Docs Home
f5 BIG-IP v3.17.9 published on Friday, Mar 7, 2025 by Pulumi
f5bigip.WafPolicy
Explore with Pulumi AI
f5bigip.WafPolicy Manages a WAF Policy resource with its adjustments and modifications on a BIG-IP.
It outputs an up-to-date WAF Policy in a JSON format
NOTE This Resource Requires F5 BIG-IP v16.x above version, and ASM need to be provisioned.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as f5bigip from "@pulumi/f5bigip";
const param1 = f5bigip.ssl.getWafEntityParameter({
name: "Param1",
type: "explicit",
dataType: "alpha-numeric",
performStaging: true,
});
const param2 = f5bigip.ssl.getWafEntityParameter({
name: "Param2",
type: "explicit",
dataType: "alpha-numeric",
performStaging: true,
});
const URL = f5bigip.ssl.getWafEntityUrl({
name: "URL1",
protocol: "http",
});
const URL2 = f5bigip.ssl.getWafEntityUrl({
name: "URL2",
});
const test_awaf = new f5bigip.WafPolicy("test-awaf", {
name: "testpolicyravi",
partition: "Common",
templateName: "POLICY_TEMPLATE_RAPID_DEPLOYMENT",
applicationLanguage: "utf-8",
enforcementMode: "blocking",
serverTechnologies: [
"MySQL",
"Unix/Linux",
"MongoDB",
],
parameters: [
param1.then(param1 => param1.json),
param2.then(param2 => param2.json),
],
urls: [
URL.then(URL => URL.json),
URL2.then(URL2 => URL2.json),
],
});
import pulumi
import pulumi_f5bigip as f5bigip
param1 = f5bigip.ssl.get_waf_entity_parameter(name="Param1",
type="explicit",
data_type="alpha-numeric",
perform_staging=True)
param2 = f5bigip.ssl.get_waf_entity_parameter(name="Param2",
type="explicit",
data_type="alpha-numeric",
perform_staging=True)
url = f5bigip.ssl.get_waf_entity_url(name="URL1",
protocol="http")
url2 = f5bigip.ssl.get_waf_entity_url(name="URL2")
test_awaf = f5bigip.WafPolicy("test-awaf",
name="testpolicyravi",
partition="Common",
template_name="POLICY_TEMPLATE_RAPID_DEPLOYMENT",
application_language="utf-8",
enforcement_mode="blocking",
server_technologies=[
"MySQL",
"Unix/Linux",
"MongoDB",
],
parameters=[
param1.json,
param2.json,
],
urls=[
url.json,
url2.json,
])
package main
import (
"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip"
"github.com/pulumi/pulumi-f5bigip/sdk/v3/go/f5bigip/ssl"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
param1, err := ssl.GetWafEntityParameter(ctx, &ssl.GetWafEntityParameterArgs{
Name: "Param1",
Type: pulumi.StringRef("explicit"),
DataType: pulumi.StringRef("alpha-numeric"),
PerformStaging: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
param2, err := ssl.GetWafEntityParameter(ctx, &ssl.GetWafEntityParameterArgs{
Name: "Param2",
Type: pulumi.StringRef("explicit"),
DataType: pulumi.StringRef("alpha-numeric"),
PerformStaging: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
URL, err := ssl.GetWafEntityUrl(ctx, &ssl.GetWafEntityUrlArgs{
Name: "URL1",
Protocol: pulumi.StringRef("http"),
}, nil)
if err != nil {
return err
}
URL2, err := ssl.GetWafEntityUrl(ctx, &ssl.GetWafEntityUrlArgs{
Name: "URL2",
}, nil)
if err != nil {
return err
}
_, err = f5bigip.NewWafPolicy(ctx, "test-awaf", &f5bigip.WafPolicyArgs{
Name: pulumi.String("testpolicyravi"),
Partition: pulumi.String("Common"),
TemplateName: pulumi.String("POLICY_TEMPLATE_RAPID_DEPLOYMENT"),
ApplicationLanguage: pulumi.String("utf-8"),
EnforcementMode: pulumi.String("blocking"),
ServerTechnologies: pulumi.StringArray{
pulumi.String("MySQL"),
pulumi.String("Unix/Linux"),
pulumi.String("MongoDB"),
},
Parameters: pulumi.StringArray{
pulumi.String(param1.Json),
pulumi.String(param2.Json),
},
Urls: pulumi.StringArray{
pulumi.String(URL.Json),
pulumi.String(URL2.Json),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using F5BigIP = Pulumi.F5BigIP;
return await Deployment.RunAsync(() =>
{
var param1 = F5BigIP.Ssl.GetWafEntityParameter.Invoke(new()
{
Name = "Param1",
Type = "explicit",
DataType = "alpha-numeric",
PerformStaging = true,
});
var param2 = F5BigIP.Ssl.GetWafEntityParameter.Invoke(new()
{
Name = "Param2",
Type = "explicit",
DataType = "alpha-numeric",
PerformStaging = true,
});
var URL = F5BigIP.Ssl.GetWafEntityUrl.Invoke(new()
{
Name = "URL1",
Protocol = "http",
});
var URL2 = F5BigIP.Ssl.GetWafEntityUrl.Invoke(new()
{
Name = "URL2",
});
var test_awaf = new F5BigIP.WafPolicy("test-awaf", new()
{
Name = "testpolicyravi",
Partition = "Common",
TemplateName = "POLICY_TEMPLATE_RAPID_DEPLOYMENT",
ApplicationLanguage = "utf-8",
EnforcementMode = "blocking",
ServerTechnologies = new[]
{
"MySQL",
"Unix/Linux",
"MongoDB",
},
Parameters = new[]
{
param1.Apply(getWafEntityParameterResult => getWafEntityParameterResult.Json),
param2.Apply(getWafEntityParameterResult => getWafEntityParameterResult.Json),
},
Urls = new[]
{
URL.Apply(getWafEntityUrlResult => getWafEntityUrlResult.Json),
URL2.Apply(getWafEntityUrlResult => getWafEntityUrlResult.Json),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.f5bigip.ssl.SslFunctions;
import com.pulumi.f5bigip.ssl.inputs.GetWafEntityParameterArgs;
import com.pulumi.f5bigip.ssl.inputs.GetWafEntityUrlArgs;
import com.pulumi.f5bigip.WafPolicy;
import com.pulumi.f5bigip.WafPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var param1 = SslFunctions.getWafEntityParameter(GetWafEntityParameterArgs.builder()
.name("Param1")
.type("explicit")
.dataType("alpha-numeric")
.performStaging(true)
.build());
final var param2 = SslFunctions.getWafEntityParameter(GetWafEntityParameterArgs.builder()
.name("Param2")
.type("explicit")
.dataType("alpha-numeric")
.performStaging(true)
.build());
final var URL = SslFunctions.getWafEntityUrl(GetWafEntityUrlArgs.builder()
.name("URL1")
.protocol("http")
.build());
final var URL2 = SslFunctions.getWafEntityUrl(GetWafEntityUrlArgs.builder()
.name("URL2")
.build());
var test_awaf = new WafPolicy("test-awaf", WafPolicyArgs.builder()
.name("testpolicyravi")
.partition("Common")
.templateName("POLICY_TEMPLATE_RAPID_DEPLOYMENT")
.applicationLanguage("utf-8")
.enforcementMode("blocking")
.serverTechnologies(
"MySQL",
"Unix/Linux",
"MongoDB")
.parameters(
param1.applyValue(getWafEntityParameterResult -> getWafEntityParameterResult.json()),
param2.applyValue(getWafEntityParameterResult -> getWafEntityParameterResult.json()))
.urls(
URL.applyValue(getWafEntityUrlResult -> getWafEntityUrlResult.json()),
URL2.applyValue(getWafEntityUrlResult -> getWafEntityUrlResult.json()))
.build());
}
}
resources:
test-awaf:
type: f5bigip:WafPolicy
properties:
name: testpolicyravi
partition: Common
templateName: POLICY_TEMPLATE_RAPID_DEPLOYMENT
applicationLanguage: utf-8
enforcementMode: blocking
serverTechnologies:
- MySQL
- Unix/Linux
- MongoDB
parameters:
- ${param1.json}
- ${param2.json}
urls:
- ${URL.json}
- ${URL2.json}
variables:
param1:
fn::invoke:
function: f5bigip:ssl:getWafEntityParameter
arguments:
name: Param1
type: explicit
