Fastly v11.1.0 published on Wednesday, Nov 5, 2025 by Pulumi
fastly.NgwafWorkspaceRule
Start a Neo task
Explain and create a fastly.NgwafWorkspaceRule resource
Provides a Fastly Next-Gen WAF Workspace Rule, scoped to a specific NGWAF workspace.
These rules define conditions and actions that trigger WAF enforcement at the workspace level.
Example Usage
Basic usage:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const example = new fastly.NgwafWorkspace("example", {
name: "example",
description: "Test NGWAF Workspace",
mode: "block",
ipAnonymization: "hashed",
clientIpHeaders: [
"X-Forwarded-For",
"X-Real-IP",
],
defaultBlockingResponseCode: 429,
attackSignalThresholds: {},
});
const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
workspaceId: example.id,
type: "request",
description: "Block requests from specific IP to login path",
enabled: true,
requestLogging: "sampled",
groupOperator: "all",
actions: [{
type: "block",
}],
conditions: [
{
field: "ip",
operator: "equals",
value: "192.0.2.1",
},
{
field: "path",
operator: "equals",
value: "/login",
},
],
});
import pulumi
import pulumi_fastly as fastly
example = fastly.NgwafWorkspace("example",
name="example",
description="Test NGWAF Workspace",
mode="block",
ip_anonymization="hashed",
client_ip_headers=[
"X-Forwarded-For",
"X-Real-IP",
],
default_blocking_response_code=429,
attack_signal_thresholds={})
example_ngwaf_workspace_rule = fastly.NgwafWorkspaceRule("example",
workspace_id=example.id,
type="request",
description="Block requests from specific IP to login path",
enabled=True,
request_logging="sampled",
group_operator="all",
actions=[{
"type": "block",
}],
conditions=[
{
"field": "ip",
"operator": "equals",
"value": "192.0.2.1",
},
{
"field": "path",
"operator": "equals",
"value": "/login",
},
])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v11/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := fastly.NewNgwafWorkspace(ctx, "example", &fastly.NgwafWorkspaceArgs{
Name: pulumi.String("example"),
Description: pulumi.String("Test NGWAF Workspace"),
Mode: pulumi.String("block"),
IpAnonymization: pulumi.String("hashed"),
ClientIpHeaders: pulumi.StringArray{
pulumi.String("X-Forwarded-For"),
pulumi.String("X-Real-IP"),
},
DefaultBlockingResponseCode: pulumi.Int(429),
AttackSignalThresholds: &fastly.NgwafWorkspaceAttackSignalThresholdsArgs{},
})
if err != nil {
return err
}
_, err = fastly.NewNgwafWorkspaceRule(ctx, "example", &fastly.NgwafWorkspaceRuleArgs{
WorkspaceId: example.ID(),
Type: pulumi.String("request"),
Description: pulumi.String("Block requests from specific IP to login path"),
Enabled: pulumi.Bool(true),
RequestLogging: pulumi.String("sampled"),
GroupOperator: pulumi.String("all"),
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Type: pulumi.String("block"),
},
},
Conditions: fastly.NgwafWorkspaceRuleConditionArray{
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("ip"),
Operator: pulumi.String("equals"),
Value: pulumi.String("192.0.2.1"),
},
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("path"),
Operator: pulumi.String("equals"),
Value: pulumi.String("/login"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var example = new Fastly.NgwafWorkspace("example", new()
{
Name = "example",
Description = "Test NGWAF Workspace",
Mode = "block",
IpAnonymization = "hashed",
ClientIpHeaders = new[]
{
"X-Forwarded-For",
"X-Real-IP",
},
DefaultBlockingResponseCode = 429,
AttackSignalThresholds = null,
});
var exampleNgwafWorkspaceRule = new Fastly.NgwafWorkspaceRule("example", new()
{
WorkspaceId = example.Id,
Type = "request",
Description = "Block requests from specific IP to login path",
Enabled = true,
RequestLogging = "sampled",
GroupOperator = "all",
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Type = "block",
},
},
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "ip",
Operator = "equals",
Value = "192.0.2.1",
},
