oci_waas_waas_policy

This resource provides the Waas Policy resource in Oracle Cloud Infrastructure Web Application Acceleration and Security service.

Creates a new Web Application Acceleration and Security (WAAS) policy in the specified compartment. A WAAS policy must be established before creating Web Application Firewall (WAF) rules. To use WAF rules, your web application’s origin servers must defined in the WaasPolicy schema.

A domain name must be specified when creating a WAAS policy. The domain name should be different from the origins specified in your WaasPolicy. Once domain name is entered and stored, it is unchangeable.

Use the record data returned in the cname field of the WaasPolicy object to create a CNAME record in your DNS configuration that will direct your domain’s traffic through the WAF.

For the purposes of access control, you must provide the OCID of the compartment where you want the service to reside. For information about access control and compartments, see Overview of the IAM Service.

You must specify a display name and domain for the WAAS policy. The display name does not have to be unique and can be changed. The domain name should be different from every origin specified in WaasPolicy.

All Oracle Cloud Infrastructure resources, including WAAS policies, receive a unique, Oracle-assigned ID called an Oracle Cloud Identifier (OCID). When a resource is created, you can find its OCID in the response. You can also retrieve a resource’s OCID by using a list API operation for that resource type, or by viewing the resource in the Console. Fore more information, see Resource Identifiers.

Note: After sending the POST request, the new object’s state will temporarily be CREATING. Ensure that the resource’s state has changed to ACTIVE before use.

Example Usage

resource "oci_waas_waas_policy" "test_waas_policy" {
	#Required
	compartment_id = var.compartment_id
	domain = var.waas_policy_domain

	#Optional
	additional_domains = var.waas_policy_additional_domains
	defined_tags = {"Operations.CostCenter"= "42"}
	display_name = var.waas_policy_display_name
	freeform_tags = {"Department"= "Finance"}
	origin_groups {

		#Optional
		origins = var.waas_policy_origin_groups_origins
	}
	origins {
		#Required
		uri = var.waas_policy_origins_uri

		#Optional
		custom_headers {
			#Required
			name = var.waas_policy_origins_custom_headers_name
			value = var.waas_policy_origins_custom_headers_value
		}
		http_port = var.waas_policy_origins_http_port
		https_port = var.waas_policy_origins_https_port
	}
	policy_config {

		#Optional
		certificate_id = oci_waas_certificate.test_certificate.id
		cipher_group = var.waas_policy_policy_config_cipher_group
		client_address_header = var.waas_policy_policy_config_client_address_header
		health_checks {

			#Optional
			expected_response_code_group = var.waas_policy_policy_config_health_checks_expected_response_code_group
			expected_response_text = var.waas_policy_policy_config_health_checks_expected_response_text
			headers = var.waas_policy_policy_config_health_checks_headers
			healthy_threshold = var.waas_policy_policy_config_health_checks_healthy_threshold
			interval_in_seconds = var.waas_policy_policy_config_health_checks_interval_in_seconds
			is_enabled = var.waas_policy_policy_config_health_checks_is_enabled
			is_response_text_check_enabled = var.waas_policy_policy_config_health_checks_is_response_text_check_enabled
			method = var.waas_policy_policy_config_health_checks_method
			path = var.waas_policy_policy_config_health_checks_path
			timeout_in_seconds = var.waas_policy_policy_config_health_checks_timeout_in_seconds
			unhealthy_threshold = var.waas_policy_policy_config_health_checks_unhealthy_threshold
		}
		is_behind_cdn = var.waas_policy_policy_config_is_behind_cdn
		is_cache_control_respected = var.waas_policy_policy_config_is_cache_control_respected
		is_https_enabled = var.waas_policy_policy_config_is_https_enabled
		is_https_forced = var.waas_policy_policy_config_is_https_forced
		is_origin_compression_enabled = var.waas_policy_policy_config_is_origin_compression_enabled
		is_response_buffering_enabled = var.waas_policy_policy_config_is_response_buffering_enabled
		is_sni_enabled = var.waas_policy_policy_config_is_sni_enabled
		load_balancing_method {
			#Required
			method = var.waas_policy_policy_config_load_balancing_method_method