dataType: alpha-numeric
performStaging: true
param2:
fn::invoke:
function: f5bigip:ssl:getWafEntityParameter
arguments:
name: Param2
type: explicit
dataType: alpha-numeric
performStaging: true
URL:
fn::invoke:
function: f5bigip:ssl:getWafEntityUrl
arguments:
name: URL1
protocol: http
URL2:
fn::invoke:
function: f5bigip:ssl:getWafEntityUrl
arguments:
name: URL2
Create WafPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WafPolicy(name: string, args: WafPolicyArgs, opts?: CustomResourceOptions);@overload
def WafPolicy(resource_name: str,
args: WafPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WafPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
template_name: Optional[str] = None,
parameters: Optional[Sequence[str]] = None,
case_insensitive: Optional[bool] = None,
enforcement_mode: Optional[str] = None,
file_types: Optional[Sequence[WafPolicyFileTypeArgs]] = None,
graphql_profiles: Optional[Sequence[WafPolicyGraphqlProfileArgs]] = None,
host_names: Optional[Sequence[WafPolicyHostNameArgs]] = None,
ip_exceptions: Optional[Sequence[WafPolicyIpExceptionArgs]] = None,
modifications: Optional[Sequence[str]] = None,
description: Optional[str] = None,
open_api_files: Optional[Sequence[str]] = None,
urls: Optional[Sequence[str]] = None,
enable_passivemode: Optional[bool] = None,
policy_import_json: Optional[str] = None,
policy_id: Optional[str] = None,
policy_builders: Optional[Sequence[WafPolicyPolicyBuilderArgs]] = None,
protocol_independent: Optional[bool] = None,
server_technologies: Optional[Sequence[str]] = None,
signature_sets: Optional[Sequence[str]] = None,
signatures: Optional[Sequence[str]] = None,
signatures_settings: Optional[Sequence[WafPolicySignaturesSettingArgs]] = None,
template_link: Optional[str] = None,
partition: Optional[str] = None,
type: Optional[str] = None,
application_language: Optional[str] = None)func NewWafPolicy(ctx *Context, name string, args WafPolicyArgs, opts ...ResourceOption) (*WafPolicy, error)public WafPolicy(string name, WafPolicyArgs args, CustomResourceOptions? opts = null)
public WafPolicy(String name, WafPolicyArgs args)
public WafPolicy(String name, WafPolicyArgs args, CustomResourceOptions options)
type: f5bigip:WafPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WafPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WafPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WafPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WafPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WafPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var wafPolicyResource = new F5BigIP.WafPolicy("wafPolicyResource", new()
{
Name = "string",
TemplateName = "string",
Parameters = new[]
{
"string",
},
CaseInsensitive = false,
EnforcementMode = "string",
FileTypes = new[]
{
new F5BigIP.Inputs.WafPolicyFileTypeArgs
{
Allowed = false,
Name = "string",
Type = "string",
},
},
GraphqlProfiles = new[]
{
new F5BigIP.Inputs.WafPolicyGraphqlProfileArgs
{
Name = "string",
AttackSignaturesCheck = false,
DefenseAttributes = new[]
{
new F5BigIP.Inputs.WafPolicyGraphqlProfileDefenseAttributeArgs
{
AllowIntrospectionQueries = false,
MaximumBatchedQueries = "string",
MaximumStructureDepth = "string",
MaximumTotalLength = "string",
MaximumValueLength = "string",
TolerateParsingWarnings = false,
},
},
MetacharElementcheck = false,
},
},
HostNames = new[]
{
new F5BigIP.Inputs.WafPolicyHostNameArgs
{
Name = "string",
},
},
IpExceptions = new[]
{
new F5BigIP.Inputs.WafPolicyIpExceptionArgs
{
IpAddress = "string",
IpMask = "string",
BlockRequests = "string",
Description = "string",
IgnoreAnomalies = false,
IgnoreIpreputation = false,
TrustedbyPolicybuilder = false,
},
},
Modifications = new[]
{
"string",
},
Description = "string",
OpenApiFiles = new[]
{
"string",
},
Urls = new[]
{
"string",
},
EnablePassivemode = false,
PolicyImportJson = "string",
PolicyId = "string",
PolicyBuilders = new[]
{
new F5BigIP.Inputs.WafPolicyPolicyBuilderArgs
{
LearningMode = "string",
},
},
ProtocolIndependent = false,
ServerTechnologies = new[]
{
"string",
},
SignatureSets = new[]
{
"string",
},
Signatures = new[]
{
"string",
},
SignaturesSettings = new[]
{
new F5BigIP.Inputs.WafPolicySignaturesSettingArgs
{
PlacesignaturesInStaging = false,
SignatureStaging = false,
},
},
TemplateLink = "string",
Partition = "string",
Type = "string",
ApplicationLanguage = "string",
});
example, err := f5bigip.NewWafPolicy(ctx, "wafPolicyResource", &f5bigip.WafPolicyArgs{
Name: pulumi.String("string"),
TemplateName: pulumi.String("string"),
Parameters: pulumi.StringArray{
pulumi.String("string"),
},
CaseInsensitive: pulumi.Bool(false),
EnforcementMode: pulumi.String("string"),
FileTypes: f5bigip.WafPolicyFileTypeArray{
&f5bigip.WafPolicyFileTypeArgs{
Allowed: pulumi.Bool(false),
Name: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
GraphqlProfiles: f5bigip.WafPolicyGraphqlProfileArray{
&f5bigip.WafPolicyGraphqlProfileArgs{
Name: pulumi.String("string"),
AttackSignaturesCheck: pulumi.Bool(false),
DefenseAttributes: f5bigip.WafPolicyGraphqlProfileDefenseAttributeArray{
&f5bigip.WafPolicyGraphqlProfileDefenseAttributeArgs{
AllowIntrospectionQueries: pulumi.Bool(false),
MaximumBatchedQueries: pulumi.String("string"),
MaximumStructureDepth: pulumi.String("string"),
MaximumTotalLength: pulumi.String("string"),
MaximumValueLength: pulumi.String("string"),
TolerateParsingWarnings: pulumi.Bool(false),
},
},
MetacharElementcheck: pulumi.Bool(false),
},
},
HostNames: f5bigip.WafPolicyHostNameArray{
&f5bigip.WafPolicyHostNameArgs{
Name: pulumi.String("string"),
},
},
IpExceptions: f5bigip.WafPolicyIpExceptionArray{
&f5bigip.WafPolicyIpExceptionArgs{
IpAddress: pulumi.String("string"),
IpMask: pulumi.String("string"),
BlockRequests: pulumi.String("string"),
Description: pulumi.String("string"),
IgnoreAnomalies: pulumi.Bool(false),
IgnoreIpreputation: pulumi.Bool(false),
TrustedbyPolicybuilder: pulumi.Bool(false),
},
},
Modifications: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
OpenApiFiles: pulumi.StringArray{
pulumi.String("string"),
},
Urls: pulumi.StringArray{
pulumi.String("string"),
},
EnablePassivemode: pulumi.Bool(false),
PolicyImportJson: pulumi.String("string"),
PolicyId: pulumi.String("string"),
PolicyBuilders: f5bigip.WafPolicyPolicyBuilderArray{
&f5bigip.WafPolicyPolicyBuilderArgs{
LearningMode: pulumi.String("string"),
},
},
ProtocolIndependent: pulumi.Bool(false),
ServerTechnologies: pulumi.StringArray{
pulumi.String("string"),
},
SignatureSets: pulumi.StringArray{
pulumi.String("string"),
},
Signatures: pulumi.StringArray{
pulumi.String("string"),
},
SignaturesSettings: f5bigip.WafPolicySignaturesSettingArray{
&f5bigip.WafPolicySignaturesSettingArgs{
PlacesignaturesInStaging: pulumi.Bool(false),