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "path",
Operator = "equals",
Value = "/login",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.NgwafWorkspace;
import com.pulumi.fastly.NgwafWorkspaceArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceAttackSignalThresholdsArgs;
import com.pulumi.fastly.NgwafWorkspaceRule;
import com.pulumi.fastly.NgwafWorkspaceRuleArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleActionArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NgwafWorkspace("example", NgwafWorkspaceArgs.builder()
.name("example")
.description("Test NGWAF Workspace")
.mode("block")
.ipAnonymization("hashed")
.clientIpHeaders(
"X-Forwarded-For",
"X-Real-IP")
.defaultBlockingResponseCode(429)
.attackSignalThresholds(NgwafWorkspaceAttackSignalThresholdsArgs.builder()
.build())
.build());
var exampleNgwafWorkspaceRule = new NgwafWorkspaceRule("exampleNgwafWorkspaceRule", NgwafWorkspaceRuleArgs.builder()
.workspaceId(example.id())
.type("request")
.description("Block requests from specific IP to login path")
.enabled(true)
.requestLogging("sampled")
.groupOperator("all")
.actions(NgwafWorkspaceRuleActionArgs.builder()
.type("block")
.build())
.conditions(
NgwafWorkspaceRuleConditionArgs.builder()
.field("ip")
.operator("equals")
.value("192.0.2.1")
.build(),
NgwafWorkspaceRuleConditionArgs.builder()
.field("path")
.operator("equals")
.value("/login")
.build())
.build());
}
}
resources:
example:
type: fastly:NgwafWorkspace
properties:
name: example
description: Test NGWAF Workspace
mode: block
ipAnonymization: hashed
clientIpHeaders:
- X-Forwarded-For
- X-Real-IP
defaultBlockingResponseCode: 429
attackSignalThresholds: {}
exampleNgwafWorkspaceRule:
type: fastly:NgwafWorkspaceRule
name: example
properties:
workspaceId: ${example.id}
type: request
description: Block requests from specific IP to login path
enabled: true
requestLogging: sampled
groupOperator: all
actions:
- type: block
conditions:
- field: ip
operator: equals
value: 192.0.2.1
- field: path
operator: equals
value: /login
Using templated signals:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const example = new fastly.NgwafWorkspace("example", {
name: "example",
description: "Test NGWAF Workspace",
mode: "block",
ipAnonymization: "hashed",
clientIpHeaders: [
"X-Forwarded-For",
"X-Real-IP",
],
defaultBlockingResponseCode: 429,
attackSignalThresholds: {},
});
const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
workspaceId: example.id,
type: "request",
description: "",
enabled: true,
groupOperator: "all",
conditions: [
{
field: "method",
operator: "equals",
value: "POST",
},
{
field: "path",
operator: "equals",
value: "/login",
},
],
actions: [{
type: "templated_signal",
signal: "LOGINATTEMPT",
}],
});
import pulumi
import pulumi_fastly as fastly
example = fastly.NgwafWorkspace("example",
name="example",
description="Test NGWAF Workspace",
mode="block",
ip_anonymization="hashed",
client_ip_headers=[
"X-Forwarded-For",
"X-Real-IP",
],
default_blocking_response_code=429,
attack_signal_thresholds={})
example_ngwaf_workspace_rule = fastly.NgwafWorkspaceRule("example",
workspace_id=example.id,
type="request",
description="",
enabled=True,
group_operator="all",
conditions=[
{
"field": "method",
"operator": "equals",
"value": "POST",
},
{
"field": "path",
"operator": "equals",
"value": "/login",
},
],
actions=[{
"type": "templated_signal",
"signal": "LOGINATTEMPT",
}])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v11/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := fastly.NewNgwafWorkspace(ctx, "example", &fastly.NgwafWorkspaceArgs{
Name: pulumi.String("example"),
Description: pulumi.String("Test NGWAF Workspace"),
Mode: pulumi.String("block"),
IpAnonymization: pulumi.String("hashed"),
ClientIpHeaders: pulumi.StringArray{
pulumi.String("X-Forwarded-For"),
pulumi.String("X-Real-IP"),
},
DefaultBlockingResponseCode: pulumi.Int(429),
