pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin.outputs/ZeroTrustGatewayPolicyRuleSettings

ZeroTrustGatewayPolicyRuleSettings

data class ZeroTrustGatewayPolicyRuleSettings(val addHeaders: Map<String, String>? = null, val allowChildBypass: Boolean? = null, val auditSsh: ZeroTrustGatewayPolicyRuleSettingsAuditSsh? = null, val bisoAdminControls: ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls? = null, val blockPageEnabled: Boolean? = null, val blockReason: String? = null, val bypassParentRule: Boolean? = null, val checkSession: ZeroTrustGatewayPolicyRuleSettingsCheckSession? = null, val dnsResolvers: ZeroTrustGatewayPolicyRuleSettingsDnsResolvers? = null, val egress: ZeroTrustGatewayPolicyRuleSettingsEgress? = null, val ignoreCnameCategoryMatches: Boolean? = null, val insecureDisableDnssecValidation: Boolean? = null, val ipCategories: Boolean? = null, val ipIndicatorFeeds: Boolean? = null, val l4override: ZeroTrustGatewayPolicyRuleSettingsL4override? = null, val notificationSettings: ZeroTrustGatewayPolicyRuleSettingsNotificationSettings? = null, val overrideHost: String? = null, val overrideIps: List<String>? = null, val payloadLog: ZeroTrustGatewayPolicyRuleSettingsPayloadLog? = null, val quarantine: ZeroTrustGatewayPolicyRuleSettingsQuarantine? = null, val resolveDnsInternally: ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally? = null, val resolveDnsThroughCloudflare: Boolean? = null, val untrustedCert: ZeroTrustGatewayPolicyRuleSettingsUntrustedCert? = null)

Constructors

Link copied to clipboard
constructor(addHeaders: Map<String, String>? = null, allowChildBypass: Boolean? = null, auditSsh: ZeroTrustGatewayPolicyRuleSettingsAuditSsh? = null, bisoAdminControls: ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls? = null, blockPageEnabled: Boolean? = null, blockReason: String? = null, bypassParentRule: Boolean? = null, checkSession: ZeroTrustGatewayPolicyRuleSettingsCheckSession? = null, dnsResolvers: ZeroTrustGatewayPolicyRuleSettingsDnsResolvers? = null, egress: ZeroTrustGatewayPolicyRuleSettingsEgress? = null, ignoreCnameCategoryMatches: Boolean? = null, insecureDisableDnssecValidation: Boolean? = null, ipCategories: Boolean? = null, ipIndicatorFeeds: Boolean? = null, l4override: ZeroTrustGatewayPolicyRuleSettingsL4override? = null, notificationSettings: ZeroTrustGatewayPolicyRuleSettingsNotificationSettings? = null, overrideHost: String? = null, overrideIps: List<String>? = null, payloadLog: ZeroTrustGatewayPolicyRuleSettingsPayloadLog? = null, quarantine: ZeroTrustGatewayPolicyRuleSettingsQuarantine? = null, resolveDnsInternally: ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally? = null, resolveDnsThroughCloudflare: Boolean? = null, untrustedCert: ZeroTrustGatewayPolicyRuleSettingsUntrustedCert? = null)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val addHeaders: Map<String, String>? = null

Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).

Link copied to clipboard
val allowChildBypass: Boolean? = null

Set by parent MSP accounts to enable their children to bypass this rule.

Link copied to clipboard
val auditSsh: ZeroTrustGatewayPolicyRuleSettingsAuditSsh? = null

Settings for the Audit SSH action.

Link copied to clipboard
val bisoAdminControls: ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls? = null

Configure how browser isolation behaves.

Link copied to clipboard
val blockPageEnabled: Boolean? = null

Enable the custom block page.

Link copied to clipboard
val blockReason: String? = null

The text describing why this block occurred, displayed on the custom block page (if enabled).

Link copied to clipboard
val bypassParentRule: Boolean? = null

Set by children MSP accounts to bypass their parent's rules.

Link copied to clipboard
val checkSession: ZeroTrustGatewayPolicyRuleSettingsCheckSession? = null

Configure how session check behaves.

Link copied to clipboard
val dnsResolvers: ZeroTrustGatewayPolicyRuleSettingsDnsResolvers? = null

Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolvednsthroughcloudflare' or 'resolvedns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.

Link copied to clipboard
val egress: ZeroTrustGatewayPolicyRuleSettingsEgress? = null

Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs.

Link copied to clipboard
val ignoreCnameCategoryMatches: Boolean? = null

Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.

Link copied to clipboard
val insecureDisableDnssecValidation: Boolean? = null

INSECURE - disable DNSSEC validation (for Allow actions).

Link copied to clipboard
val ipCategories: Boolean? = null

Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.

Link copied to clipboard
val ipIndicatorFeeds: Boolean? = null

Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.

Link copied to clipboard
val l4override: ZeroTrustGatewayPolicyRuleSettingsL4override? = null

Send matching traffic to the supplied destination IP address and port.

Link copied to clipboard
val notificationSettings: ZeroTrustGatewayPolicyRuleSettingsNotificationSettings? = null

Configure a notification to display on the user's device when this rule is matched.

Link copied to clipboard
val overrideHost: String? = null

Override matching DNS queries with a hostname.

Link copied to clipboard
val overrideIps: List<String>? = null

Override matching DNS queries with an IP or set of IPs.

Link copied to clipboard
val payloadLog: ZeroTrustGatewayPolicyRuleSettingsPayloadLog? = null

Configure DLP payload logging.

Link copied to clipboard
val quarantine: ZeroTrustGatewayPolicyRuleSettingsQuarantine? = null

Settings that apply to quarantine rules

Link copied to clipboard
val resolveDnsInternally: ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally? = null

Configure to forward the query to the internal DNS service, passing the specified 'viewid' as input. Cannot be set when 'dnsresolvers' are specified or 'resolvednsthrough*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.

Link copied to clipboard
val resolveDnsThroughCloudflare: Boolean? = null

Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dnsresolvers' are specified or 'resolvedns_internally' is set. Only valid when a rule's action is set to 'resolve'.

Link copied to clipboard
val untrustedCert: ZeroTrustGatewayPolicyRuleSettingsUntrustedCert? = null

Configure behavior when an upstream cert is invalid or an SSL error occurs.