Waf
data class WafRuleArgs(val action: Output<String>? = null, val ccStatus: Output<String>? = null, val cnRegionList: Output<String>? = null, val conditions: Output<List<WafRuleConditionArgs>>? = null, val effect: Output<String>? = null, val otherRegionList: Output<String>? = null, val policyId: Output<String>? = null, val rateLimit: Output<WafRuleRateLimitArgs>? = null, val regularRules: Output<List<String>>? = null, val regularTypes: Output<List<String>>? = null, val remoteAddrs: Output<List<String>>? = null, val ruleName: Output<String>? = null, val scenes: Output<List<String>>? = null, val status: Output<String>? = null, val wafGroupIds: Output<String>? = null) : ConvertibleToJava<WafRuleArgs>
Provides a Dcdn Waf Rule resource. For information about Dcdn Waf Rule and how to use it, see What is Waf Rule.
NOTE: Available since v1.201.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as random from "@pulumi/random";
const config = new pulumi.Config();
const name = config.get("name") || "tf_example";
const _default = new random.index.Integer("default", {
min: 10000,
max: 99999,
});
const example = new alicloud.dcdn.WafPolicy("example", {
defenseScene: "waf_group",
policyName: `${name}_${_default.result}`,
policyType: "custom",
status: "on",
});
const exampleWafRule = new alicloud.dcdn.WafRule("example", {
policyId: example.id,
ruleName: name,
conditions: [
{
key: "URI",
opValue: "ne",
values: "/login.php",
},
{
key: "Header",
subKey: "a",
opValue: "eq",
values: "b",
},
],
status: "on",
action: "monitor",
rateLimit: {
target: "IP",
interval: 5,
threshold: 5,
ttl: 1800,
status: {
code: "200",
ratio: 60,
},
},
});Content copied to clipboard
import pulumi
import pulumi_alicloud as alicloud
import pulumi_random as random
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "tf_example"
default = random.index.Integer("default",
min=10000,
max=99999)
example = alicloud.dcdn.WafPolicy("example",
defense_scene="waf_group",
policy_name=f"{name}_{default['result']}",
policy_type="custom",
status="on")
example_waf_rule = alicloud.dcdn.WafRule("example",
policy_id=example.id,
rule_name=name,
conditions=[
{
"key": "URI",
"op_value": "ne",
"values": "/login.php",
},
{
"key": "Header",
"sub_key": "a",
"op_value": "eq",
"values": "b",
},
],
status="on",
action="monitor",
rate_limit={
"target": "IP",
"interval": 5,
"threshold": 5,
"ttl": 1800,
"status": {
"code": "200",
"ratio": 60,
},
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "tf_example";
var @default = new Random.Index.Integer("default", new()
{
Min = 10000,
Max = 99999,
});
var example = new AliCloud.Dcdn.WafPolicy("example", new()
{
DefenseScene = "waf_group",
PolicyName = $"{name}_{@default.Result}",
PolicyType = "custom",
Status = "on",
});
var exampleWafRule = new AliCloud.Dcdn.WafRule("example", new()
{
PolicyId = example.Id,
RuleName = name,
Conditions = new[]
{
new AliCloud.Dcdn.Inputs.WafRuleConditionArgs
{
Key = "URI",
OpValue = "ne",
Values = "/login.php",
},
new AliCloud.Dcdn.Inputs.WafRuleConditionArgs
{
Key = "Header",
SubKey = "a",
OpValue = "eq",
Values = "b",
},
},
Status = "on",
Action = "monitor",
RateLimit = new AliCloud.Dcdn.Inputs.WafRuleRateLimitArgs
{
Target = "IP",
Interval = 5,
Threshold = 5,
Ttl = 1800,
Status = new AliCloud.Dcdn.Inputs.WafRuleRateLimitStatusArgs
{
Code = "200",
Ratio = 60,
},
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/dcdn"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "tf_example"
if param := cfg.Get("name"); param != "" {
name = param
}
_default, err := random.NewInteger(ctx, "default", &random.IntegerArgs{
Min: 10000,
Max: 99999,
})
if err != nil {
return err
}
example, err := dcdn.NewWafPolicy(ctx, "example", &dcdn.WafPolicyArgs{
DefenseScene: pulumi.String("waf_group"),
PolicyName: pulumi.Sprintf("%v_%v", name, _default.Result),
PolicyType: pulumi.String("custom"),
Status: pulumi.String("on"),
})
if err != nil {
return err
}
_, err = dcdn.NewWafRule(ctx, "example", &dcdn.WafRuleArgs{
PolicyId: example.ID(),
RuleName: pulumi.String(name),
Conditions: dcdn.WafRuleConditionArray{
&dcdn.WafRuleConditionArgs{
Key: pulumi.String("URI"),
OpValue: pulumi.String("ne"),
Values: pulumi.String("/login.php"),
