Docs Home
incapsula 3.32.1 published on Monday, Apr 14, 2025 by imperva
incapsula.IncapRule
Explore with Pulumi AI
Provides a resource to create security, delivery, and rate rules.
Note: A newer resource for configuring delivery rules and their priority is available in incapsula.DeliveryRulesConfiguration
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as incapsula from "@pulumi/incapsula";
const example_incap_rule_alert = new incapsula.IncapRule("example-incap-rule-alert", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_ALERT",
filter: "Full-URL == \"/someurl\"",
enabled: true,
sendNotifications: "false",
});
// Incap Rule: Require javascript support
const example_incap_rule_require_js_support = new incapsula.IncapRule("example-incap-rule-require-js-support", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_INTRUSIVE_HTML",
filter: "Full-URL == \"/someurl\"",
enabled: true,
sendNotifications: "false",
});
// Incap Rule: Block IP
const example_incap_rule_block_ip = new incapsula.IncapRule("example-incap-rule-block-ip", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_BLOCK_IP",
filter: "Full-URL == \"/someurl\"",
enabled: true,
sendNotifications: "true",
});
// Incap Rule: Block Request
const example_incap_rule_block_request = new incapsula.IncapRule("example-incap-rule-block-request", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_BLOCK",
filter: "Full-URL == \"/someurl\"",
enabled: true,
sendNotifications: "true",
});
// Incap Rule: Block Session fixed period
const example_incap_rule_block_sessionIncapRule = new incapsula.IncapRule("example-incap-rule-block-sessionIncapRule", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_BLOCK_USER",
filter: "Full-URL == \"/someurl\"",
enabled: true,
blockDurationType: "fixed",
blockDuration: 55,
sendNotifications: "false",
});
// Incap Rule: Block Session randomized period
const example_incap_rule_block_sessionIndex_incapRuleIncapRule = new incapsula.IncapRule("example-incap-rule-block-sessionIndex/incapRuleIncapRule", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_BLOCK_USER",
filter: "Full-URL == \"/someurl\"",
enabled: true,
blockDurationType: "randomized",
blockDurationMin: 25,
blockDurationMax: 44,
sendNotifications: "false",
});
// Incap Rule: Delete Cookie (ADR)
const example_incap_rule_delete_cookie = new incapsula.IncapRule("example-incap-rule-delete-cookie", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_DELETE_COOKIE",
filter: "Full-URL == \"/someurl\"",
rewriteName: "my_test_header",
enabled: true,
});
// Incap Rule: Delete Header (ADR)
const example_incap_rule_delete_header = new incapsula.IncapRule("example-incap-rule-delete-header", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_DELETE_HEADER",
filter: "Full-URL == \"/someurl\"",
rewriteName: "my_test_header",
enabled: true,
});
// Incap Rule: Forward to Data Center (ADR)
// For a more detailed example of how to reference a data center id, look at datasource incapsula_data_center
const example_incap_rule_fwd_to_data_center = new incapsula.IncapRule("example-incap-rule-fwd-to-data-center", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_FORWARD_TO_DC",
filter: "Full-URL == \"/someurl\"",
dcId: data.incapsula_data_center.example_content_dc.id,
enabled: true,
});
// Incap Rule: Redirect (ADR)
const example_incap_rule_redirect = new incapsula.IncapRule("example-incap-rule-redirect", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_REDIRECT",
filter: "Full-URL == \"/someurl\"",
responseCode: 302,
from: "https://site1.com/url1",
to: "https://site2.com/url2",
enabled: true,
});
// Incap Rule: Require Cookie Support (IncapRule)
const example_incap_rule_require_cookie_support = new incapsula.IncapRule("example-incap-rule-require-cookie-support", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_RETRY",
filter: "Full-URL == \"/someurl\"",
enabled: true,
sendNotifications: "false",
});
// Incap Rule: Rewrite Cookie (ADR)
const example_incap_rule_rewrite_cookie = new incapsula.IncapRule("example-incap-rule-rewrite-cookie", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_REWRITE_COOKIE",
filter: "Full-URL == \"/someurl\"",
addMissing: true,
rewriteExisting: true,
from: "some_optional_value",
to: "some_new_value",
rewriteName: "my_cookie_name",
enabled: true,
});
// Incap Rule: Rewrite Header (ADR)
const example_incap_rule_rewrite_header = new incapsula.IncapRule("example-incap-rule-rewrite-header", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_REWRITE_HEADER",
filter: "Full-URL == \"/someurl\"",
addMissing: true,
rewriteExisting: true,
from: "some_optional_value",
to: "some_new_value",
rewriteName: "my_test_header",
enabled: true,
});
// Incap Rule: Rewrite URL (ADR)
const example_incap_rule_rewrite_url = new incapsula.IncapRule("example-incap-rule-rewrite-url", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_REWRITE_URL",
filter: "Full-URL == \"/someurl\"",
from: "*",
to: "/redirect",
enabled: true,
});
// Incap Rule: Override WAF rule
const example_incap_rule_Override_waf_rule = new incapsula.IncapRule("example-incap-rule-Override-waf-rule", {
siteId: incapsula_site["example-site"].id,
action: "RULE_ACTION_WAF_OVERRIDE",
filter: "Full-URL contains \"/block/\"",
overrideWafAction: "Alert Only",
overrideWafRule: "Cross Site Scripting",
enabled: true,
});
import pulumi
import pulumi_incapsula as incapsula
example_incap_rule_alert = incapsula.IncapRule("example-incap-rule-alert",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_ALERT",
filter="Full-URL == \"/someurl\"",
enabled=True,
send_notifications="false")
# Incap Rule: Require javascript support
example_incap_rule_require_js_support = incapsula.IncapRule("example-incap-rule-require-js-support",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_INTRUSIVE_HTML",
filter="Full-URL == \"/someurl\"",
enabled=True,
send_notifications="false")
# Incap Rule: Block IP
example_incap_rule_block_ip = incapsula.IncapRule("example-incap-rule-block-ip",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_BLOCK_IP",
filter="Full-URL == \"/someurl\"",
enabled=True,
send_notifications="true")
# Incap Rule: Block Request
example_incap_rule_block_request = incapsula.IncapRule("example-incap-rule-block-request",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_BLOCK",
filter="Full-URL == \"/someurl\"",
enabled=True,
send_notifications="true")
# Incap Rule: Block Session fixed period
example_incap_rule_block_session_incap_rule = incapsula.IncapRule("example-incap-rule-block-sessionIncapRule",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_BLOCK_USER",
filter="Full-URL == \"/someurl\"",
enabled=True,
block_duration_type="fixed",
block_duration=55,
send_notifications="false")
# Incap Rule: Block Session randomized period
example_incap_rule_block_session_index_incap_rule_incap_rule = incapsula.IncapRule("example-incap-rule-block-sessionIndex/incapRuleIncapRule",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_BLOCK_USER",
filter="Full-URL == \"/someurl\"",
enabled=True,
block_duration_type="randomized",
block_duration_min=25,
block_duration_max=44,
send_notifications="false")
# Incap Rule: Delete Cookie (ADR)
example_incap_rule_delete_cookie = incapsula.IncapRule("example-incap-rule-delete-cookie",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_DELETE_COOKIE",
filter="Full-URL == \"/someurl\"",
rewrite_name="my_test_header",