SignatureStaging: pulumi.Bool(false),
},
},
TemplateLink: pulumi.String("string"),
Partition: pulumi.String("string"),
Type: pulumi.String("string"),
ApplicationLanguage: pulumi.String("string"),
})
var wafPolicyResource = new WafPolicy("wafPolicyResource", WafPolicyArgs.builder()
.name("string")
.templateName("string")
.parameters("string")
.caseInsensitive(false)
.enforcementMode("string")
.fileTypes(WafPolicyFileTypeArgs.builder()
.allowed(false)
.name("string")
.type("string")
.build())
.graphqlProfiles(WafPolicyGraphqlProfileArgs.builder()
.name("string")
.attackSignaturesCheck(false)
.defenseAttributes(WafPolicyGraphqlProfileDefenseAttributeArgs.builder()
.allowIntrospectionQueries(false)
.maximumBatchedQueries("string")
.maximumStructureDepth("string")
.maximumTotalLength("string")
.maximumValueLength("string")
.tolerateParsingWarnings(false)
.build())
.metacharElementcheck(false)
.build())
.hostNames(WafPolicyHostNameArgs.builder()
.name("string")
.build())
.ipExceptions(WafPolicyIpExceptionArgs.builder()
.ipAddress("string")
.ipMask("string")
.blockRequests("string")
.description("string")
.ignoreAnomalies(false)
.ignoreIpreputation(false)
.trustedbyPolicybuilder(false)
.build())
.modifications("string")
.description("string")
.openApiFiles("string")
.urls("string")
.enablePassivemode(false)
.policyImportJson("string")
.policyId("string")
.policyBuilders(WafPolicyPolicyBuilderArgs.builder()
.learningMode("string")
.build())
.protocolIndependent(false)
.serverTechnologies("string")
.signatureSets("string")
.signatures("string")
.signaturesSettings(WafPolicySignaturesSettingArgs.builder()
.placesignaturesInStaging(false)
.signatureStaging(false)
.build())
.templateLink("string")
.partition("string")
.type("string")
.applicationLanguage("string")
.build());
waf_policy_resource = f5bigip.WafPolicy("wafPolicyResource",
name="string",
template_name="string",
parameters=["string"],
case_insensitive=False,
enforcement_mode="string",
file_types=[{
"allowed": False,
"name": "string",
"type": "string",
}],
graphql_profiles=[{
"name": "string",
"attack_signatures_check": False,
"defense_attributes": [{
"allow_introspection_queries": False,
"maximum_batched_queries": "string",
"maximum_structure_depth": "string",
"maximum_total_length": "string",
"maximum_value_length": "string",
"tolerate_parsing_warnings": False,
}],
"metachar_elementcheck": False,
}],
host_names=[{
"name": "string",
}],
ip_exceptions=[{
"ip_address": "string",
"ip_mask": "string",
"block_requests": "string",
"description": "string",
"ignore_anomalies": False,
"ignore_ipreputation": False,
"trustedby_policybuilder": False,
}],
modifications=["string"],
description="string",
open_api_files=["string"],
urls=["string"],
enable_passivemode=False,
policy_import_json="string",
policy_id="string",
policy_builders=[{
"learning_mode": "string",
}],
protocol_independent=False,
server_technologies=["string"],
signature_sets=["string"],
signatures=["string"],
signatures_settings=[{
"placesignatures_in_staging": False,
"signature_staging": False,
}],
template_link="string",
partition="string",
type="string",
application_language="string")
const wafPolicyResource = new f5bigip.WafPolicy("wafPolicyResource", {
name: "string",
templateName: "string",
parameters: ["string"],
caseInsensitive: false,
enforcementMode: "string",
fileTypes: [{
allowed: false,
name: "string",
type: "string",
}],
graphqlProfiles: [{
name: "string",
attackSignaturesCheck: false,
defenseAttributes: [{
allowIntrospectionQueries: false,
maximumBatchedQueries: "string",
maximumStructureDepth: "string",
maximumTotalLength: "string",
maximumValueLength: "string",
tolerateParsingWarnings: false,
}],
metacharElementcheck: false,
}],
hostNames: [{
name: "string",
}],
ipExceptions: [{
ipAddress: "string",
ipMask: "string",
blockRequests: "string",
description: "string",
ignoreAnomalies: false,
ignoreIpreputation: false,
trustedbyPolicybuilder: false,
}],
modifications: ["string"],
description: "string",
openApiFiles: ["string"],
urls: ["string"],
enablePassivemode: false,
policyImportJson: "string",
policyId: "string",
policyBuilders: [{
learningMode: "string",
}],
protocolIndependent: false,
serverTechnologies: ["string"],
signatureSets: ["string"],
signatures: ["string"],
signaturesSettings: [{
placesignaturesInStaging: false,
signatureStaging: false,
}],
templateLink: "string",
partition: "string",
type: "string",
applicationLanguage: "string",
});
type: f5bigip:WafPolicy
properties:
applicationLanguage: string
caseInsensitive: false
description: string
enablePassivemode: false
enforcementMode: string
fileTypes:
- allowed: false
name: string
type: string
graphqlProfiles:
- attackSignaturesCheck: false
defenseAttributes:
- allowIntrospectionQueries: false
maximumBatchedQueries: string
maximumStructureDepth: string
maximumTotalLength: string
maximumValueLength: string
tolerateParsingWarnings: false
metacharElementcheck: false
name: string
hostNames:
- name: string
ipExceptions:
- blockRequests: string
description: string
ignoreAnomalies: false
ignoreIpreputation: false
ipAddress: string
ipMask: string
trustedbyPolicybuilder: false
modifications:
- string
name: string
openApiFiles:
- string
parameters:
- string
partition: string
policyBuilders:
- learningMode: string
policyId: string
policyImportJson: string
protocolIndependent: false
serverTechnologies:
- string
signatureSets:
- string
signatures:
- string
signaturesSettings:
- placesignaturesInStaging: false
signatureStaging: false
templateLink: string
templateName: string
type: string
urls:
- string
WafPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WafPolicy resource accepts the following input properties:
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- Template
Name string - Specifies the name of the template used for the policy creation.
- Application
Language string - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - Case
Insensitive bool - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- Description string
- Specifies the description of the policy.
- Enable
Passivemode bool - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- Enforcement
Mode string - How the system processes a request that triggers a security policy violation
- File
Types List<Pulumi.F5Big IP. Inputs. Waf Policy File Type> file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- Graphql
Profiles List<Pulumi.F5Big IP. Inputs. Waf Policy Graphql Profile> graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- Host
Names List<Pulumi.F5Big IP. Inputs. Waf Policy Host Name> - specify the list of host name that is used to access the application
- Ip
Exceptions List<Pulumi.F5Big IP. Inputs. Waf Policy Ip Exception> ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- Modifications List<string>