AttackSignalThresholds: &fastly.NgwafWorkspaceAttackSignalThresholdsArgs{},
})
if err != nil {
return err
}
_, err = fastly.NewNgwafWorkspaceRule(ctx, "example", &fastly.NgwafWorkspaceRuleArgs{
WorkspaceId: example.ID(),
Type: pulumi.String("request"),
Description: pulumi.String(""),
Enabled: pulumi.Bool(true),
GroupOperator: pulumi.String("all"),
Conditions: fastly.NgwafWorkspaceRuleConditionArray{
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("method"),
Operator: pulumi.String("equals"),
Value: pulumi.String("POST"),
},
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("path"),
Operator: pulumi.String("equals"),
Value: pulumi.String("/login"),
},
},
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Type: pulumi.String("templated_signal"),
Signal: pulumi.String("LOGINATTEMPT"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var example = new Fastly.NgwafWorkspace("example", new()
{
Name = "example",
Description = "Test NGWAF Workspace",
Mode = "block",
IpAnonymization = "hashed",
ClientIpHeaders = new[]
{
"X-Forwarded-For",
"X-Real-IP",
},
DefaultBlockingResponseCode = 429,
AttackSignalThresholds = null,
});
var exampleNgwafWorkspaceRule = new Fastly.NgwafWorkspaceRule("example", new()
{
WorkspaceId = example.Id,
Type = "request",
Description = "",
Enabled = true,
GroupOperator = "all",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "method",
Operator = "equals",
Value = "POST",
},
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "path",
Operator = "equals",
Value = "/login",
},
},
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Type = "templated_signal",
Signal = "LOGINATTEMPT",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.NgwafWorkspace;
import com.pulumi.fastly.NgwafWorkspaceArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceAttackSignalThresholdsArgs;
import com.pulumi.fastly.NgwafWorkspaceRule;
import com.pulumi.fastly.NgwafWorkspaceRuleArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleConditionArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NgwafWorkspace("example", NgwafWorkspaceArgs.builder()
.name("example")
.description("Test NGWAF Workspace")
.mode("block")
.ipAnonymization("hashed")
.clientIpHeaders(
"X-Forwarded-For",
"X-Real-IP")
.defaultBlockingResponseCode(429)
.attackSignalThresholds(NgwafWorkspaceAttackSignalThresholdsArgs.builder()
.build())
.build());
var exampleNgwafWorkspaceRule = new NgwafWorkspaceRule("exampleNgwafWorkspaceRule", NgwafWorkspaceRuleArgs.builder()
.workspaceId(example.id())
.type("request")
.description("")
.enabled(true)
.groupOperator("all")
.conditions(
NgwafWorkspaceRuleConditionArgs.builder()
.field("method")
.operator("equals")
.value("POST")
.build(),
NgwafWorkspaceRuleConditionArgs.builder()
.field("path")
.operator("equals")
.value("/login")
.build())
.actions(NgwafWorkspaceRuleActionArgs.builder()
.type("templated_signal")
.signal("LOGINATTEMPT")
.build())
.build());
}
}
resources:
example:
type: fastly:NgwafWorkspace
properties:
name: example
description: Test NGWAF Workspace
mode: block
ipAnonymization: hashed
clientIpHeaders:
- X-Forwarded-For
- X-Real-IP
defaultBlockingResponseCode: 429
attackSignalThresholds: {}
exampleNgwafWorkspaceRule:
type: fastly:NgwafWorkspaceRule
name: example
properties:
workspaceId: ${example.id}
type: request
description: ""
enabled: true
groupOperator: all
conditions:
- field: method
operator: equals
value: POST
- field: path
operator: equals
value: /login
actions:
- type: templated_signal
signal: LOGINATTEMPT
Using group conditions:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const example = new fastly.NgwafWorkspace("example", {
name: "example",
description: "Test NGWAF Workspace",
mode: "block",
ipAnonymization: "hashed",
clientIpHeaders: [
"X-Forwarded-For",
"X-Real-IP",
],
defaultBlockingResponseCode: 429,
attackSignalThresholds: {},
});
const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
workspaceId: example.id,