enabled=True)
# Incap Rule: Delete Header (ADR)
example_incap_rule_delete_header = incapsula.IncapRule("example-incap-rule-delete-header",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_DELETE_HEADER",
filter="Full-URL == \"/someurl\"",
rewrite_name="my_test_header",
enabled=True)
# Incap Rule: Forward to Data Center (ADR)
# For a more detailed example of how to reference a data center id, look at datasource incapsula_data_center
example_incap_rule_fwd_to_data_center = incapsula.IncapRule("example-incap-rule-fwd-to-data-center",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_FORWARD_TO_DC",
filter="Full-URL == \"/someurl\"",
dc_id=data["incapsula_data_center"]["example_content_dc"]["id"],
enabled=True)
# Incap Rule: Redirect (ADR)
example_incap_rule_redirect = incapsula.IncapRule("example-incap-rule-redirect",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_REDIRECT",
filter="Full-URL == \"/someurl\"",
response_code=302,
from_="https://site1.com/url1",
to="https://site2.com/url2",
enabled=True)
# Incap Rule: Require Cookie Support (IncapRule)
example_incap_rule_require_cookie_support = incapsula.IncapRule("example-incap-rule-require-cookie-support",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_RETRY",
filter="Full-URL == \"/someurl\"",
enabled=True,
send_notifications="false")
# Incap Rule: Rewrite Cookie (ADR)
example_incap_rule_rewrite_cookie = incapsula.IncapRule("example-incap-rule-rewrite-cookie",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_REWRITE_COOKIE",
filter="Full-URL == \"/someurl\"",
add_missing=True,
rewrite_existing=True,
from_="some_optional_value",
to="some_new_value",
rewrite_name="my_cookie_name",
enabled=True)
# Incap Rule: Rewrite Header (ADR)
example_incap_rule_rewrite_header = incapsula.IncapRule("example-incap-rule-rewrite-header",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_REWRITE_HEADER",
filter="Full-URL == \"/someurl\"",
add_missing=True,
rewrite_existing=True,
from_="some_optional_value",
to="some_new_value",
rewrite_name="my_test_header",
enabled=True)
# Incap Rule: Rewrite URL (ADR)
example_incap_rule_rewrite_url = incapsula.IncapRule("example-incap-rule-rewrite-url",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_REWRITE_URL",
filter="Full-URL == \"/someurl\"",
from_="*",
to="/redirect",
enabled=True)
# Incap Rule: Override WAF rule
example_incap_rule__override_waf_rule = incapsula.IncapRule("example-incap-rule-Override-waf-rule",
site_id=incapsula_site["example-site"]["id"],
action="RULE_ACTION_WAF_OVERRIDE",
filter="Full-URL contains \"/block/\"",
override_waf_action="Alert Only",
override_waf_rule="Cross Site Scripting",
enabled=True)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/incapsula/v3/incapsula"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := incapsula.NewIncapRule(ctx, "example-incap-rule-alert", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_ALERT"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
Enabled: pulumi.Bool(true),
SendNotifications: pulumi.String("false"),
})
if err != nil {
return err
}
// Incap Rule: Require javascript support
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-require-js-support", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_INTRUSIVE_HTML"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
Enabled: pulumi.Bool(true),
SendNotifications: pulumi.String("false"),
})
if err != nil {
return err
}
// Incap Rule: Block IP
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-block-ip", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_BLOCK_IP"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
Enabled: pulumi.Bool(true),
SendNotifications: pulumi.String("true"),
})
if err != nil {
return err
}
// Incap Rule: Block Request
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-block-request", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_BLOCK"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
Enabled: pulumi.Bool(true),
SendNotifications: pulumi.String("true"),
})
if err != nil {
return err
}
// Incap Rule: Block Session fixed period
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-block-sessionIncapRule", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_BLOCK_USER"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
Enabled: pulumi.Bool(true),
BlockDurationType: pulumi.String("fixed"),
BlockDuration: pulumi.Float64(55),
SendNotifications: pulumi.String("false"),
})
if err != nil {
return err
}
// Incap Rule: Block Session randomized period
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-block-sessionIndex/incapRuleIncapRule", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_BLOCK_USER"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
Enabled: pulumi.Bool(true),
BlockDurationType: pulumi.String("randomized"),
BlockDurationMin: pulumi.Float64(25),
BlockDurationMax: pulumi.Float64(44),
SendNotifications: pulumi.String("false"),
})
if err != nil {
return err
}
// Incap Rule: Delete Cookie (ADR)
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-delete-cookie", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_DELETE_COOKIE"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
RewriteName: pulumi.String("my_test_header"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Incap Rule: Delete Header (ADR)
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-delete-header", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_DELETE_HEADER"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
RewriteName: pulumi.String("my_test_header"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Incap Rule: Forward to Data Center (ADR)
// For a more detailed example of how to reference a data center id, look at datasource incapsula_data_center
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-fwd-to-data-center", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_FORWARD_TO_DC"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
DcId: pulumi.Any(data.Incapsula_data_center.Example_content_dc.Id),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Incap Rule: Redirect (ADR)
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-redirect", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_REDIRECT"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
ResponseCode: pulumi.Float64(302),
From: pulumi.String("https://site1.com/url1"),
To: pulumi.String("https://site2.com/url2"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Incap Rule: Require Cookie Support (IncapRule)
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-require-cookie-support", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_RETRY"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
Enabled: pulumi.Bool(true),
SendNotifications: pulumi.String("false"),
})
if err != nil {
return err
}
// Incap Rule: Rewrite Cookie (ADR)
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-rewrite-cookie", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_REWRITE_COOKIE"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
AddMissing: pulumi.Bool(true),
RewriteExisting: pulumi.Bool(true),
From: pulumi.String("some_optional_value"),
To: pulumi.String("some_new_value"),
RewriteName: pulumi.String("my_cookie_name"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Incap Rule: Rewrite Header (ADR)
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-rewrite-header", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_REWRITE_HEADER"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
