alicloud_dcdn_waf_rule
更新时间:
Provides a Dcdn Waf Rule resource.
For information about Dcdn Waf Rule and how to use it, see What is Waf Rule.
-> NOTE: Available since v1.201.0.
Example Usage
Basic Usage
variable "name" {
default = "tf_example"
}
resource "random_integer" "default" {
min = 10000
max = 99999
}
resource "alicloud_dcdn_waf_policy" "example" {
defense_scene = "waf_group"
policy_name = "${var.name}_${random_integer.default.result}"
policy_type = "custom"
status = "on"
}
resource "alicloud_dcdn_waf_rule" "example" {
policy_id = alicloud_dcdn_waf_policy.example.id
rule_name = var.name
conditions {
key = "URI"
op_value = "ne"
values = "/login.php"
}
conditions {
key = "Header"
sub_key = "a"
op_value = "eq"
values = "b"
}
status = "on"
action = "monitor"
rate_limit {
target = "IP"
interval = "5"
threshold = "5"
ttl = "1800"
status {
code = "200"
ratio = "60"
}
}
}
Argument Reference
The following arguments are supported:
action
- (Optional) Specifies the action of the rule. Valid values:block
,monitor
,js
.cc_status
- (Optional) Specifies whether to enable rate limiting. Valid values:on
andoff
. NOTE: This parameter is required when policy is of typecustom_acl
.cn_region_list
- (Optional) The blocked regions in the Chinese mainland, separated by commas (,).conditions
- (Optional) Conditions that trigger the rule. Seeconditions
below. NOTE: This parameter is required when policy is of typecustom_acl
orwhitelist
.effect
- (Optional) The effective scope of the rate limiting blacklist. If you set ccStatus to on, you must configure this parameter. Valid values:rule
(takes effect for the current rule) andservice
(takes effect globally).other_region_list
- (Optional) Blocked regions outside the Chinese mainland, separated by commas (,).policy_id
- (Required, ForceNew) The protection policy ID.rate_limit
- (Optional) The rules of rate limiting. If you setcc_status
to on, you must configure this parameter. Seerate_limit
below.regular_rules
- (Optional) The regular expression.e, when waf_group appears in tags, this value can be filled in, and only one list of six digits in string format can appear with regultypes.regular_types
- (Optional) Regular rule type, when waf_group appears in tags, this value can be filled in, optional values:["sqli", "xss", "code_exec", "crlf", "lfileii", "rfileii", "webshell", "vvip", "other"]remote_addr
- (Optional) Filter by IP address.rule_name
- (Required) The name of the protection rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_). NOTE: This parameter cannot be modified when policy is of typeregion_block
.scenes
- (Optional) The types of the protection policies.status
- (Optional) The status of the waf rule. Valid values:on
andoff
. Default value: on.waf_group_ids
- (Optional) The id of the waf rule group. The default value is "1012". Multiple rules are separated by commas.
conditions
The conditions supports the following:
key
- (Required) The match field.op_value
- (Required) The logical symbol.sub_key
- (Optional) The match subfield.values
- (Optional) The match content. Separate multiple values with commas (,).
rate_limit
The rate_limit supports the following:
interval
- (Optional) Statistical duration, 5-1800.status
- (Optional) Response code statistics. Seestatus
below.sub_key
- (Optional) The subfield of the target field. If you settarget
toHeader
,Query String Parameter
, orCookie Name
, you must configuresub_key
.target
- (Optional) The statistical field for frequency control. Currently,IP
,Header
,Query String Parameter
,Cookie Name
,Session
is supported.threshold
- (Optional) The trigger threshold of rate limiting. Valid values: 2 to 500000. Unit: requests.ttl
- (Optional) The validity period of the blacklist. Valid values: 60 to 86400. Unit: seconds.
rate_limit-status
The status supports the following:
code
- (Optional) The HTTP status code returned.count
- (Optional) The number of times that the HTTP status code that was returned. Valid values: 2 to 50000. You can configure only one of theratio
andcount
fields.ratio
- (Optional) The percentage of HTTP status codes. Valid values: 1 to 100. You can configure only one of theratio
andcount
fields.
Attributes Reference
The following attributes are exported:
id
- Thekey
of the resource supplied above.defense_scene
- The type of protection policy. The following scenarios are supported:-waf_group:Web basic protection-custom_acl: Custom protection policy-whitelist: whitelistgmt_modified
- Revised the time. The date format is based on ISO8601 notation and uses UTC +0 time in the format of yyyy-MM-ddTHH:mm:ssZ.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 5 mins) Used when create the Waf Rule.delete
- (Defaults to 5 mins) Used when delete the Waf Rule.update
- (Defaults to 5 mins) Used when update the Waf Rule.
Import
Dcdn Waf Rule can be imported using the id, e.g.
$ terraform import alicloud_dcdn_waf_rule.example <id>
文档内容是否对您有帮助?