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- Open
Api List<string>Files - This section defines the Link for open api files on the policy.
- Parameters List<string>
- This section defines parameters that the security policy permits in requests.
- Partition string
- Specifies the partition of the policy. Default is
Common - Policy
Builders List<Pulumi.F5Big IP. Inputs. Waf Policy Policy Builder> policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- Policy
Id string - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- Policy
Import stringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- Protocol
Independent bool - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- Server
Technologies List<string> - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- Signature
Sets List<string> - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- Signatures List<string>
- This section defines the properties of a signature on the policy.
- Signatures
Settings List<Pulumi.F5Big IP. Inputs. Waf Policy Signatures Setting> - bulk signature setting
- Template
Link string - Specifies the Link of the template used for the policy creation.
- Type string
- The type of policy you want to create. The default policy type is
security. - Urls List<string>
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- Template
Name string - Specifies the name of the template used for the policy creation.
- Application
Language string - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - Case
Insensitive bool - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- Description string
- Specifies the description of the policy.
- Enable
Passivemode bool - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- Enforcement
Mode string - How the system processes a request that triggers a security policy violation
- File
Types []WafPolicy File Type Args file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- Graphql
Profiles []WafPolicy Graphql Profile Args graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- Host
Names []WafPolicy Host Name Args - specify the list of host name that is used to access the application
- Ip
Exceptions []WafPolicy Ip Exception Args ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- Modifications []string
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- Open
Api []stringFiles - This section defines the Link for open api files on the policy.
- Parameters []string
- This section defines parameters that the security policy permits in requests.
- Partition string
- Specifies the partition of the policy. Default is
Common - Policy
Builders []WafPolicy Policy Builder Args policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- Policy
Id string - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- Policy
Import stringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- Protocol
Independent bool - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- Server
Technologies []string - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- Signature
Sets []string - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- Signatures []string
- This section defines the properties of a signature on the policy.
- Signatures
Settings []WafPolicy Signatures Setting Args - bulk signature setting
- Template
Link string - Specifies the Link of the template used for the policy creation.
- Type string
- The type of policy you want to create. The default policy type is
security. - Urls []string
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- template
Name String - Specifies the name of the template used for the policy creation.
- application
Language String - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case
Insensitive Boolean - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description String
- Specifies the description of the policy.
- enable
Passivemode Boolean - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement
Mode String - How the system processes a request that triggers a security policy violation
- file
Types List<WafPolicy File Type> file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql
Profiles List<WafPolicy Graphql Profile> graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host
Names List<WafPolicy Host Name> - specify the list of host name that is used to access the application
- ip
Exceptions List<WafPolicy Ip Exception> ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications List<String>
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- open
Api List<String>Files - This section defines the Link for open api files on the policy.
- parameters List<String>
- This section defines parameters that the security policy permits in requests.
- partition String
- Specifies the partition of the policy. Default is
Common - policy
Builders List<WafPolicy Policy Builder> policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy
Id String - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy
Import StringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol
Independent Boolean - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server
Technologies List<String> - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature
Sets List<String> - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures List<String>
- This section defines the properties of a signature on the policy.
- signatures
Settings List<WafPolicy Signatures Setting> - bulk signature setting
- template
Link String - Specifies the Link of the template used for the policy creation.
- type String
- The type of policy you want to create. The default policy type is
security. - urls List<String>
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- template
Name string - Specifies the name of the template used for the policy creation.
- application
Language string - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case
Insensitive boolean - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description string
- Specifies the description of the policy.
- enable
Passivemode boolean - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement
Mode string - How the system processes a request that triggers a security policy violation
- file
Types WafPolicy File Type[] file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql
Profiles WafPolicy Graphql Profile[] graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host
Names WafPolicy Host Name[] - specify the list of host name that is used to access the application
- ip
Exceptions WafPolicy Ip Exception[] ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications string[]
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- open
Api string[]Files - This section defines the Link for open api files on the policy.