type: "request",
description: "Block requests with grouped conditions",
enabled: true,
requestLogging: "sampled",
groupOperator: "all",
actions: [{
type: "block",
}],
groupConditions: [
{
groupOperator: "any",
conditions: [
{
field: "protocol_version",
operator: "equals",
value: "HTTP/1.0",
},
{
field: "method",
operator: "equals",
value: "HEAD",
},
{
field: "domain",
operator: "equals",
value: "example.com",
},
],
},
{
groupOperator: "all",
conditions: [
{
field: "country",
operator: "equals",
value: "AD",
},
{
field: "method",
operator: "equals",
value: "POST",
},
],
},
],
});
import pulumi
import pulumi_fastly as fastly
example = fastly.NgwafWorkspace("example",
name="example",
description="Test NGWAF Workspace",
mode="block",
ip_anonymization="hashed",
client_ip_headers=[
"X-Forwarded-For",
"X-Real-IP",
],
default_blocking_response_code=429,
attack_signal_thresholds={})
example_ngwaf_workspace_rule = fastly.NgwafWorkspaceRule("example",
workspace_id=example.id,
type="request",
description="Block requests with grouped conditions",
enabled=True,
request_logging="sampled",
group_operator="all",
actions=[{
"type": "block",
}],
group_conditions=[
{
"group_operator": "any",
"conditions": [
{
"field": "protocol_version",
"operator": "equals",
"value": "HTTP/1.0",
},
{
"field": "method",
"operator": "equals",
"value": "HEAD",
},
{
"field": "domain",
"operator": "equals",
"value": "example.com",
},
],
},
{
"group_operator": "all",
"conditions": [
{
"field": "country",
"operator": "equals",
"value": "AD",
},
{
"field": "method",
"operator": "equals",
"value": "POST",
},
],
},
])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v11/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := fastly.NewNgwafWorkspace(ctx, "example", &fastly.NgwafWorkspaceArgs{
Name: pulumi.String("example"),
Description: pulumi.String("Test NGWAF Workspace"),
Mode: pulumi.String("block"),
IpAnonymization: pulumi.String("hashed"),
ClientIpHeaders: pulumi.StringArray{
pulumi.String("X-Forwarded-For"),
pulumi.String("X-Real-IP"),
},
DefaultBlockingResponseCode: pulumi.Int(429),
AttackSignalThresholds: &fastly.NgwafWorkspaceAttackSignalThresholdsArgs{},
})
if err != nil {
return err
}
_, err = fastly.NewNgwafWorkspaceRule(ctx, "example", &fastly.NgwafWorkspaceRuleArgs{
WorkspaceId: example.ID(),
Type: pulumi.String("request"),
Description: pulumi.String("Block requests with grouped conditions"),
Enabled: pulumi.Bool(true),
RequestLogging: pulumi.String("sampled"),
GroupOperator: pulumi.String("all"),
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Type: pulumi.String("block"),
},
},
GroupConditions: fastly.NgwafWorkspaceRuleGroupConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionArgs{
GroupOperator: pulumi.String("any"),
Conditions: fastly.NgwafWorkspaceRuleGroupConditionConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("protocol_version"),
Operator: pulumi.String("equals"),
Value: pulumi.String("HTTP/1.0"),
},
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("method"),
Operator: pulumi.String("equals"),
Value: pulumi.String("HEAD"),
},
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("domain"),
Operator: pulumi.String("equals"),
Value: pulumi.String("example.com"),
},
},
},
&fastly.NgwafWorkspaceRuleGroupConditionArgs{
GroupOperator: pulumi.String("all"),
Conditions: fastly.NgwafWorkspaceRuleGroupConditionConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("country"),
Operator: pulumi.String("equals"),
Value: pulumi.String("AD"),
},
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("method"),
Operator: pulumi.String("equals"),
Value: pulumi.String("POST"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var example = new Fastly.NgwafWorkspace("example", new()
{
Name = "example",
Description = "Test NGWAF Workspace",
Mode = "block",
IpAnonymization = "hashed",
ClientIpHeaders = new[]
{
"X-Forwarded-For",
"X-Real-IP",
},
