Ruleset
data class RulesetArgs(val accountId: Output<String>? = null, val description: Output<String>? = null, val kind: Output<String>? = null, val name: Output<String>? = null, val phase: Output<String>? = null, val rules: Output<List<RulesetRuleArgs>>? = null, val shareableEntitlementName: Output<String>? = null, val zoneId: Output<String>? = null) : ConvertibleToJava<RulesetArgs>
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.Ruleset;
import com.pulumi.cloudflare.RulesetArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOverridesArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriPathArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriQueryArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleRatelimitArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOriginArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersBrowserTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersEdgeTtlArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersServeStaleArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromListArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueArgs;
import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueTargetUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var magicTransitExample = new Ruleset("magicTransitExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.description("example magic transit ruleset description")
.kind("root")
.name("account magic transit")
.phase("magic_transit")
.rules(RulesetRuleArgs.builder()
.action("allow")
.description("Allow TCP Ephemeral Ports")
.expression("tcp.dstport in { 32768..65535 }")
.build())
.build());
var zoneLevelManagedWaf = new Ruleset("zoneLevelManagedWaf", RulesetArgs.builder()
.description("managed WAF ruleset description")
.kind("zone")
.name("managed WAF")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.build())
.description("Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var zoneLevelManagedWafWithCategoryBasedOverrides = new Ruleset("zoneLevelManagedWafWithCategoryBasedOverrides", RulesetArgs.builder()
.description("managed WAF with tag-based overrides ruleset description")
.kind("zone")
.name("managed WAF with tag-based overrides")
.phase("http_request_firewall_managed")
.rules(RulesetRuleArgs.builder()
.action("execute")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.id("efb7b8c949ac4650a09736fc376e9aee")
.overrides(RulesetRuleActionParametersOverridesArgs.builder()
.categories(
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.action("block")
.category("wordpress")
.status("enabled")
.build(),
RulesetRuleActionParametersOverridesCategoryArgs.builder()
.action("block")
.category("joomla")
.status("enabled")
.build())
.build())
.build())
.description("overrides to only enable wordpress rules to block")
.enabled(false)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var transformUriRulePath = new Ruleset("transformUriRulePath", RulesetArgs.builder()
.description("change the URI path to a new static path")
.kind("zone")
.name("transform rule for URI path")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.path(RulesetRuleActionParametersUriPathArgs.builder()
.value("/my-new-route")
.build())
.build())
.build())
.description("example URI path transform rule")
.enabled(true)
.expression("(http.host eq \"example.com\" and http.request.uri.path eq \"/old-path\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var transformUriRuleQuery = new Ruleset("transformUriRuleQuery", RulesetArgs.builder()
.description("change the URI query to a new static query")
.kind("zone")
.name("transform rule for URI query parameter")
.phase("http_request_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.uri(RulesetRuleActionParametersUriArgs.builder()
.query(RulesetRuleActionParametersUriQueryArgs.builder()
.value("old=new_again")
.build())
.build())
.build())
.description("URI transformation query example")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var transformUriHttpHeaders = new Ruleset("transformUriHttpHeaders", RulesetArgs.builder()
.description("modify HTTP headers before reaching origin")
.kind("zone")
.name("transform rule for HTTP headers")
.phase("http_request_late_transform")
.rules(RulesetRuleArgs.builder()
.action("rewrite")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.headers(
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-1")
.operation("set")
.value("my-http-header-value-1")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.expression("cf.zone.name")
.name("example-http-header-2")
.operation("set")
.build(),
RulesetRuleActionParametersHeaderArgs.builder()
.name("example-http-header-3-to-remove")
.operation("remove")
.build())
.build())
.description("example request header transform rule")
.enabled(false)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var rateLimitingExample = new Ruleset("rateLimitingExample", RulesetArgs.builder()
.description("apply HTTP rate limiting for a route")
.kind("zone")
.name("restrict API requests count")
.phase("http_ratelimit")
.rules(RulesetRuleArgs.builder()
.action("block")
.description("rate limit for API")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.ratelimit(RulesetRuleRatelimitArgs.builder()
.characteristics(
"cf.colo.id",
"ip.src")
.mitigationTimeout(600)
.period(60)
.requestsPerPeriod(100)
.build())
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var httpOriginExample = new Ruleset("httpOriginExample", RulesetArgs.builder()
.description("Change origin for a route")
.kind("zone")
.name("Change to some origin")
.phase("http_request_origin")
.rules(RulesetRuleArgs.builder()
.action("route")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.hostHeader("some.host")
.origin(RulesetRuleActionParametersOriginArgs.builder()
.host("some.host")
.port(80)
.build())
.build())
.description("change origin to some.host")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var customFieldsLoggingExample = new Ruleset("customFieldsLoggingExample", RulesetArgs.builder()