			#Optional
			domain = var.waas_policy_policy_config_load_balancing_method_domain
			expiration_time_in_seconds = var.waas_policy_policy_config_load_balancing_method_expiration_time_in_seconds
			name = var.waas_policy_policy_config_load_balancing_method_name
		}
		tls_protocols = var.waas_policy_policy_config_tls_protocols
		websocket_path_prefixes = var.waas_policy_policy_config_websocket_path_prefixes
	}
	waf_config {

		#Optional
		access_rules {
			#Required
			action = var.waas_policy_waf_config_access_rules_action
			criteria {
				#Required
				condition = var.waas_policy_waf_config_access_rules_criteria_condition
				value = var.waas_policy_waf_config_access_rules_criteria_value

				#Optional
				is_case_sensitive = var.waas_policy_waf_config_access_rules_criteria_is_case_sensitive
			}
			name = var.waas_policy_waf_config_access_rules_name

			#Optional
			block_action = var.waas_policy_waf_config_access_rules_block_action
			block_error_page_code = var.waas_policy_waf_config_access_rules_block_error_page_code
			block_error_page_description = var.waas_policy_waf_config_access_rules_block_error_page_description
			block_error_page_message = var.waas_policy_waf_config_access_rules_block_error_page_message
			block_response_code = var.waas_policy_waf_config_access_rules_block_response_code
			bypass_challenges = var.waas_policy_waf_config_access_rules_bypass_challenges
			captcha_footer = var.waas_policy_waf_config_access_rules_captcha_footer
			captcha_header = var.waas_policy_waf_config_access_rules_captcha_header
			captcha_submit_label = var.waas_policy_waf_config_access_rules_captcha_submit_label
			captcha_title = var.waas_policy_waf_config_access_rules_captcha_title
			redirect_response_code = var.waas_policy_waf_config_access_rules_redirect_response_code
			redirect_url = var.waas_policy_waf_config_access_rules_redirect_url
			response_header_manipulation {
				#Required
				action = var.waas_policy_waf_config_access_rules_response_header_manipulation_action
				header = var.waas_policy_waf_config_access_rules_response_header_manipulation_header

				#Optional
				value = var.waas_policy_waf_config_access_rules_response_header_manipulation_value
			}
		}
		address_rate_limiting {
			#Required
			is_enabled = var.waas_policy_waf_config_address_rate_limiting_is_enabled

			#Optional
			allowed_rate_per_address = var.waas_policy_waf_config_address_rate_limiting_allowed_rate_per_address
			block_response_code = var.waas_policy_waf_config_address_rate_limiting_block_response_code
			max_delayed_count_per_address = var.waas_policy_waf_config_address_rate_limiting_max_delayed_count_per_address
		}
		caching_rules {
			#Required
			action = var.waas_policy_waf_config_caching_rules_action
			criteria {
				#Required
				condition = var.waas_policy_waf_config_caching_rules_criteria_condition
				value = var.waas_policy_waf_config_caching_rules_criteria_value
			}
			name = var.waas_policy_waf_config_caching_rules_name

			#Optional
			caching_duration = var.waas_policy_waf_config_caching_rules_caching_duration
			client_caching_duration = var.waas_policy_waf_config_caching_rules_client_caching_duration
			is_client_caching_enabled = var.waas_policy_waf_config_caching_rules_is_client_caching_enabled
			key = var.waas_policy_waf_config_caching_rules_key
		}
		captchas {
			#Required
			failure_message = var.waas_policy_waf_config_captchas_failure_message
			session_expiration_in_seconds = var.waas_policy_waf_config_captchas_session_expiration_in_seconds
			submit_label = var.waas_policy_waf_config_captchas_submit_label
			title = var.waas_policy_waf_config_captchas_title
			url = var.waas_policy_waf_config_captchas_url