- parameters string[]
- This section defines parameters that the security policy permits in requests.
- partition string
- Specifies the partition of the policy. Default is
Common - policy
Builders WafPolicy Policy Builder[] policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy
Id string - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy
Import stringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol
Independent boolean - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server
Technologies string[] - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature
Sets string[] - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures string[]
- This section defines the properties of a signature on the policy.
- signatures
Settings WafPolicy Signatures Setting[] - bulk signature setting
- template
Link string - Specifies the Link of the template used for the policy creation.
- type string
- The type of policy you want to create. The default policy type is
security. - urls string[]
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- name str
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- template_
name str - Specifies the name of the template used for the policy creation.
- application_
language str - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case_
insensitive bool - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description str
- Specifies the description of the policy.
- enable_
passivemode bool - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement_
mode str - How the system processes a request that triggers a security policy violation
- file_
types Sequence[WafPolicy File Type Args] file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql_
profiles Sequence[WafPolicy Graphql Profile Args] graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host_
names Sequence[WafPolicy Host Name Args] - specify the list of host name that is used to access the application
- ip_
exceptions Sequence[WafPolicy Ip Exception Args] ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications Sequence[str]
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- open_
api_ Sequence[str]files - This section defines the Link for open api files on the policy.
- parameters Sequence[str]
- This section defines parameters that the security policy permits in requests.
- partition str
- Specifies the partition of the policy. Default is
Common - policy_
builders Sequence[WafPolicy Policy Builder Args] policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy_
id str - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy_
import_ strjson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol_
independent bool - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server_
technologies Sequence[str] - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature_
sets Sequence[str] - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures Sequence[str]
- This section defines the properties of a signature on the policy.
- signatures_
settings Sequence[WafPolicy Signatures Setting Args] - bulk signature setting
- template_
link str - Specifies the Link of the template used for the policy creation.
- type str
- The type of policy you want to create. The default policy type is
security. - urls Sequence[str]
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- template
Name String - Specifies the name of the template used for the policy creation.
- application
Language String - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case
Insensitive Boolean - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description String
- Specifies the description of the policy.
- enable
Passivemode Boolean - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement
Mode String - How the system processes a request that triggers a security policy violation
- file
Types List<Property Map> file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql
Profiles List<Property Map> graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host
Names List<Property Map> - specify the list of host name that is used to access the application
- ip
Exceptions List<Property Map> ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications List<String>
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- open
Api List<String>Files - This section defines the Link for open api files on the policy.
- parameters List<String>
- This section defines parameters that the security policy permits in requests.
- partition String
- Specifies the partition of the policy. Default is
Common - policy
Builders List<Property Map> policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy
Id String - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy
Import StringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol
Independent Boolean - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server
Technologies List<String> - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature
Sets List<String> - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures List<String>
- This section defines the properties of a signature on the policy.
- signatures
Settings List<Property Map> - bulk signature setting
- template
Link String - Specifies the Link of the template used for the policy creation.
- type String
- The type of policy you want to create. The default policy type is
security. - urls List<String>
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
Outputs
All input properties are implicitly available as output properties. Additionally, the WafPolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Export stringJson - Exported WAF policy deployed on BIGIP.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Export stringJson - Exported WAF policy deployed on BIGIP.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Export StringJson - Exported WAF policy deployed on BIGIP.
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Export stringJson - Exported WAF policy deployed on BIGIP.
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
export_ strjson - Exported WAF policy deployed on BIGIP.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Export StringJson - Exported WAF policy deployed on BIGIP.
Look up Existing WafPolicy Resource
Get an existing WafPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WafPolicyState, opts?: CustomResourceOptions): WafPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_language: Optional[str] = None,
case_insensitive: Optional[bool] = None,
description: Optional[str] = None,
enable_passivemode: Optional[bool] = None,
enforcement_mode: Optional[str] = None,
file_types: Optional[Sequence[WafPolicyFileTypeArgs]] = None,
graphql_profiles: Optional[Sequence[WafPolicyGraphqlProfileArgs]] = None,
host_names: Optional[Sequence[WafPolicyHostNameArgs]] = None,
ip_exceptions: Optional[Sequence[WafPolicyIpExceptionArgs]] = None,
modifications: Optional[Sequence[str]] = None,
name: Optional[str] = None,
open_api_files: Optional[Sequence[str]] = None,
parameters: Optional[Sequence[str]] = None,
partition: Optional[str] = None,
policy_builders: Optional[Sequence[WafPolicyPolicyBuilderArgs]] = None,
policy_export_json: Optional[str] = None,
policy_id: Optional[str] = None,
policy_import_json: Optional[str] = None,
protocol_independent: Optional[bool] = None,
server_technologies: Optional[Sequence[str]] = None,
signature_sets: Optional[Sequence[str]] = None,
signatures: Optional[Sequence[str]] = None,
signatures_settings: Optional[Sequence[WafPolicySignaturesSettingArgs]] = None,
template_link: Optional[str] = None,
template_name: Optional[str] = None,
type: Optional[str] = None,
urls: Optional[Sequence[str]] = None) -> WafPolicyfunc GetWafPolicy(ctx *Context, name string, id IDInput, state *WafPolicyState, opts ...ResourceOption) (*WafPolicy, error)public static WafPolicy Get(string name, Input<string> id, WafPolicyState? state, CustomResourceOptions? opts = null)public static WafPolicy get(String name, Output<String> id, WafPolicyState state, CustomResourceOptions options)resources: _: type: f5bigip:WafPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Language string - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - Case
Insensitive bool - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- Description string
- Specifies the description of the policy.
- Enable
Passivemode bool - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- Enforcement
Mode string - How the system processes a request that triggers a security policy violation
- File
Types List<Pulumi.F5Big IP. Inputs. Waf Policy File Type> file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- Graphql
Profiles List<Pulumi.F5Big IP. Inputs. Waf Policy Graphql Profile> graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- Host
Names List<Pulumi.F5Big IP. Inputs. Waf Policy Host Name> - specify the list of host name that is used to access the application
- Ip
Exceptions List<Pulumi.F5Big IP. Inputs. Waf Policy Ip Exception> ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- Modifications List<string>
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- Open
Api List<string>Files - This section defines the Link for open api files on the policy.
- Parameters List<string>
- This section defines parameters that the security policy permits in requests.
- Partition string
- Specifies the partition of the policy. Default is
Common - Policy
Builders List<Pulumi.F5Big IP. Inputs. Waf Policy Policy Builder> policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- Policy
Export stringJson - Exported WAF policy deployed on BIGIP.
- Policy
Id string - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- Policy
Import stringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- Protocol
Independent bool - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- Server
Technologies List<string> - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- Signature
Sets List<string> - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- Signatures List<string>
- This section defines the properties of a signature on the policy.
