOAD_IN_BODY|VIOL_XML_MALFORMED|VIOL_JSON_MALFORMED|VIOL_ASM_COOKIE_MODIFIED|VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS|VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE|VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT|VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST|VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION|VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS|VIOL_EVASION_DIRECTORY_TRAVERSALS|VIOL_MALFORMED_REQUEST|VIOL_EVASION_MULTIPLE_DECODING|VIOL_DATA_GUARD|VIOL_EVASION_APACHE_WHITESPACE|VIOL_COOKIE_MODIFIED|VIOL_EVASION_IIS_UNICODE_CODEPOINTS|VIOL_EVASION_IIS_BACKSLASHES|VIOL_EVASION_PERCENT_U_DECODING|VIOL_EVASION_BARE_BYTE_DECODING|VIOL_EVASION_BAD_UNESCAPE|VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST|VIOL_ENCODING|VIOL_COOKIE_MALFORMED|VIOL_GRAPHQL_FORMAT|VIOL_GRAPHQL_MALFORMED|VIOL_GRAPHQL_INTROSPECTION_QUERY] App Firewall Violation Type. List of all supported Violation Types VIOL_NONE VIOL_FILETYPE VIOL_METHOD VIOL_MANDATORY_HEADER VIOL_HTTP_RESPONSE_STATUS VIOL_REQUEST_MAX_LENGTH VIOL_FILE_UPLOAD VIOL_FILE_UPLOAD_IN_BODY VIOL_XML_MALFORMED VIOL_JSON_MALFORMED VIOL_ASM_COOKIE_MODIFIED VIOL_HTTP_PROTOCOL_MULTIPLE_HOST_HEADERS VIOL_HTTP_PROTOCOL_BAD_HOST_HEADER_VALUE VIOL_HTTP_PROTOCOL_UNPARSABLE_REQUEST_CONTENT VIOL_HTTP_PROTOCOL_NULL_IN_REQUEST VIOL_HTTP_PROTOCOL_BAD_HTTP_VERSION VIOL_HTTP_PROTOCOL_CRLF_CHARACTERS_BEFORE_REQUEST_START VIOL_HTTP_PROTOCOL_NO_HOST_HEADER_IN_HTTP_1_1_REQUEST VIOL_HTTP_PROTOCOL_BAD_MULTIPART_PARAMETERS_PARSING VIOL_HTTP_PROTOCOL_SEVERAL_CONTENT_LENGTH_HEADERS VIOL_HTTP_PROTOCOL_CONTENT_LENGTH_SHOULD_BE_A_POSITIVE_NUMBER VIOL_EVASION_DIRECTORY_TRAVERSALS VIOL_MALFORMED_REQUEST VIOL_EVASION_MULTIPLE_DECODING VIOL_DATA_GUARD VIOL_EVASION_APACHE_WHITESPACE VIOL_COOKIE_MODIFIED VIOL_EVASION_IIS_UNICODE_CODEPOINTS VIOL_EVASION_IIS_BACKSLASHES VIOL_EVASION_PERCENT_U_DECODING VIOL_EVASION_BARE_BYTE_DECODING VIOL_EVASION_BAD_UNESCAPE VIOL_HTTP_PROTOCOL_BAD_MULTIPART_FORMDATA_REQUEST_PARSING VIOL_HTTP_PROTOCOL_BODY_IN_GET_OR_HEAD_REQUEST VIOL_HTTP_PROTOCOL_HIGH_ASCII_CHARACTERS_IN_HEADERS VIOL_ENCODING VIOL_COOKIE_MALFORMED VIOL_GRAPHQL_FORMAT VIOL_GRAPHQL_MALFORMED VIOL_GRAPHQL_INTROSPECTION_QUERY
|
|
601
601
|
|
|
602
602
|
## Import
|
|
603
603
|
|
|
@@ -95,9 +95,9 @@ A [`layer2_intf_ref`](#connect-to-layer2-layer2-intf-ref) block (within [`connec
|
|
|
95
95
|
|
|
96
96
|
<a id="connect-to-layer2-layer2-intf-ref-name"></a>• [`name`](#connect-to-layer2-layer2-intf-ref-name) - Optional String<br>Name. When a configuration object(e.g. virtual_host) refers to another(e.g route) then name will hold the referred object's(e.g. route's) name
|
|
97
97
|
|
|
98
|
-
<a id="
|
|
98
|
+
<a id="namespace-afda4a"></a>• [`namespace`](#namespace-afda4a) - Optional String<br>Namespace. When a configuration object(e.g. virtual_host) refers to another(e.g route) then namespace will hold the referred object's(e.g. route's) namespace
|
|
99
99
|
|
|
100
|
-
<a id="
|
|
100
|
+
<a id="tenant-0fab0d"></a>• [`tenant`](#tenant-0fab0d) - Optional String<br>Tenant. When a configuration object(e.g. virtual_host) refers to another(e.g route) then tenant will hold the referred object's(e.g. route's) tenant
|
|
101
101
|
|
|
102
102
|
#### Site Subnet Params
|
|
103
103
|
|
|
@@ -109,7 +109,7 @@ A [`site_subnet_params`](#site-subnet-params) block supports the following:
|
|
|
109
109
|
|
|
110
110
|
<a id="site-subnet-params-static-ip"></a>• [`static_ip`](#site-subnet-params-static-ip) - Optional Block<br>Enable this option
|
|
111
111
|
|
|
112
|
-
<a id="
|
|
112
|
+
<a id="params-2a5102"></a>• [`subnet_dhcp_server_params`](#params-2a5102) - Optional Block<br>Subnet DHCP parameters. Subnet DHCP parameters will be a subset of network_interface.DHCPServerParametersType as all features in network_interface.DHCPServerParametersType may not be supported in a subnet<br>See [Subnet DHCP Server Params](#params-2a5102) below.
|
|
113
113
|
|
|
114
114
|
#### Site Subnet Params Site
|
|
115
115
|
|
|
@@ -123,15 +123,15 @@ A [`site`](#site-subnet-params-site) block (within [`site_subnet_params`](#site-
|
|
|
123
123
|
|
|
124
124
|
#### Site Subnet Params Subnet DHCP Server Params
|
|
125
125
|
|
|
126
|
-
A [`subnet_dhcp_server_params`](#
|
|
126
|
+
A [`subnet_dhcp_server_params`](#params-2a5102) block (within [`site_subnet_params`](#site-subnet-params)) supports the following:
|
|
127
127
|
|
|
128
|
-
<a id="
|
|
128
|
+
<a id="networks-b234bf"></a>• [`dhcp_networks`](#networks-b234bf) - Optional Block<br>Subnet DHCP Networks. List of networks from which DHCP server can allocate IP addresses<br>See [DHCP Networks](#networks-b234bf) below.
|
|
129
129
|
|
|
130
130
|
#### Site Subnet Params Subnet DHCP Server Params DHCP Networks
|
|
131
131
|
|
|
132
|
-
A [`dhcp_networks`](#
|
|
132
|
+
A [`dhcp_networks`](#networks-b234bf) block (within [`site_subnet_params.subnet_dhcp_server_params`](#params-2a5102)) supports the following:
|
|
133
133
|
|
|
134
|
-
<a id="
|
|
134
|
+
<a id="prefix-1fa00d"></a>• [`network_prefix`](#prefix-1fa00d) - Optional String<br>Network Prefix. Network prefix for subnet
|
|
135
135
|
|
|
136
136
|
#### Timeouts
|
|
137
137
|
|