DefaultBlockingResponseCode = 429,
AttackSignalThresholds = null,
});
var exampleNgwafWorkspaceRule = new Fastly.NgwafWorkspaceRule("example", new()
{
WorkspaceId = example.Id,
Type = "request",
Description = "Block requests with grouped conditions",
Enabled = true,
RequestLogging = "sampled",
GroupOperator = "all",
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Type = "block",
},
},
GroupConditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionArgs
{
GroupOperator = "any",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "protocol_version",
Operator = "equals",
Value = "HTTP/1.0",
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "method",
Operator = "equals",
Value = "HEAD",
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "domain",
Operator = "equals",
Value = "example.com",
},
},
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionArgs
{
GroupOperator = "all",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "country",
Operator = "equals",
Value = "AD",
},
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "method",
Operator = "equals",
Value = "POST",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.NgwafWorkspace;
import com.pulumi.fastly.NgwafWorkspaceArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceAttackSignalThresholdsArgs;
import com.pulumi.fastly.NgwafWorkspaceRule;
import com.pulumi.fastly.NgwafWorkspaceRuleArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleActionArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleGroupConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NgwafWorkspace("example", NgwafWorkspaceArgs.builder()
.name("example")
.description("Test NGWAF Workspace")
.mode("block")
.ipAnonymization("hashed")
.clientIpHeaders(
"X-Forwarded-For",
"X-Real-IP")
.defaultBlockingResponseCode(429)
.attackSignalThresholds(NgwafWorkspaceAttackSignalThresholdsArgs.builder()
.build())
.build());
var exampleNgwafWorkspaceRule = new NgwafWorkspaceRule("exampleNgwafWorkspaceRule", NgwafWorkspaceRuleArgs.builder()
.workspaceId(example.id())
.type("request")
.description("Block requests with grouped conditions")
.enabled(true)
.requestLogging("sampled")
.groupOperator("all")
.actions(NgwafWorkspaceRuleActionArgs.builder()
.type("block")
.build())
.groupConditions(
NgwafWorkspaceRuleGroupConditionArgs.builder()
.groupOperator("any")
.conditions(
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("protocol_version")
.operator("equals")
.value("HTTP/1.0")
.build(),
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("method")
.operator("equals")
.value("HEAD")
.build(),
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("domain")
.operator("equals")
.value("example.com")
.build())
.build(),
NgwafWorkspaceRuleGroupConditionArgs.builder()
.groupOperator("all")
.conditions(
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("country")
.operator("equals")
.value("AD")
.build(),
NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("method")
.operator("equals")
.value("POST")
.build())
.build())
.build());
}
}
resources:
example:
type: fastly:NgwafWorkspace
properties:
name: example
description: Test NGWAF Workspace
mode: block
ipAnonymization: hashed
clientIpHeaders:
- X-Forwarded-For
- X-Real-IP
defaultBlockingResponseCode: 429
attackSignalThresholds: {}
exampleNgwafWorkspaceRule:
type: fastly:NgwafWorkspaceRule
name: example
properties:
workspaceId: ${example.id}
type: request
description: Block requests with grouped conditions
enabled: true
requestLogging: sampled
groupOperator: all
actions:
- type: block
groupConditions:
- groupOperator: any
conditions:
- field: protocol_version
operator: equals
value: HTTP/1.0
- field: method
operator: equals
value: HEAD
- field: domain
operator: equals
value: example.com
- groupOperator: all
conditions:
- field: country
operator: equals
value: AD
- field: method
operator: equals
value: POST
