This resource provides the Protection Rule resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.
Updates the action for each specified protection rule. Requests can either be allowed, blocked, or trigger an alert if they meet the parameters of an applied rule. For more information on protection rules, see WAF Protection Rules. This operation can update or disable protection rules depending on the structure of the request body. Protection rules can be updated by changing the properties of the protection rule object with the rule's key specified in the key field.
resource "oci_waas_protection_rule" "test_protection_rule" {
#Required
waas_policy_id = oci_waas_waas_policy.test_waas_policy.id
key = var.key
#Optional
action = "DETECT"
exclusions = {
exclusions = ["example.com"]
target = "REQUEST_COOKIES"
}
}
The following arguments are supported:
waas_policy_id
- (Required) The OCID of the WAAS policy.key
- (Required) (Updatable) The unique key of the protection rule.action
- (Optional) (Updatable) The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF
.exclusions
- (Optional) (Updatable)
exclusions
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when target
is REQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target is ARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount
or maxTotalNameLengthOfArguments
properties, and the target
property has been set to ARGS
, it is important that the exclusions
properties be defined to honor those protection rule settings in a consistent manner.target
- The target of the exclusion.* IMPORTANT * Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
The following attributes are exported:
action
- The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF
.description
- The description of the protection rule.exclusions
-
exclusions
- An array of The target property of a request that would allow it to bypass the protection rule. For example, when target
is REQUEST_COOKIE_NAMES
, the list may include names of cookies to exclude from the protection rule. When the target is ARGS
, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions
properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount
or maxTotalNameLengthOfArguments
properties, and the target
property has been set to ARGS
, it is important that the exclusions
properties be defined to honor those protection rule settings in a consistent manner.target
- The target of the exclusion.key
- The unique key of the protection rule.labels
- The list of labels for the protection rule.
Note: Protection rules with a ResponseBody
label will have no effect unless isResponseInspected
is true.
mod_security_rule_ids
- The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.name
- The name of the protection rule.The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Protection Rule
* update
- (Defaults to 20 minutes), when updating the Protection Rule
* delete
- (Defaults to 20 minutes), when destroying the Protection Rule
ProtectionRules can be imported using the id
, e.g.
$ terraform import oci_waas_protection_rule.test_protection_rule "waasPolicyId/{waasPolicyId}/key/{key}"