- Signatures
Settings List<Pulumi.F5Big IP. Inputs. Waf Policy Signatures Setting> - bulk signature setting
- Template
Link string - Specifies the Link of the template used for the policy creation.
- Template
Name string - Specifies the name of the template used for the policy creation.
- Type string
- The type of policy you want to create. The default policy type is
security. - Urls List<string>
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- Application
Language string - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - Case
Insensitive bool - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- Description string
- Specifies the description of the policy.
- Enable
Passivemode bool - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- Enforcement
Mode string - How the system processes a request that triggers a security policy violation
- File
Types []WafPolicy File Type Args file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- Graphql
Profiles []WafPolicy Graphql Profile Args graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- Host
Names []WafPolicy Host Name Args - specify the list of host name that is used to access the application
- Ip
Exceptions []WafPolicy Ip Exception Args ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- Modifications []string
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- Open
Api []stringFiles - This section defines the Link for open api files on the policy.
- Parameters []string
- This section defines parameters that the security policy permits in requests.
- Partition string
- Specifies the partition of the policy. Default is
Common - Policy
Builders []WafPolicy Policy Builder Args policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- Policy
Export stringJson - Exported WAF policy deployed on BIGIP.
- Policy
Id string - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- Policy
Import stringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- Protocol
Independent bool - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- Server
Technologies []string - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- Signature
Sets []string - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- Signatures []string
- This section defines the properties of a signature on the policy.
- Signatures
Settings []WafPolicy Signatures Setting Args - bulk signature setting
- Template
Link string - Specifies the Link of the template used for the policy creation.
- Template
Name string - Specifies the name of the template used for the policy creation.
- Type string
- The type of policy you want to create. The default policy type is
security. - Urls []string
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- application
Language String - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case
Insensitive Boolean - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description String
- Specifies the description of the policy.
- enable
Passivemode Boolean - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement
Mode String - How the system processes a request that triggers a security policy violation
- file
Types List<WafPolicy File Type> file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql
Profiles List<WafPolicy Graphql Profile> graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host
Names List<WafPolicy Host Name> - specify the list of host name that is used to access the application
- ip
Exceptions List<WafPolicy Ip Exception> ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications List<String>
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- open
Api List<String>Files - This section defines the Link for open api files on the policy.
- parameters List<String>
- This section defines parameters that the security policy permits in requests.
- partition String
- Specifies the partition of the policy. Default is
Common - policy
Builders List<WafPolicy Policy Builder> policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy
Export StringJson - Exported WAF policy deployed on BIGIP.
- policy
Id String - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy
Import StringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol
Independent Boolean - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server
Technologies List<String> - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature
Sets List<String> - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures List<String>
- This section defines the properties of a signature on the policy.
- signatures
Settings List<WafPolicy Signatures Setting> - bulk signature setting
- template
Link String - Specifies the Link of the template used for the policy creation.
- template
Name String - Specifies the name of the template used for the policy creation.
- type String
- The type of policy you want to create. The default policy type is
security. - urls List<String>
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- application
Language string - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case
Insensitive boolean - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description string
- Specifies the description of the policy.
- enable
Passivemode boolean - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement
Mode string - How the system processes a request that triggers a security policy violation
- file
Types WafPolicy File Type[] file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql
Profiles WafPolicy Graphql Profile[] graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host
Names WafPolicy Host Name[] - specify the list of host name that is used to access the application
- ip
Exceptions WafPolicy Ip Exception[] ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications string[]
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- open
Api string[]Files - This section defines the Link for open api files on the policy.
- parameters string[]
- This section defines parameters that the security policy permits in requests.
- partition string
- Specifies the partition of the policy. Default is
Common - policy
Builders WafPolicy Policy Builder[] policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy
Export stringJson - Exported WAF policy deployed on BIGIP.
- policy
Id string - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy
Import stringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol
Independent boolean - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server
Technologies string[] - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature
Sets string[] - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures string[]
- This section defines the properties of a signature on the policy.
- signatures
Settings WafPolicy Signatures Setting[] - bulk signature setting
- template
Link string - Specifies the Link of the template used for the policy creation.
- template
Name string - Specifies the name of the template used for the policy creation.
- type string
- The type of policy you want to create. The default policy type is
security. - urls string[]
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- application_
language str - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case_
insensitive bool - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description str
- Specifies the description of the policy.
- enable_
passivemode bool - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement_
mode str - How the system processes a request that triggers a security policy violation
- file_
types Sequence[WafPolicy File Type Args] file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql_
profiles Sequence[WafPolicy Graphql Profile Args] graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host_
names Sequence[WafPolicy Host Name Args] - specify the list of host name that is used to access the application
- ip_
exceptions Sequence[WafPolicy Ip Exception Args] ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications Sequence[str]
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- name str
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- open_
api_ Sequence[str]files - This section defines the Link for open api files on the policy.
- parameters Sequence[str]
- This section defines parameters that the security policy permits in requests.
- partition str
- Specifies the partition of the policy. Default is
Common - policy_
builders Sequence[WafPolicy Policy Builder Args] policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy_
export_ strjson - Exported WAF policy deployed on BIGIP.
- policy_
id str - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy_
import_ strjson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol_
independent bool - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server_
technologies Sequence[str] - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature_
sets Sequence[str] - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures Sequence[str]
- This section defines the properties of a signature on the policy.
- signatures_
settings Sequence[WafPolicy Signatures Setting Args] - bulk signature setting
- template_
link str - Specifies the Link of the template used for the policy creation.
- template_
name str - Specifies the name of the template used for the policy creation.
- type str
- The type of policy you want to create. The default policy type is
security. - urls Sequence[str]
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
- application
Language String - The character encoding for the web application. The character encoding determines how the policy processes the character sets. The default is
utf-8 - case
Insensitive Boolean - Specifies whether the security policy treats microservice URLs, file types, URLs, and parameters as case sensitive or not. When this setting is enabled, the system stores these security policy elements in lowercase in the security policy configuration
- description String
- Specifies the description of the policy.
- enable
Passivemode Boolean - Passive Mode allows the policy to be associated with a Performance L4 Virtual Server (using a FastL4 profile). With FastL4, traffic is analyzed but is not modified in any way.
- enforcement
Mode String - How the system processes a request that triggers a security policy violation
- file
Types List<Property Map> file_typestakes list of file-types options to be used for policy builder. See file types below for more details.- graphql
Profiles List<Property Map> graphql_profilestakes list of graphql profile options to be used for policy builder. See graphql profiles below for more details.- host
Names List<Property Map> - specify the list of host name that is used to access the application
- ip
Exceptions List<Property Map> ip_exceptionstakes list of IP address exception,An IP address exception is an IP address that you want the system to treat in a specific way for a security policy.For example, you can specify IP addresses from which the system should always trust traffic. See IP Exceptions below for more details.- modifications List<String>
- the modifications section includes actions that modify the declarative policy as it is defined in the adjustments section. The modifications section is updated manually, with the changes generally driven by the learning suggestions provided by the BIG-IP.