AddMissing: pulumi.Bool(true),
RewriteExisting: pulumi.Bool(true),
From: pulumi.String("some_optional_value"),
To: pulumi.String("some_new_value"),
RewriteName: pulumi.String("my_test_header"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Incap Rule: Rewrite URL (ADR)
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-rewrite-url", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_REWRITE_URL"),
Filter: pulumi.String("Full-URL == \"/someurl\""),
From: pulumi.String("*"),
To: pulumi.String("/redirect"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Incap Rule: Override WAF rule
_, err = incapsula.NewIncapRule(ctx, "example-incap-rule-Override-waf-rule", &incapsula.IncapRuleArgs{
SiteId: pulumi.Any(incapsula_site.ExampleSite.Id),
Action: pulumi.String("RULE_ACTION_WAF_OVERRIDE"),
Filter: pulumi.String("Full-URL contains \"/block/\""),
OverrideWafAction: pulumi.String("Alert Only"),
OverrideWafRule: pulumi.String("Cross Site Scripting"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Incapsula = Pulumi.Incapsula;
return await Deployment.RunAsync(() =>
{
var example_incap_rule_alert = new Incapsula.IncapRule("example-incap-rule-alert", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_ALERT",
Filter = "Full-URL == \"/someurl\"",
Enabled = true,
SendNotifications = "false",
});
// Incap Rule: Require javascript support
var example_incap_rule_require_js_support = new Incapsula.IncapRule("example-incap-rule-require-js-support", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_INTRUSIVE_HTML",
Filter = "Full-URL == \"/someurl\"",
Enabled = true,
SendNotifications = "false",
});
// Incap Rule: Block IP
var example_incap_rule_block_ip = new Incapsula.IncapRule("example-incap-rule-block-ip", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_BLOCK_IP",
Filter = "Full-URL == \"/someurl\"",
Enabled = true,
SendNotifications = "true",
});
// Incap Rule: Block Request
var example_incap_rule_block_request = new Incapsula.IncapRule("example-incap-rule-block-request", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_BLOCK",
Filter = "Full-URL == \"/someurl\"",
Enabled = true,
SendNotifications = "true",
});
// Incap Rule: Block Session fixed period
var example_incap_rule_block_sessionIncapRule = new Incapsula.IncapRule("example-incap-rule-block-sessionIncapRule", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_BLOCK_USER",
Filter = "Full-URL == \"/someurl\"",
Enabled = true,
BlockDurationType = "fixed",
BlockDuration = 55,
SendNotifications = "false",
});
// Incap Rule: Block Session randomized period
var example_incap_rule_block_sessionIndex_incapRuleIncapRule = new Incapsula.IncapRule("example-incap-rule-block-sessionIndex/incapRuleIncapRule", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_BLOCK_USER",
Filter = "Full-URL == \"/someurl\"",
Enabled = true,
BlockDurationType = "randomized",
BlockDurationMin = 25,
BlockDurationMax = 44,
SendNotifications = "false",
});
// Incap Rule: Delete Cookie (ADR)
var example_incap_rule_delete_cookie = new Incapsula.IncapRule("example-incap-rule-delete-cookie", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_DELETE_COOKIE",
Filter = "Full-URL == \"/someurl\"",
RewriteName = "my_test_header",
Enabled = true,
});
// Incap Rule: Delete Header (ADR)
var example_incap_rule_delete_header = new Incapsula.IncapRule("example-incap-rule-delete-header", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_DELETE_HEADER",
Filter = "Full-URL == \"/someurl\"",
RewriteName = "my_test_header",
Enabled = true,
});
// Incap Rule: Forward to Data Center (ADR)
// For a more detailed example of how to reference a data center id, look at datasource incapsula_data_center
var example_incap_rule_fwd_to_data_center = new Incapsula.IncapRule("example-incap-rule-fwd-to-data-center", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_FORWARD_TO_DC",
Filter = "Full-URL == \"/someurl\"",
DcId = data.Incapsula_data_center.Example_content_dc.Id,
Enabled = true,
});
// Incap Rule: Redirect (ADR)
var example_incap_rule_redirect = new Incapsula.IncapRule("example-incap-rule-redirect", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_REDIRECT",
Filter = "Full-URL == \"/someurl\"",
ResponseCode = 302,
From = "https://site1.com/url1",
To = "https://site2.com/url2",
Enabled = true,
});
// Incap Rule: Require Cookie Support (IncapRule)
var example_incap_rule_require_cookie_support = new Incapsula.IncapRule("example-incap-rule-require-cookie-support", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_RETRY",
Filter = "Full-URL == \"/someurl\"",
Enabled = true,
SendNotifications = "false",
});
// Incap Rule: Rewrite Cookie (ADR)
var example_incap_rule_rewrite_cookie = new Incapsula.IncapRule("example-incap-rule-rewrite-cookie", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_REWRITE_COOKIE",
Filter = "Full-URL == \"/someurl\"",
AddMissing = true,
RewriteExisting = true,
From = "some_optional_value",
To = "some_new_value",
RewriteName = "my_cookie_name",
Enabled = true,
});
// Incap Rule: Rewrite Header (ADR)
var example_incap_rule_rewrite_header = new Incapsula.IncapRule("example-incap-rule-rewrite-header", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_REWRITE_HEADER",
Filter = "Full-URL == \"/someurl\"",
AddMissing = true,
RewriteExisting = true,
From = "some_optional_value",
To = "some_new_value",
RewriteName = "my_test_header",
Enabled = true,
});
// Incap Rule: Rewrite URL (ADR)
var example_incap_rule_rewrite_url = new Incapsula.IncapRule("example-incap-rule-rewrite-url", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_REWRITE_URL",
Filter = "Full-URL == \"/someurl\"",
From = "*",
To = "/redirect",
Enabled = true,
});
// Incap Rule: Override WAF rule
var example_incap_rule_Override_waf_rule = new Incapsula.IncapRule("example-incap-rule-Override-waf-rule", new()
{
SiteId = incapsula_site.Example_site.Id,
Action = "RULE_ACTION_WAF_OVERRIDE",
Filter = "Full-URL contains \"/block/\"",
OverrideWafAction = "Alert Only",
OverrideWafRule = "Cross Site Scripting",
Enabled = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.incapsula.IncapRule;
import com.pulumi.incapsula.IncapRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example_incap_rule_alert = new IncapRule("example-incap-rule-alert", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_ALERT")
.filter("Full-URL == \"/someurl\"")
.enabled(true)
.sendNotifications("false")
.build());
// Incap Rule: Require javascript support
var example_incap_rule_require_js_support = new IncapRule("example-incap-rule-require-js-support", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_INTRUSIVE_HTML")
.filter("Full-URL == \"/someurl\"")
.enabled(true)
.sendNotifications("false")
.build());
// Incap Rule: Block IP
var example_incap_rule_block_ip = new IncapRule("example-incap-rule-block-ip", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_BLOCK_IP")
.filter("Full-URL == \"/someurl\"")
.enabled(true)
.sendNotifications("true")
.build());
// Incap Rule: Block Request
var example_incap_rule_block_request = new IncapRule("example-incap-rule-block-request", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_BLOCK")
.filter("Full-URL == \"/someurl\"")
.enabled(true)
.sendNotifications("true")
.build());
// Incap Rule: Block Session fixed period