Using multival conditions:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const example = new fastly.NgwafWorkspace("example", {
name: "example",
description: "Test NGWAF Workspace",
mode: "block",
ipAnonymization: "hashed",
clientIpHeaders: [
"X-Forwarded-For",
"X-Real-IP",
],
defaultBlockingResponseCode: 429,
attackSignalThresholds: {},
});
const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
workspaceId: example.id,
type: "request",
description: "Block requests with specific header patterns",
enabled: true,
requestLogging: "sampled",
groupOperator: "all",
actions: [{
type: "block",
}],
multivalConditions: [{
field: "request_header",
operator: "exists",
groupOperator: "any",
conditions: [
{
field: "name",
operator: "does_not_equal",
value: "Header-Sample",
},
{
field: "name",
operator: "contains",
value: "X-API-Key",
},
{
field: "value_string",
operator: "equals",
value: "application/json",
},
],
}],
});
import pulumi
import pulumi_fastly as fastly
example = fastly.NgwafWorkspace("example",
name="example",
description="Test NGWAF Workspace",
mode="block",
ip_anonymization="hashed",
client_ip_headers=[
"X-Forwarded-For",
"X-Real-IP",
],
default_blocking_response_code=429,
attack_signal_thresholds={})
example_ngwaf_workspace_rule = fastly.NgwafWorkspaceRule("example",
workspace_id=example.id,
type="request",
description="Block requests with specific header patterns",
enabled=True,
request_logging="sampled",
group_operator="all",
actions=[{
"type": "block",
}],
multival_conditions=[{
"field": "request_header",
"operator": "exists",
"group_operator": "any",
"conditions": [
{
"field": "name",
"operator": "does_not_equal",
"value": "Header-Sample",
},
{
"field": "name",
"operator": "contains",
"value": "X-API-Key",
},
{
"field": "value_string",
"operator": "equals",
"value": "application/json",
},
],
}])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v11/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := fastly.NewNgwafWorkspace(ctx, "example", &fastly.NgwafWorkspaceArgs{
Name: pulumi.String("example"),
Description: pulumi.String("Test NGWAF Workspace"),
Mode: pulumi.String("block"),
IpAnonymization: pulumi.String("hashed"),
ClientIpHeaders: pulumi.StringArray{
pulumi.String("X-Forwarded-For"),
pulumi.String("X-Real-IP"),
},
DefaultBlockingResponseCode: pulumi.Int(429),
AttackSignalThresholds: &fastly.NgwafWorkspaceAttackSignalThresholdsArgs{},
})
if err != nil {
return err
}
_, err = fastly.NewNgwafWorkspaceRule(ctx, "example", &fastly.NgwafWorkspaceRuleArgs{
WorkspaceId: example.ID(),
Type: pulumi.String("request"),
Description: pulumi.String("Block requests with specific header patterns"),
Enabled: pulumi.Bool(true),
RequestLogging: pulumi.String("sampled"),
GroupOperator: pulumi.String("all"),
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Type: pulumi.String("block"),
},
},
MultivalConditions: fastly.NgwafWorkspaceRuleMultivalConditionArray{
&fastly.NgwafWorkspaceRuleMultivalConditionArgs{
Field: pulumi.String("request_header"),
Operator: pulumi.String("exists"),
GroupOperator: pulumi.String("any"),
Conditions: fastly.NgwafWorkspaceRuleMultivalConditionConditionArray{
&fastly.NgwafWorkspaceRuleMultivalConditionConditionArgs{
Field: pulumi.String("name"),
Operator: pulumi.String("does_not_equal"),
Value: pulumi.String("Header-Sample"),
},
&fastly.NgwafWorkspaceRuleMultivalConditionConditionArgs{
Field: pulumi.String("name"),
Operator: pulumi.String("contains"),
Value: pulumi.String("X-API-Key"),
},
&fastly.NgwafWorkspaceRuleMultivalConditionConditionArgs{
Field: pulumi.String("value_string"),
Operator: pulumi.String("equals"),
Value: pulumi.String("application/json"),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var example = new Fastly.NgwafWorkspace("example", new()
{
Name = "example",
Description = "Test NGWAF Workspace",
Mode = "block",
IpAnonymization = "hashed",
ClientIpHeaders = new[]
{
"X-Forwarded-For",
"X-Real-IP",
},
DefaultBlockingResponseCode = 429,