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- open
Api List<String>Files - This section defines the Link for open api files on the policy.
- parameters List<String>
- This section defines parameters that the security policy permits in requests.
- partition String
- Specifies the partition of the policy. Default is
Common - policy
Builders List<Property Map> policy_builderblock will providelearning_modeoptions to be used for policy builder. See policy builder below for more details.- policy
Export StringJson - Exported WAF policy deployed on BIGIP.
- policy
Id String - The id of the A.WAF Policy as it would be calculated on the BIG-IP.
- policy
Import StringJson - The payload of the WAF Policy to be used for IMPORT on to BIG-IP.
- protocol
Independent Boolean - When creating a security policy, you can determine whether a security policy differentiates between HTTP and HTTPS URLs. If enabled, the security policy differentiates between HTTP and HTTPS URLs. If disabled, the security policy configures URLs without specifying a specific protocol. This is useful for applications that behave the same for HTTP and HTTPS, and it keeps the security policy from including the same URL twice.
- server
Technologies List<String> - The server technology is a server-side application, framework, web server or operating system type that is configured in the policy in order to adapt the policy to the checks needed for the respective technology.
- signature
Sets List<String> - Defines behavior when signatures found within a signature-set are detected in a request. Settings are culmulative, so if a signature is found in any set with block enabled, that signature will have block enabled.
- signatures List<String>
- This section defines the properties of a signature on the policy.
- signatures
Settings List<Property Map> - bulk signature setting
- template
Link String - Specifies the Link of the template used for the policy creation.
- template
Name String - Specifies the name of the template used for the policy creation.
- type String
- The type of policy you want to create. The default policy type is
security. - urls List<String>
- In a security policy, you can manually specify the HTTP URLs that are allowed (or disallowed) in traffic to the web application being protected. If you are using automatic policy building (and the policy includes learning URLs), the system can determine which URLs to add, based on legitimate traffic.
Supporting Types
WafPolicyFileType, WafPolicyFileTypeArgs
- Allowed bool
- Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-
- No allowed file type matched the file type of the request.
- The file type of the request matched a disallowed file type.
- Name string
- Specifies the file type name as appearing in the URL extension.
- Type string
- Determines the type of the name attribute. Only when setting the type to
wildcardwill the special wildcard characters in the name be interpreted as such
- Allowed bool
- Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-
- No allowed file type matched the file type of the request.
- The file type of the request matched a disallowed file type.
- Name string
- Specifies the file type name as appearing in the URL extension.
- Type string
- Determines the type of the name attribute. Only when setting the type to
wildcardwill the special wildcard characters in the name be interpreted as such
- allowed Boolean
- Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-
- No allowed file type matched the file type of the request.
- The file type of the request matched a disallowed file type.
- name String
- Specifies the file type name as appearing in the URL extension.
- type String
- Determines the type of the name attribute. Only when setting the type to
wildcardwill the special wildcard characters in the name be interpreted as such
- allowed boolean
- Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-
- No allowed file type matched the file type of the request.
- The file type of the request matched a disallowed file type.
- name string
- Specifies the file type name as appearing in the URL extension.
- type string
- Determines the type of the name attribute. Only when setting the type to
wildcardwill the special wildcard characters in the name be interpreted as such
- allowed bool
- Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-
- No allowed file type matched the file type of the request.
- The file type of the request matched a disallowed file type.
- name str
- Specifies the file type name as appearing in the URL extension.
- type str
- Determines the type of the name attribute. Only when setting the type to
wildcardwill the special wildcard characters in the name be interpreted as such
- allowed Boolean
- Determines whether the file type is allowed or disallowed. In either of these cases the VIOL_FILETYPE violation is issued (if enabled) for an incoming request-
- No allowed file type matched the file type of the request.
- The file type of the request matched a disallowed file type.
- name String
- Specifies the file type name as appearing in the URL extension.
- type String
- Determines the type of the name attribute. Only when setting the type to
wildcardwill the special wildcard characters in the name be interpreted as such
WafPolicyGraphqlProfile, WafPolicyGraphqlProfileArgs
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- Attack
Signatures boolCheck - Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled
- Defense
Attributes List<Pulumi.F5Big IP. Inputs. Waf Policy Graphql Profile Defense Attribute> - defense_attributes settings for policy
- Metachar
Elementcheck bool - Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- Attack
Signatures boolCheck - Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled
- Defense
Attributes []WafPolicy Graphql Profile Defense Attribute - defense_attributes settings for policy
- Metachar
Elementcheck bool - Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- attack
Signatures BooleanCheck - Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled
- defense
Attributes List<WafPolicy Graphql Profile Defense Attribute> - defense_attributes settings for policy
- metachar
Elementcheck Boolean - Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled
- name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- attack
Signatures booleanCheck - Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled
- defense
Attributes WafPolicy Graphql Profile Defense Attribute[] - defense_attributes settings for policy
- metachar
Elementcheck boolean - Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled
- name str
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- attack_
signatures_ boolcheck - Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled
- defense_
attributes Sequence[WafPolicy Graphql Profile Defense Attribute] - defense_attributes settings for policy
- metachar_
elementcheck bool - Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- attack
Signatures BooleanCheck - Specifies when checked (enabled) that you want attack signatures and threat campaigns to be detected on this GraphQL profile and possibly override the security policy settings of an attack signature or threat campaign specifically for this GraphQL profile. After you enable this setting, the system displays a list of attack signatures and and threat campaigns. The default is enabled
- defense
Attributes List<Property Map> - defense_attributes settings for policy
- metachar
Elementcheck Boolean - Specifies when checked (enabled) that the system enforces the security policy settings of a meta character for the GraphQL profile. After you enable this setting, the system displays a list of meta characters. The default is enabled
WafPolicyGraphqlProfileDefenseAttribute, WafPolicyGraphqlProfileDefenseAttributeArgs
- Allow
Introspection boolQueries - Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
- Maximum
Batched stringQueries - Specifies the highest number of batched queries allowed by the security policy.
- Maximum
Structure stringDepth - Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
- Maximum
Total stringLength - Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
- Maximum
Value stringLength - Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
- Tolerate
Parsing boolWarnings - Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
- Allow
Introspection boolQueries - Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
- Maximum
Batched stringQueries - Specifies the highest number of batched queries allowed by the security policy.
- Maximum
Structure stringDepth - Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
- Maximum
Total stringLength - Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
- Maximum
Value stringLength - Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
- Tolerate
Parsing boolWarnings - Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
- allow
Introspection BooleanQueries - Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
- maximum
Batched StringQueries - Specifies the highest number of batched queries allowed by the security policy.