var example_incap_rule_block_sessionIncapRule = new IncapRule("example-incap-rule-block-sessionIncapRule", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_BLOCK_USER")
.filter("Full-URL == \"/someurl\"")
.enabled(true)
.blockDurationType("fixed")
.blockDuration(55)
.sendNotifications("false")
.build());
// Incap Rule: Block Session randomized period
var example_incap_rule_block_sessionIndex_incapRuleIncapRule = new IncapRule("example-incap-rule-block-sessionIndex/incapRuleIncapRule", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_BLOCK_USER")
.filter("Full-URL == \"/someurl\"")
.enabled(true)
.blockDurationType("randomized")
.blockDurationMin(25)
.blockDurationMax(44)
.sendNotifications("false")
.build());
// Incap Rule: Delete Cookie (ADR)
var example_incap_rule_delete_cookie = new IncapRule("example-incap-rule-delete-cookie", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_DELETE_COOKIE")
.filter("Full-URL == \"/someurl\"")
.rewriteName("my_test_header")
.enabled(true)
.build());
// Incap Rule: Delete Header (ADR)
var example_incap_rule_delete_header = new IncapRule("example-incap-rule-delete-header", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_DELETE_HEADER")
.filter("Full-URL == \"/someurl\"")
.rewriteName("my_test_header")
.enabled(true)
.build());
// Incap Rule: Forward to Data Center (ADR)
// For a more detailed example of how to reference a data center id, look at datasource incapsula_data_center
var example_incap_rule_fwd_to_data_center = new IncapRule("example-incap-rule-fwd-to-data-center", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_FORWARD_TO_DC")
.filter("Full-URL == \"/someurl\"")
.dcId(data.incapsula_data_center().example_content_dc().id())
.enabled(true)
.build());
// Incap Rule: Redirect (ADR)
var example_incap_rule_redirect = new IncapRule("example-incap-rule-redirect", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_REDIRECT")
.filter("Full-URL == \"/someurl\"")
.responseCode("302")
.from("https://site1.com/url1")
.to("https://site2.com/url2")
.enabled(true)
.build());
// Incap Rule: Require Cookie Support (IncapRule)
var example_incap_rule_require_cookie_support = new IncapRule("example-incap-rule-require-cookie-support", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_RETRY")
.filter("Full-URL == \"/someurl\"")
.enabled(true)
.sendNotifications("false")
.build());
// Incap Rule: Rewrite Cookie (ADR)
var example_incap_rule_rewrite_cookie = new IncapRule("example-incap-rule-rewrite-cookie", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_REWRITE_COOKIE")
.filter("Full-URL == \"/someurl\"")
.addMissing("true")
.rewriteExisting("true")
.from("some_optional_value")
.to("some_new_value")
.rewriteName("my_cookie_name")
.enabled(true)
.build());
// Incap Rule: Rewrite Header (ADR)
var example_incap_rule_rewrite_header = new IncapRule("example-incap-rule-rewrite-header", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_REWRITE_HEADER")
.filter("Full-URL == \"/someurl\"")
.addMissing("true")
.rewriteExisting("true")
.from("some_optional_value")
.to("some_new_value")
.rewriteName("my_test_header")
.enabled(true)
.build());
// Incap Rule: Rewrite URL (ADR)
var example_incap_rule_rewrite_url = new IncapRule("example-incap-rule-rewrite-url", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_REWRITE_URL")
.filter("Full-URL == \"/someurl\"")
.from("*")
.to("/redirect")
.enabled(true)
.build());
// Incap Rule: Override WAF rule
var example_incap_rule_Override_waf_rule = new IncapRule("example-incap-rule-Override-waf-rule", IncapRuleArgs.builder()
.siteId(incapsula_site.example-site().id())
.action("RULE_ACTION_WAF_OVERRIDE")
.filter("Full-URL contains \"/block/\"")
.overrideWafAction("Alert Only")
.overrideWafRule("Cross Site Scripting")
.enabled(true)
.build());
}
}
resources:
example-incap-rule-alert:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_ALERT
filter: Full-URL == "/someurl"
enabled: true
sendNotifications: 'false'
# Incap Rule: Require javascript support
example-incap-rule-require-js-support:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_INTRUSIVE_HTML
filter: Full-URL == "/someurl"
enabled: true
sendNotifications: 'false'
# Incap Rule: Block IP
example-incap-rule-block-ip:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_BLOCK_IP
filter: Full-URL == "/someurl"
enabled: true
sendNotifications: 'true'
# Incap Rule: Block Request
example-incap-rule-block-request:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_BLOCK
filter: Full-URL == "/someurl"
enabled: true
sendNotifications: 'true'
# Incap Rule: Block Session fixed period
example-incap-rule-block-sessionIncapRule:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_BLOCK_USER
filter: Full-URL == "/someurl"
enabled: true
blockDurationType: fixed
blockDuration: 55
sendNotifications: 'false'
# Incap Rule: Block Session randomized period
example-incap-rule-block-sessionIndex/incapRuleIncapRule:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_BLOCK_USER
filter: Full-URL == "/someurl"
enabled: true
blockDurationType: randomized
blockDurationMin: 25
blockDurationMax: 44
sendNotifications: 'false'
# Incap Rule: Delete Cookie (ADR)
example-incap-rule-delete-cookie:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_DELETE_COOKIE
filter: Full-URL == "/someurl"
rewriteName: my_test_header
enabled: true
# Incap Rule: Delete Header (ADR)
example-incap-rule-delete-header:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_DELETE_HEADER
filter: Full-URL == "/someurl"
rewriteName: my_test_header
enabled: true
# Incap Rule: Forward to Data Center (ADR)
# For a more detailed example of how to reference a data center id, look at datasource incapsula_data_center
example-incap-rule-fwd-to-data-center:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_FORWARD_TO_DC
filter: Full-URL == "/someurl"
dcId: ${data.incapsula_data_center.example_content_dc.id}
enabled: true
# Incap Rule: Redirect (ADR)
example-incap-rule-redirect:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_REDIRECT
filter: Full-URL == "/someurl"
responseCode: '302'
from: https://site1.com/url1
to: https://site2.com/url2
enabled: true
# Incap Rule: Require Cookie Support (IncapRule)
example-incap-rule-require-cookie-support:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_RETRY
filter: Full-URL == "/someurl"
enabled: true
sendNotifications: 'false'
# Incap Rule: Rewrite Cookie (ADR)
example-incap-rule-rewrite-cookie:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_REWRITE_COOKIE
filter: Full-URL == "/someurl"
addMissing: 'true'
rewriteExisting: 'true'
from: some_optional_value
to: some_new_value
rewriteName: my_cookie_name
enabled: true
# Incap Rule: Rewrite Header (ADR)
example-incap-rule-rewrite-header:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_REWRITE_HEADER
filter: Full-URL == "/someurl"
addMissing: 'true'
rewriteExisting: 'true'
from: some_optional_value
to: some_new_value
rewriteName: my_test_header
enabled: true
# Incap Rule: Rewrite URL (ADR)
example-incap-rule-rewrite-url:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_REWRITE_URL
filter: Full-URL == "/someurl"
from: '*'
to: /redirect
enabled: true
# Incap Rule: Override WAF rule
example-incap-rule-Override-waf-rule:
type: incapsula:IncapRule
properties:
siteId: ${incapsula_site"example-site"[%!s(MISSING)].id}
action: RULE_ACTION_WAF_OVERRIDE
filter: Full-URL contains "/block/"