			#Optional
			footer_text = var.waas_policy_waf_config_captchas_footer_text
			header_text = var.waas_policy_waf_config_captchas_header_text
		}
		custom_protection_rules {

			#Optional
			action = var.waas_policy_waf_config_custom_protection_rules_action
			exclusions {

				#Optional
				exclusions = var.waas_policy_waf_config_custom_protection_rules_exclusions_exclusions
				target = var.waas_policy_waf_config_custom_protection_rules_exclusions_target
			}
			id = var.waas_policy_waf_config_custom_protection_rules_id
		}
		device_fingerprint_challenge {
			#Required
			is_enabled = var.waas_policy_waf_config_device_fingerprint_challenge_is_enabled

			#Optional
			action = var.waas_policy_waf_config_device_fingerprint_challenge_action
			action_expiration_in_seconds = var.waas_policy_waf_config_device_fingerprint_challenge_action_expiration_in_seconds
			challenge_settings {

				#Optional
				block_action = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_block_action
				block_error_page_code = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_block_error_page_code
				block_error_page_description = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_block_error_page_description
				block_error_page_message = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_block_error_page_message
				block_response_code = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_block_response_code
				captcha_footer = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_captcha_footer
				captcha_header = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_captcha_header
				captcha_submit_label = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_captcha_submit_label
				captcha_title = var.waas_policy_waf_config_device_fingerprint_challenge_challenge_settings_captcha_title
			}
			failure_threshold = var.waas_policy_waf_config_device_fingerprint_challenge_failure_threshold
			failure_threshold_expiration_in_seconds = var.waas_policy_waf_config_device_fingerprint_challenge_failure_threshold_expiration_in_seconds
			max_address_count = var.waas_policy_waf_config_device_fingerprint_challenge_max_address_count
			max_address_count_expiration_in_seconds = var.waas_policy_waf_config_device_fingerprint_challenge_max_address_count_expiration_in_seconds
		}
		human_interaction_challenge {
			#Required
			is_enabled = var.waas_policy_waf_config_human_interaction_challenge_is_enabled

			#Optional
			action = var.waas_policy_waf_config_human_interaction_challenge_action
			action_expiration_in_seconds = var.waas_policy_waf_config_human_interaction_challenge_action_expiration_in_seconds
			challenge_settings {

				#Optional
				block_action = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_block_action
				block_error_page_code = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_block_error_page_code
				block_error_page_description = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_block_error_page_description
				block_error_page_message = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_block_error_page_message
				block_response_code = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_block_response_code
				captcha_footer = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_captcha_footer
				captcha_header = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_captcha_header
				captcha_submit_label = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_captcha_submit_label
				captcha_title = var.waas_policy_waf_config_human_interaction_challenge_challenge_settings_captcha_title
			}
			failure_threshold = var.waas_policy_waf_config_human_interaction_challenge_failure_threshold
			failure_threshold_expiration_in_seconds = var.waas_policy_waf_config_human_interaction_challenge_failure_threshold_expiration_in_seconds
			interaction_threshold = var.waas_policy_waf_config_human_interaction_challenge_interaction_threshold
			is_nat_enabled = var.waas_policy_waf_config_human_interaction_challenge_is_nat_enabled
			recording_period_in_seconds = var.waas_policy_waf_config_human_interaction_challenge_recording_period_in_seconds
			set_http_header {
				#Required
				name = var.waas_policy_waf_config_human_interaction_challenge_set_http_header_name
				value = var.waas_policy_waf_config_human_interaction_challenge_set_http_header_value
			}
		}
		js_challenge {
			#Required
			is_enabled = var.waas_policy_waf_config_js_challenge_is_enabled