- maximum
Structure StringDepth - Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
- maximum
Total StringLength - Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
- maximum
Value StringLength - Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
- tolerate
Parsing BooleanWarnings - Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
- allow
Introspection booleanQueries - Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
- maximum
Batched stringQueries - Specifies the highest number of batched queries allowed by the security policy.
- maximum
Structure stringDepth - Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
- maximum
Total stringLength - Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
- maximum
Value stringLength - Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
- tolerate
Parsing booleanWarnings - Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
- allow_
introspection_ boolqueries - Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
- maximum_
batched_ strqueries - Specifies the highest number of batched queries allowed by the security policy.
- maximum_
structure_ strdepth - Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
- maximum_
total_ strlength - Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
- maximum_
value_ strlength - Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
- tolerate_
parsing_ boolwarnings - Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
- allow
Introspection BooleanQueries - Introspection queries can also be enforced to prevent attackers from using them to understand the API structure and potentially breach an application.
- maximum
Batched StringQueries - Specifies the highest number of batched queries allowed by the security policy.
- maximum
Structure StringDepth - Specifies the greatest nesting depth found in the GraphQL structure allowed by the security policy.
- maximum
Total StringLength - Specifies the longest length, in bytes, allowed by the security policy of the request payload, or parameter value, where the GraphQL data was found.
- maximum
Value StringLength - Specifies the longest length (in bytes) of the longest GraphQL element value in the document allowed by the security policy.
- tolerate
Parsing BooleanWarnings - Specifies, when checked (enabled), that the system does not report when the security enforcer encounters warnings while parsing GraphQL content. Specifies when cleared (disabled), that the security policy reports when the security enforcer encounters warnings while parsing GraphQL content. The default setting is disabled.
WafPolicyHostName, WafPolicyHostNameArgs
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- Name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- name string
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- name str
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
- name String
- The unique user-given name of the policy. Policy names cannot contain spaces or special characters. Allowed characters are a-z, A-Z, 0-9, dot, dash (-), colon (:) and underscore (_).
WafPolicyIpException, WafPolicyIpExceptionArgs
- Ip
Address string - Specifies the IP address that you want the system to trust.
- Ip
Mask string - Specifies the netmask of the exceptional IP address. This is an optional field.
- Block
Requests string - Specifies how the system responds to blocking requests sent from this IP address. Possible options [
always,never,policy-default]. - Description string
- Specifies the description of the policy.
- Ignore
Anomalies bool - Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
- Ignore
Ipreputation bool - Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
- Trustedby
Policybuilder bool - Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
- Ip
Address string - Specifies the IP address that you want the system to trust.
- Ip
Mask string - Specifies the netmask of the exceptional IP address. This is an optional field.
- Block
Requests string - Specifies how the system responds to blocking requests sent from this IP address. Possible options [
always,never,policy-default]. - Description string
- Specifies the description of the policy.
- Ignore
Anomalies bool - Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
- Ignore
Ipreputation bool - Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
- Trustedby
Policybuilder bool - Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
- ip
Address String - Specifies the IP address that you want the system to trust.
- ip
Mask String - Specifies the netmask of the exceptional IP address. This is an optional field.
- block
Requests String - Specifies how the system responds to blocking requests sent from this IP address. Possible options [
always,never,policy-default]. - description String
- Specifies the description of the policy.
- ignore
Anomalies Boolean - Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
- ignore
Ipreputation Boolean - Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
- trustedby
Policybuilder Boolean - Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
- ip
Address string - Specifies the IP address that you want the system to trust.
- ip
Mask string - Specifies the netmask of the exceptional IP address. This is an optional field.
- block
Requests string - Specifies how the system responds to blocking requests sent from this IP address. Possible options [
always,never,policy-default]. - description string
- Specifies the description of the policy.
- ignore
Anomalies boolean - Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
- ignore
Ipreputation boolean - Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
- trustedby
Policybuilder boolean - Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
- ip_
address str - Specifies the IP address that you want the system to trust.
- ip_
mask str - Specifies the netmask of the exceptional IP address. This is an optional field.
- block_
requests str - Specifies how the system responds to blocking requests sent from this IP address. Possible options [
always,never,policy-default]. - description str
- Specifies the description of the policy.
- ignore_
anomalies bool - Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
- ignore_
ipreputation bool - Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
- trustedby_
policybuilder bool - Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
- ip
Address String - Specifies the IP address that you want the system to trust.
- ip
Mask String - Specifies the netmask of the exceptional IP address. This is an optional field.
- block
Requests String - Specifies how the system responds to blocking requests sent from this IP address. Possible options [
always,never,policy-default]. - description String
- Specifies the description of the policy.
- ignore
Anomalies Boolean - Specifies when enabled that the system considers this IP address legitimate and does not take it into account when performing brute force prevention.
- ignore
Ipreputation Boolean - Specifies when enabled that the system considers this IP address legitimate even if it is found in the IP Intelligence database (a database of questionable IP addresses).
- trustedby
Policybuilder Boolean - Specifies when enabled the Policy Builder considers traffic from this IP address as being safe.
WafPolicyPolicyBuilder, WafPolicyPolicyBuilderArgs
- Learning
Mode string - learning mode setting for policy-builder, possible options: [
automatic,disabled,manual]
- Learning
Mode string - learning mode setting for policy-builder, possible options: [
automatic,disabled,manual]
- learning
Mode String - learning mode setting for policy-builder, possible options: [
automatic,disabled,manual]
- learning
Mode string - learning mode setting for policy-builder, possible options: [
automatic,disabled,manual]
- learning_
mode str - learning mode setting for policy-builder, possible options: [
automatic,disabled,manual]
- learning
Mode String - learning mode setting for policy-builder, possible options: [
automatic,disabled,manual]
WafPolicySignaturesSetting, WafPolicySignaturesSettingArgs
- Placesignatures
In boolStaging - Signature
Staging bool - setting true will enforce all signature from staging
- Placesignatures
In boolStaging - Signature
Staging bool - setting true will enforce all signature from staging
- placesignatures
In BooleanStaging - signature
Staging Boolean - setting true will enforce all signature from staging
- placesignatures
In booleanStaging - signature
Staging boolean - setting true will enforce all signature from staging
- placesignatures_
in_ boolstaging - signature_
staging bool - setting true will enforce all signature from staging
- placesignatures
In BooleanStaging - signature
Staging Boolean - setting true will enforce all signature from staging
Import
An existing WAF Policy or if the WAF Policy has been manually created or modified on the BIG-IP WebUI, it can be imported using its id.
e.g:
$ pulumi import f5bigip:index/wafPolicy:WafPolicy example <id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- f5 BIG-IP pulumi/pulumi-f5bigip
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
bigipTerraform Provider.