overrideWafAction: Alert Only
overrideWafRule: Cross Site Scripting
enabled: true
Create IncapRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IncapRule(name: string, args: IncapRuleArgs, opts?: CustomResourceOptions);@overload
def IncapRule(resource_name: str,
args: IncapRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IncapRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
site_id: Optional[str] = None,
multiple_deletions: Optional[bool] = None,
rewrite_name: Optional[str] = None,
block_duration_min: Optional[float] = None,
block_duration_type: Optional[str] = None,
dc_id: Optional[float] = None,
enabled: Optional[bool] = None,
error_response_data: Optional[str] = None,
error_response_format: Optional[str] = None,
error_type: Optional[str] = None,
filter: Optional[str] = None,
from_: Optional[str] = None,
incap_rule_id: Optional[str] = None,
block_duration_max: Optional[float] = None,
block_duration: Optional[float] = None,
rate_context: Optional[str] = None,
override_waf_rule: Optional[str] = None,
port_forwarding_context: Optional[str] = None,
port_forwarding_value: Optional[str] = None,
override_waf_action: Optional[str] = None,
rate_interval: Optional[float] = None,
response_code: Optional[float] = None,
rewrite_existing: Optional[bool] = None,
name: Optional[str] = None,
send_notifications: Optional[str] = None,
add_missing: Optional[bool] = None,
to: Optional[str] = None)func NewIncapRule(ctx *Context, name string, args IncapRuleArgs, opts ...ResourceOption) (*IncapRule, error)public IncapRule(string name, IncapRuleArgs args, CustomResourceOptions? opts = null)
public IncapRule(String name, IncapRuleArgs args)
public IncapRule(String name, IncapRuleArgs args, CustomResourceOptions options)
type: incapsula:IncapRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IncapRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IncapRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IncapRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IncapRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IncapRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var incapRuleResource = new Incapsula.IncapRule("incapRuleResource", new()
{
Action = "string",
SiteId = "string",
MultipleDeletions = false,
RewriteName = "string",
BlockDurationMin = 0,
BlockDurationType = "string",
DcId = 0,
Enabled = false,
ErrorResponseData = "string",
ErrorResponseFormat = "string",
ErrorType = "string",
Filter = "string",
From = "string",
IncapRuleId = "string",
BlockDurationMax = 0,
BlockDuration = 0,
RateContext = "string",
OverrideWafRule = "string",
PortForwardingContext = "string",
PortForwardingValue = "string",
OverrideWafAction = "string",
RateInterval = 0,
ResponseCode = 0,
RewriteExisting = false,
Name = "string",
SendNotifications = "string",
AddMissing = false,
To = "string",
});
example, err := incapsula.NewIncapRule(ctx, "incapRuleResource", &incapsula.IncapRuleArgs{
Action: pulumi.String("string"),
SiteId: pulumi.String("string"),
MultipleDeletions: pulumi.Bool(false),
RewriteName: pulumi.String("string"),
BlockDurationMin: pulumi.Float64(0),
BlockDurationType: pulumi.String("string"),
DcId: pulumi.Float64(0),
Enabled: pulumi.Bool(false),
ErrorResponseData: pulumi.String("string"),
ErrorResponseFormat: pulumi.String("string"),
ErrorType: pulumi.String("string"),
Filter: pulumi.String("string"),
From: pulumi.String("string"),
IncapRuleId: pulumi.String("string"),
BlockDurationMax: pulumi.Float64(0),
BlockDuration: pulumi.Float64(0),
RateContext: pulumi.String("string"),
OverrideWafRule: pulumi.String("string"),
PortForwardingContext: pulumi.String("string"),
PortForwardingValue: pulumi.String("string"),
OverrideWafAction: pulumi.String("string"),
RateInterval: pulumi.Float64(0),
ResponseCode: pulumi.Float64(0),
RewriteExisting: pulumi.Bool(false),
Name: pulumi.String("string"),
SendNotifications: pulumi.String("string"),
AddMissing: pulumi.Bool(false),
To: pulumi.String("string"),
})
var incapRuleResource = new IncapRule("incapRuleResource", IncapRuleArgs.builder()
.action("string")
.siteId("string")
.multipleDeletions(false)
.rewriteName("string")
.blockDurationMin(0)
.blockDurationType("string")
.dcId(0)
.enabled(false)
.errorResponseData("string")
.errorResponseFormat("string")
.errorType("string")
.filter("string")
.from("string")
.incapRuleId("string")
.blockDurationMax(0)
.blockDuration(0)
.rateContext("string")
.overrideWafRule("string")
.portForwardingContext("string")
.portForwardingValue("string")
.overrideWafAction("string")
.rateInterval(0)
.responseCode(0)
.rewriteExisting(false)
.name("string")
.sendNotifications("string")
.addMissing(false)
.to("string")
.build());
incap_rule_resource = incapsula.IncapRule("incapRuleResource",
action="string",
site_id="string",
multiple_deletions=False,
rewrite_name="string",
block_duration_min=0,
block_duration_type="string",
dc_id=0,
enabled=False,
error_response_data="string",
error_response_format="string",
error_type="string",
filter="string",
from_="string",
incap_rule_id="string",
block_duration_max=0,
block_duration=0,
rate_context="string",
override_waf_rule="string",
port_forwarding_context="string",
port_forwarding_value="string",
override_waf_action="string",
rate_interval=0,
response_code=0,
rewrite_existing=False,
name="string",
send_notifications="string",
add_missing=False,
to="string")
const incapRuleResource = new incapsula.IncapRule("incapRuleResource", {
action: "string",
siteId: "string",
multipleDeletions: false,
rewriteName: "string",
blockDurationMin: 0,
blockDurationType: "string",
dcId: 0,
enabled: false,
errorResponseData: "string",
errorResponseFormat: "string",
errorType: "string",
filter: "string",
from: "string",
incapRuleId: "string",
blockDurationMax: 0,
blockDuration: 0,
rateContext: "string",
overrideWafRule: "string",
portForwardingContext: "string",
portForwardingValue: "string",
overrideWafAction: "string",
rateInterval: 0,
responseCode: 0,
rewriteExisting: false,
name: "string",
sendNotifications: "string",
addMissing: false,
to: "string",
});
type: incapsula:IncapRule
properties:
action: string
addMissing: false
blockDuration: 0
blockDurationMax: 0
blockDurationMin: 0
blockDurationType: string
dcId: 0
enabled: false
errorResponseData: string
errorResponseFormat: string
errorType: string
filter: string
from: string
incapRuleId: string
multipleDeletions: false
name: string
overrideWafAction: string
overrideWafRule: string
portForwardingContext: string
portForwardingValue: string
rateContext: string
rateInterval: 0
responseCode: 0
rewriteExisting: false
rewriteName: string
sendNotifications: string
siteId: string
to: string
IncapRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IncapRule resource accepts the following input properties:
- Action string
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - Site
Id string - Numeric identifier of the site to operate on.
- Add
Missing bool - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- Block
Duration double - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - Block
Duration doubleMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration doubleMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration stringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - Dc
Id double - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - Enabled bool
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- Error