			#Optional
			action = var.waas_policy_waf_config_js_challenge_action
			action_expiration_in_seconds = var.waas_policy_waf_config_js_challenge_action_expiration_in_seconds
			are_redirects_challenged = var.waas_policy_waf_config_js_challenge_are_redirects_challenged
			challenge_settings {

				#Optional
				block_action = var.waas_policy_waf_config_js_challenge_challenge_settings_block_action
				block_error_page_code = var.waas_policy_waf_config_js_challenge_challenge_settings_block_error_page_code
				block_error_page_description = var.waas_policy_waf_config_js_challenge_challenge_settings_block_error_page_description
				block_error_page_message = var.waas_policy_waf_config_js_challenge_challenge_settings_block_error_page_message
				block_response_code = var.waas_policy_waf_config_js_challenge_challenge_settings_block_response_code
				captcha_footer = var.waas_policy_waf_config_js_challenge_challenge_settings_captcha_footer
				captcha_header = var.waas_policy_waf_config_js_challenge_challenge_settings_captcha_header
				captcha_submit_label = var.waas_policy_waf_config_js_challenge_challenge_settings_captcha_submit_label
				captcha_title = var.waas_policy_waf_config_js_challenge_challenge_settings_captcha_title
			}
			criteria {
				#Required
				condition = var.waas_policy_waf_config_js_challenge_criteria_condition
				value = var.waas_policy_waf_config_js_challenge_criteria_value

				#Optional
				is_case_sensitive = var.waas_policy_waf_config_js_challenge_criteria_is_case_sensitive
			}
			failure_threshold = var.waas_policy_waf_config_js_challenge_failure_threshold
			is_nat_enabled = var.waas_policy_waf_config_js_challenge_is_nat_enabled
			set_http_header {
				#Required
				name = var.waas_policy_waf_config_js_challenge_set_http_header_name
				value = var.waas_policy_waf_config_js_challenge_set_http_header_value
			}
		}
		origin = var.waas_policy_waf_config_origin
		origin_groups = var.waas_policy_waf_config_origin_groups
		protection_settings {

			#Optional
			allowed_http_methods = var.waas_policy_waf_config_protection_settings_allowed_http_methods
			block_action = var.waas_policy_waf_config_protection_settings_block_action
			block_error_page_code = var.waas_policy_waf_config_protection_settings_block_error_page_code
			block_error_page_description = var.waas_policy_waf_config_protection_settings_block_error_page_description
			block_error_page_message = var.waas_policy_waf_config_protection_settings_block_error_page_message
			block_response_code = var.waas_policy_waf_config_protection_settings_block_response_code
			is_response_inspected = var.waas_policy_waf_config_protection_settings_is_response_inspected
			max_argument_count = var.waas_policy_waf_config_protection_settings_max_argument_count
			max_name_length_per_argument = var.waas_policy_waf_config_protection_settings_max_name_length_per_argument
			max_response_size_in_ki_b = var.waas_policy_waf_config_protection_settings_max_response_size_in_ki_b
			max_total_name_length_of_arguments = var.waas_policy_waf_config_protection_settings_max_total_name_length_of_arguments
			media_types = var.waas_policy_waf_config_protection_settings_media_types
			recommendations_period_in_days = var.waas_policy_waf_config_protection_settings_recommendations_period_in_days
		}
		whitelists {
			#Required
			name = var.waas_policy_waf_config_whitelists_name

			#Optional
			address_lists = var.waas_policy_waf_config_whitelists_address_lists
			addresses = var.waas_policy_waf_config_whitelists_addresses
		}
	}
}

Argument Reference

The following arguments are supported:

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 2 hours), when creating the Waas Policy * update - (Defaults to 2 hours), when updating the Waas Policy * delete - (Defaults to 2 hours), when destroying the Waas Policy

Import

WaasPolicies can be imported using the id, e.g.

$ terraform import oci_waas_waas_policy.test_waas_policy "id"