},
&dcdn.WafRuleConditionArgs{
Key: pulumi.String("Header"),
SubKey: pulumi.String("a"),
OpValue: pulumi.String("eq"),
Values: pulumi.String("b"),
},
},
Status: pulumi.String("on"),
Action: pulumi.String("monitor"),
RateLimit: &dcdn.WafRuleRateLimitArgs{
Target: pulumi.String("IP"),
Interval: pulumi.Int(5),
Threshold: pulumi.Int(5),
Ttl: pulumi.Int(1800),
Status: &dcdn.WafRuleRateLimitStatusArgs{
Code: pulumi.String("200"),
Ratio: pulumi.Int(60),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.integer;
import com.pulumi.random.integerArgs;
import com.pulumi.alicloud.dcdn.WafPolicy;
import com.pulumi.alicloud.dcdn.WafPolicyArgs;
import com.pulumi.alicloud.dcdn.WafRule;
import com.pulumi.alicloud.dcdn.WafRuleArgs;
import com.pulumi.alicloud.dcdn.inputs.WafRuleConditionArgs;
import com.pulumi.alicloud.dcdn.inputs.WafRuleRateLimitArgs;
import com.pulumi.alicloud.dcdn.inputs.WafRuleRateLimitStatusArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tf_example");
var default_ = new Integer("default", IntegerArgs.builder()
.min(10000)
.max(99999)
.build());
var example = new WafPolicy("example", WafPolicyArgs.builder()
.defenseScene("waf_group")
.policyName(String.format("%s_%s", name,default_.result()))
.policyType("custom")
.status("on")
.build());
var exampleWafRule = new WafRule("exampleWafRule", WafRuleArgs.builder()
.policyId(example.id())
.ruleName(name)
.conditions(
WafRuleConditionArgs.builder()
.key("URI")
.opValue("ne")
.values("/login.php")
.build(),
WafRuleConditionArgs.builder()
.key("Header")
.subKey("a")
.opValue("eq")
.values("b")
.build())
.status("on")
.action("monitor")
.rateLimit(WafRuleRateLimitArgs.builder()
.target("IP")
.interval(5)
.threshold(5)
.ttl(1800)
.status(WafRuleRateLimitStatusArgs.builder()
.code("200")
.ratio(60)
.build())
.build())
.build());
}
}Content copied to clipboard
configuration:
name:
type: string
default: tf_example
resources:
default:
type: random:integer
properties:
min: 10000
max: 99999
example:
type: alicloud:dcdn:WafPolicy
properties:
defenseScene: waf_group
policyName: ${name}_${default.result}
policyType: custom
status: on
exampleWafRule:
type: alicloud:dcdn:WafRule
name: example
properties:
policyId: ${example.id}
ruleName: ${name}
conditions:
- key: URI
opValue: ne
values: /login.php
- key: Header
subKey: a
opValue: eq
values: b
status: on
action: monitor
rateLimit:
target: IP
interval: '5'
threshold: '5'
ttl: '1800'
status:
code: '200'
ratio: '60'Content copied to clipboard
Import
Dcdn Waf Rule can be imported using the id, e.g.
$ pulumi import alicloud:dcdn/wafRule:WafRule example <id>Content copied to clipboard
Constructors
Link copied to clipboard
constructor(action: Output<String>? = null, ccStatus: Output<String>? = null, cnRegionList: Output<String>? = null, conditions: Output<List<WafRuleConditionArgs>>? = null, effect: Output<String>? = null, otherRegionList: Output<String>? = null, policyId: Output<String>? = null, rateLimit: Output<WafRuleRateLimitArgs>? = null, regularRules: Output<List<String>>? = null, regularTypes: Output<List<String>>? = null, remoteAddrs: Output<List<String>>? = null, ruleName: Output<String>? = null, scenes: Output<List<String>>? = null, status: Output<String>? = null, wafGroupIds: Output<String>? = null)
Properties
Link copied to clipboard
The blocked regions in the Chinese mainland, separated by commas (,).
Link copied to clipboard
Conditions that trigger the rule. See conditions below. NOTE: This parameter is required when policy is of type custom_acl or whitelist.
Link copied to clipboard
Blocked regions outside the Chinese mainland, separated by commas (,).
Link copied to clipboard
The rules of rate limiting. If you set cc_status to on, you must configure this parameter. See rate_limit below.
Link copied to clipboard
The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.
Link copied to clipboard
Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:"sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"
Link copied to clipboard
Filter by IP address.
Link copied to clipboard
The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas. NOTE: This parameter is valid only when policy is of type waf_group.