Response stringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - Error
Response stringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - Error
Type string - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - Filter string
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - From string
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - Incap
Rule stringId - Unique identifier in the API for the Incap Rule.
- Multiple
Deletions bool - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - Name string
- Rule name.
- Override
Waf stringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - Override
Waf stringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - Port
Forwarding stringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Port
Forwarding stringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Rate
Context string - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - Rate
Interval double - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - Response
Code double - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - Rewrite
Existing bool - Rewrite cookie or header if it exists.
- Rewrite
Name string - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - Send
Notifications string - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - To string
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- Action string
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - Site
Id string - Numeric identifier of the site to operate on.
- Add
Missing bool - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- Block
Duration float64 - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - Block
Duration float64Max - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration float64Min - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration stringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - Dc
Id float64 - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - Enabled bool
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- Error
Response stringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - Error
Response stringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - Error
Type string - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - Filter string
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - From string
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - Incap
Rule stringId - Unique identifier in the API for the Incap Rule.
- Multiple
Deletions bool - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - Name string
- Rule name.
- Override
Waf stringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - Override
Waf stringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - Port
Forwarding stringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Port
Forwarding stringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Rate
Context string - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - Rate
Interval float64 - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - Response
Code float64 - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - Rewrite
Existing bool - Rewrite cookie or header if it exists.
- Rewrite
Name string - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - Send
Notifications string - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - To string
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action String
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - site
Id String - Numeric identifier of the site to operate on.
- add
Missing Boolean - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block
Duration Double - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block
Duration DoubleMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration DoubleMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration StringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc
Id Double - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled Boolean
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error
Response StringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error
Response StringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error
Type String - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter String
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from String
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap
Rule StringId - Unique identifier in the API for the Incap Rule.
- multiple
Deletions Boolean - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name String
- Rule name.
- override
Waf StringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override
Waf StringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port
Forwarding StringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port
Forwarding StringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate
Context String - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate
Interval Double - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response
Code Double - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite
Existing Boolean - Rewrite cookie or header if it exists.
- rewrite
Name String - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send
Notifications String - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - to String
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action string
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - site
Id string - Numeric identifier of the site to operate on.
- add
Missing boolean - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block
Duration number - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block
Duration numberMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration numberMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration stringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc
Id number - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled boolean
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error
Response stringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error
Response stringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error
Type string - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter string
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from string
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap
Rule stringId - Unique identifier in the API for the Incap Rule.
- multiple
Deletions boolean - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name string
- Rule name.
- override
Waf stringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override
Waf stringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port
Forwarding stringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port
Forwarding stringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate
Context string - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate
Interval number - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response
Code number - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite
Existing boolean - Rewrite cookie or header if it exists.
- rewrite
Name string - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send
Notifications string - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - to string
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action str
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - site_
id str - Numeric identifier of the site to operate on.