.description("add custom fields to logging")
.kind("zone")
.name("log custom fields")
.phase("http_log_custom_fields")
.rules(RulesetRuleArgs.builder()
.action("log_custom_field")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.cookieFields(
"__ga",
"accountNumber",
"__cfruid")
.requestFields(
"content-type",
"x-forwarded-for",
"host")
.responseFields(
"server",
"content-type",
"allow")
.build())
.description("log custom fields rule")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var cacheSettingsExample = new Ruleset("cacheSettingsExample", RulesetArgs.builder()
.description("set cache settings for the request")
.kind("zone")
.name("set cache settings")
.phase("http_request_cache_settings")
.rules(RulesetRuleArgs.builder()
.action("set_cache_settings")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
.mode("respect_origin")
.build())
.cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
.cacheDeceptionArmor(true)
.customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
.cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
.checkPresence(
"cabc_t",
"cdef_t")
.include(
"cabc",
"cdef")
.build())
.header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
.checkPresence(
"habc_t",
"hdef_t")
.excludeOrigin(true)
.include(
"habc",
"hdef")
.build())
.host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
.resolved(true)
.build())
.queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
.exclude("*")
.build())
.user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
.deviceType(true)
.geo(false)
.build())
.build())
.ignoreQueryStringsOrder(false)
.build())
.edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
.default_(60)
.mode("override_origin")
.statusCodeTtl(
%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build())
.originErrorPagePassthru(false)
.respectStrongEtags(true)
.serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
.disableStaleWhileUpdating(true)
.build())
.build())
.description("set cache settings rule")
.enabled(true)
.expression("(http.host eq \"example.host.com\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var redirectFromListExample = new Ruleset("redirectFromListExample", RulesetArgs.builder()
.accountId("f037e56e89293a057740de681ac9abbe")
.description("Redirect ruleset")
.kind("root")
.name("redirects")
.phase("http_request_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromList(RulesetRuleActionParametersFromListArgs.builder()
.key("http.request.full_uri")
.name("redirect_list")
.build())
.build())
.description("Apply redirects from redirect_list")
.enabled(true)
.expression("http.request.full_uri in $redirect_list")
.build())
.build());
var redirectFromValueExample = new Ruleset("redirectFromValueExample", RulesetArgs.builder()
.description("Redirect ruleset")
.kind("root")
.name("redirects")
.phase("http_request_dynamic_redirect")
.rules(RulesetRuleArgs.builder()
.action("redirect")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.fromValue(RulesetRuleActionParametersFromValueArgs.builder()
.preserveQueryString(true)
.statusCode(301)
.targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
.value("some_host.com")
.build())
.build())
.build())
.description("Apply redirect from value")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var httpCustomErrorExample = new Ruleset("httpCustomErrorExample", RulesetArgs.builder()
.description("Serve some error response")
.kind("zone")
.name("Serve some error response")
.phase("http_custom_errors")
.rules(RulesetRuleArgs.builder()
.action("serve_error")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.content("some error html")
.contentType("text/html")
.statusCode("530")
.build())
.description("serve some error response")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
var httpConfigRulesExample = new Ruleset("httpConfigRulesExample", RulesetArgs.builder()
.description("set config rules for request")
.kind("zone")
.name("set config rules")
.phase("http_config_settings")
.rules(RulesetRuleArgs.builder()
.action("set_config")
.actionParameters(RulesetRuleActionParametersArgs.builder()
.bic(true)
.emailObfuscation(true)
.build())
.description("set config rules for matching request")
.enabled(true)
.expression("(http.request.uri.path matches \"^/api/\")")
.build())
.zoneId("0da42c8d2132a9ddaf714f9e7c920711")
.build());
}
}Content copied to clipboard
Import
Import an account scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example account/<account_id>/<ruleset_id>Content copied to clipboard
Import a zone scoped Ruleset configuration.
$ pulumi import cloudflare:index/ruleset:Ruleset example zone/<zone_id>/<ruleset_id>Content copied to clipboard
Constructors
Link copied to clipboard
constructor(accountId: Output<String>? = null, description: Output<String>? = null, kind: Output<String>? = null, name: Output<String>? = null, phase: Output<String>? = null, rules: Output<List<RulesetRuleArgs>>? = null, shareableEntitlementName: Output<String>? = null, zoneId: Output<String>? = null)
Properties
Link copied to clipboard
Brief summary of the ruleset and its intended use.
Link copied to clipboard
Point in the request/response lifecycle where the ruleset will be created. Available values: ddos_l4, ddos_l7, http_custom_errors, http_log_custom_fields, http_request_cache_settings, http_request_firewall_custom, http_request_firewall_managed, http_request_late_transform, http_request_late_transform_managed, http_request_main, http_request_origin, http_request_dynamic_redirect, http_request_redirect, http_request_sanitize, http_request_transform, http_response_firewall_managed, http_response_headers_transform, http_response_headers_transform_managed, magic_transit, http_ratelimit, http_request_sbfm, http_config_settings.
Link copied to clipboard
List of rules to apply to the ruleset.
Link copied to clipboard
Name of entitlement that is shareable between entities.