- add_
missing bool - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block_
duration float - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block_
duration_ floatmax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block_
duration_ floatmin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block_
duration_ strtype - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc_
id float - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled bool
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error_
response_ strdata - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error_
response_ strformat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error_
type str - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter str
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from_ str
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap_
rule_ strid - Unique identifier in the API for the Incap Rule.
- multiple_
deletions bool - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name str
- Rule name.
- override_
waf_ straction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override_
waf_ strrule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port_
forwarding_ strcontext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port_
forwarding_ strvalue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate_
context str - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate_
interval float - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response_
code float - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite_
existing bool - Rewrite cookie or header if it exists.
- rewrite_
name str - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send_
notifications str - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - to str
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action String
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - site
Id String - Numeric identifier of the site to operate on.
- add
Missing Boolean - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block
Duration Number - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block
Duration NumberMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration NumberMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration StringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc
Id Number - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled Boolean
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error
Response StringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error
Response StringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error
Type String - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter String
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from String
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap
Rule StringId - Unique identifier in the API for the Incap Rule.
- multiple
Deletions Boolean - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name String
- Rule name.
- override
Waf StringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override
Waf StringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port
Forwarding StringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port
Forwarding StringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate
Context String - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate
Interval Number - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response
Code Number - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite
Existing Boolean - Rewrite cookie or header if it exists.
- rewrite
Name String - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send
Notifications String - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - to String
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
Outputs
All input properties are implicitly available as output properties. Additionally, the IncapRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing IncapRule Resource
Get an existing IncapRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IncapRuleState, opts?: CustomResourceOptions): IncapRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
add_missing: Optional[bool] = None,
block_duration: Optional[float] = None,
block_duration_max: Optional[float] = None,
block_duration_min: Optional[float] = None,
block_duration_type: Optional[str] = None,
dc_id: Optional[float] = None,
enabled: Optional[bool] = None,
error_response_data: Optional[str] = None,
error_response_format: Optional[str] = None,
error_type: Optional[str] = None,
filter: Optional[str] = None,
from_: Optional[str] = None,
incap_rule_id: Optional[str] = None,
multiple_deletions: Optional[bool] = None,
name: Optional[str] = None,
override_waf_action: Optional[str] = None,
override_waf_rule: Optional[str] = None,
port_forwarding_context: Optional[str] = None,
port_forwarding_value: Optional[str] = None,
rate_context: Optional[str] = None,
rate_interval: Optional[float] = None,
response_code: Optional[float] = None,
rewrite_existing: Optional[bool] = None,
rewrite_name: Optional[str] = None,
send_notifications: Optional[str] = None,
site_id: Optional[str] = None,
to: Optional[str] = None) -> IncapRulefunc GetIncapRule(ctx *Context, name string, id IDInput, state *IncapRuleState, opts ...ResourceOption) (*IncapRule, error)public static IncapRule Get(string name, Input<string> id, IncapRuleState? state, CustomResourceOptions? opts = null)public static IncapRule get(String name, Output<String> id, IncapRuleState state, CustomResourceOptions options)resources: _: type: incapsula:IncapRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - Add
Missing bool - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- Block
Duration double - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - Block
Duration doubleMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration doubleMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration stringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - Dc
Id double - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - Enabled bool
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- Error
Response stringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - Error
Response stringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - Error
Type string - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - Filter string
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - From string
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - Incap
Rule stringId - Unique identifier in the API for the Incap Rule.
- Multiple
Deletions bool - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - Name string
- Rule name.
- Override
Waf stringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - Override
Waf stringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - Port
Forwarding stringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Port
Forwarding stringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Rate
Context string - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - Rate
Interval double - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - Response
Code double - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - Rewrite
Existing bool - Rewrite cookie or header if it exists.
- Rewrite
Name string - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - Send
Notifications string - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - Site
Id string - Numeric identifier of the site to operate on.
- To string
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- Action string
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - Add
Missing bool - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- Block
Duration float64 - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - Block
Duration float64Max - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration float64Min - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - Block
Duration stringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - Dc
Id float64 - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - Enabled bool
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- Error
Response stringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - Error
Response stringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - Error
Type string - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - Filter string
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - From string
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - Incap
Rule stringId - Unique identifier in the API for the Incap Rule.
- Multiple
Deletions bool - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - Name string
- Rule name.
- Override
Waf stringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - Override
Waf stringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - Port
Forwarding stringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Port
Forwarding stringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - Rate
Context string - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - Rate
Interval float64 - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - Response
Code float64 - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - Rewrite
Existing bool - Rewrite cookie or header if it exists.
- Rewrite
Name string - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - Send
Notifications string - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - Site
Id string - Numeric identifier of the site to operate on.
- To string
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action String
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - add
Missing Boolean - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block
Duration Double - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block
Duration DoubleMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration DoubleMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration StringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc
Id Double - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled Boolean
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error
Response StringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error
Response StringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error
Type String - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter String
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from String
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap
Rule StringId - Unique identifier in the API for the Incap Rule.
- multiple
Deletions Boolean - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name String
- Rule name.
- override
Waf StringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override
Waf StringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port
Forwarding StringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port
Forwarding StringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate
Context String - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate
Interval Double - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response
Code Double - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite
Existing Boolean - Rewrite cookie or header if it exists.
- rewrite
Name String - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send
Notifications String - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - site
Id String - Numeric identifier of the site to operate on.
- to String
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action string
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - add
Missing boolean - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block
Duration number - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block
Duration numberMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration numberMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration stringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc
Id number - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled boolean
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error
Response stringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error
Response stringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error
Type string - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter string
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from string
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap
Rule stringId - Unique identifier in the API for the Incap Rule.
- multiple
Deletions boolean - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name string
- Rule name.
- override
Waf stringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override
Waf stringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port
Forwarding stringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port
Forwarding stringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate
Context string - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate
Interval number - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response
Code number - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite
Existing boolean - Rewrite cookie or header if it exists.
- rewrite
Name string - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send
Notifications string - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - site
Id string - Numeric identifier of the site to operate on.
- to string
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action str
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - add_
missing bool - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block_
duration float - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block_
duration_ floatmax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block_
duration_ floatmin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block_
duration_ strtype - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc_
id float - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled bool
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error_
response_ strdata - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error_
response_ strformat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error_
type str - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter str
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from_ str
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap_
rule_ strid - Unique identifier in the API for the Incap Rule.
- multiple_
deletions bool - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name str
- Rule name.
- override_
waf_ straction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override_
waf_ strrule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port_
forwarding_ strcontext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port_
forwarding_ strvalue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate_
context str - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate_
interval float - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response_
code float - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite_
existing bool - Rewrite cookie or header if it exists.
- rewrite_
name str - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send_
notifications str - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - site_
id str - Numeric identifier of the site to operate on.
- to str
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
- action String
- Rule action. See the detailed descriptions in the API documentation. Possible values:
RULE_ACTION_REDIRECT,RULE_ACTION_SIMPLIFIED_REDIRECT,RULE_ACTION_REWRITE_URL,RULE_ACTION_REWRITE_HEADER,RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_DELETE_HEADER,RULE_ACTION_DELETE_COOKIE,RULE_ACTION_RESPONSE_REWRITE_HEADER,RULE_ACTION_RESPONSE_DELETE_HEADER,RULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODE,RULE_ACTION_FORWARD_TO_DC,RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA,RULE_ACTION_RATE,RULE_ACTION_CUSTOM_ERROR_RESPONSE,RULE_ACTION_FORWARD_TO_PORT,RULE_ACTION_WAF_OVERRIDE. - add
Missing Boolean - Add cookie or header if it doesn't exist (Rewrite cookie rule only).
- block
Duration Number - Value of the fixed block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandfixedblock_duration_type - block
Duration NumberMax - The upper limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration NumberMin - The lower limit for the randomized block duration. Valid only for
RULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPactionandrandomizedblock_duration_type - block
Duration StringType - Block duration types:
fixed,randomized. Time range: 1-1440 minutes.The Fixed type blocks the IP address or session for the duration specified by theblock_durationparameter. The Randomized type generates a random duration for each block between the specified minimum and maximum values. Valid only forRULE_ACTION_BLOCK_USERorRULE_ACTION_BLOCK_IPaction. - dc
Id Number - Data center to forward request to. Applies only for
RULE_ACTION_FORWARD_TO_DC. - enabled Boolean
- Boolean that enables the rule. Possible values: true, false. Default value is true.
- error
Response StringData - The response returned when the request matches the filter and is blocked. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. - error
Response StringFormat - The format of the given error response in the error_response_data field. Applies only for
RULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:json,xml. - error
Type String - The error that triggers the rule.
error.type.alltriggers the rule regardless of the error type. Applies only forRULE_ACTION_CUSTOM_ERROR_RESPONSE. Possible values:error.type.all,error.type.connection_timeout,error.type.access_denied,error.type.parse_req_error,error.type.parse_resp_error,error.type.connection_failed,error.type.deny_and_retry,error.type.ssl_failed,error.type.deny_and_captcha,error.type.2fa_required,error.type.no_ssl_config,error.type.no_ipv6_config. - filter String
- The filter defines the conditions that trigger the rule action. For action
RULE_ACTION_SIMPLIFIED_REDIRECTfilter is not relevant. For other actions, if left empty, the rule is always run. - from String
- Pattern to rewrite. For
RULE_ACTION_REWRITE_URL- Url to rewrite. ForRULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to rewrite. ForRULE_ACTION_REWRITE_COOKIE- Cookie value to rewrite. - incap
Rule StringId - Unique identifier in the API for the Incap Rule.
- multiple
Deletions Boolean - Delete multiple header occurrences. Applies only to rules using
RULE_ACTION_DELETE_HEADERandRULE_ACTION_RESPONSE_DELETE_HEADER. - name String
- Rule name.
- override
Waf StringAction - The action for the override rule
RULE_ACTION_WAF_OVERRIDE. Possible values: Alert Only, Block Request, Block User, Block IP, Ignore. - override
Waf StringRule - The setting to override
RULE_ACTION_WAF_OVERRIDE. Possible values: SQL Injection, Remote File Inclusion, Cross Site Scripting, Illegal Resource Access. - port
Forwarding StringContext - Context for port forwarding. "Use Port Value" or "Use Header Name". Applies only for
RULE_ACTION_FORWARD_TO_PORT. - port
Forwarding StringValue - Port number or header name for port forwarding. Applies only for
RULE_ACTION_FORWARD_TO_PORT. - rate
Context String - The context of the rate counter. Possible values
IPorSession. Applies only to rules usingRULE_ACTION_RATE. - rate
Interval Number - The interval in seconds of the rate counter. Possible values is a multiple of
10; minimum10and maximum300. Applies only to rules usingRULE_ACTION_RATE. - response
Code Number - For
RULE_ACTION_REDIRECTorRULE_ACTION_SIMPLIFIED_REDIRECTrule's response code, valid values are302,301,303,307,308. ForRULE_ACTION_RESPONSE_REWRITE_RESPONSE_CODErule's response code, valid values are all 3-digits numbers. ForRULE_ACTION_CUSTOM_ERROR_RESPONSE, valid values are400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,419,420,422,423,424,500,501,502,503,504,505,507. - rewrite
Existing Boolean - Rewrite cookie or header if it exists.
- rewrite
Name String - Name of cookie or header to rewrite. Applies only for
RULE_ACTION_REWRITE_COOKIE,RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER. - send
Notifications String - Send an email notification whenever this rule is triggered. Possible values:
true,false. Default value isfalse. Applies to the following security actions:RULE_ACTION_ALERT,RULE_ACTION_BLOCK,RULE_ACTION_BLOCK_USER,RULE_ACTION_BLOCK_IP,RULE_ACTION_RETRY,RULE_ACTION_INTRUSIVE_HTML,RULE_ACTION_CAPTCHA. - site
Id String - Numeric identifier of the site to operate on.
- to String
- Pattern to change to.
RULE_ACTION_REWRITE_URL- Url to change to.RULE_ACTION_REWRITE_HEADERandRULE_ACTION_RESPONSE_REWRITE_HEADER- Header value to change to.RULE_ACTION_REWRITE_COOKIE- Cookie value to change to.
Import
Incap Rule can be imported using the role site_id and rule_id separated by /, e.g.:
$ pulumi import incapsula:index/incapRule:IncapRule demo site_id/rule_id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- incapsula imperva/terraform-provider-incapsula
- License
- Notes
- This Pulumi package is based on the
incapsulaTerraform Provider.