AttackSignalThresholds = null,
});
var exampleNgwafWorkspaceRule = new Fastly.NgwafWorkspaceRule("example", new()
{
WorkspaceId = example.Id,
Type = "request",
Description = "Block requests with specific header patterns",
Enabled = true,
RequestLogging = "sampled",
GroupOperator = "all",
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Type = "block",
},
},
MultivalConditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleMultivalConditionArgs
{
Field = "request_header",
Operator = "exists",
GroupOperator = "any",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleMultivalConditionConditionArgs
{
Field = "name",
Operator = "does_not_equal",
Value = "Header-Sample",
},
new Fastly.Inputs.NgwafWorkspaceRuleMultivalConditionConditionArgs
{
Field = "name",
Operator = "contains",
Value = "X-API-Key",
},
new Fastly.Inputs.NgwafWorkspaceRuleMultivalConditionConditionArgs
{
Field = "value_string",
Operator = "equals",
Value = "application/json",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.NgwafWorkspace;
import com.pulumi.fastly.NgwafWorkspaceArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceAttackSignalThresholdsArgs;
import com.pulumi.fastly.NgwafWorkspaceRule;
import com.pulumi.fastly.NgwafWorkspaceRuleArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleActionArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleMultivalConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NgwafWorkspace("example", NgwafWorkspaceArgs.builder()
.name("example")
.description("Test NGWAF Workspace")
.mode("block")
.ipAnonymization("hashed")
.clientIpHeaders(
"X-Forwarded-For",
"X-Real-IP")
.defaultBlockingResponseCode(429)
.attackSignalThresholds(NgwafWorkspaceAttackSignalThresholdsArgs.builder()
.build())
.build());
var exampleNgwafWorkspaceRule = new NgwafWorkspaceRule("exampleNgwafWorkspaceRule", NgwafWorkspaceRuleArgs.builder()
.workspaceId(example.id())
.type("request")
.description("Block requests with specific header patterns")
.enabled(true)
.requestLogging("sampled")
.groupOperator("all")
.actions(NgwafWorkspaceRuleActionArgs.builder()
.type("block")
.build())
.multivalConditions(NgwafWorkspaceRuleMultivalConditionArgs.builder()
.field("request_header")
.operator("exists")
.groupOperator("any")
.conditions(
NgwafWorkspaceRuleMultivalConditionConditionArgs.builder()
.field("name")
.operator("does_not_equal")
.value("Header-Sample")
.build(),
NgwafWorkspaceRuleMultivalConditionConditionArgs.builder()
.field("name")
.operator("contains")
.value("X-API-Key")
.build(),
NgwafWorkspaceRuleMultivalConditionConditionArgs.builder()
.field("value_string")
.operator("equals")
.value("application/json")
.build())
.build())
.build());
}
}
resources:
example:
type: fastly:NgwafWorkspace
properties:
name: example
description: Test NGWAF Workspace
mode: block
ipAnonymization: hashed
clientIpHeaders:
- X-Forwarded-For
- X-Real-IP
defaultBlockingResponseCode: 429
attackSignalThresholds: {}
exampleNgwafWorkspaceRule:
type: fastly:NgwafWorkspaceRule
name: example
properties:
workspaceId: ${example.id}
type: request
description: Block requests with specific header patterns
enabled: true
requestLogging: sampled
groupOperator: all
actions:
- type: block
multivalConditions:
- field: request_header
operator: exists
groupOperator: any
conditions:
- field: name
operator: does_not_equal
value: Header-Sample
- field: name
operator: contains
value: X-API-Key
- field: value_string
operator: equals
value: application/json
Using rate limits:
import * as pulumi from "@pulumi/pulumi";
import * as fastly from "@pulumi/fastly";
const example = new fastly.NgwafWorkspace("example", {
name: "example",
description: "Test NGWAF Workspace",
mode: "block",
ipAnonymization: "hashed",
clientIpHeaders: [
"X-Forwarded-For",
"X-Real-IP",
],
defaultBlockingResponseCode: 429,
attackSignalThresholds: {},
});
const demoSignal = new fastly.NgwafWorkspaceSignal("demo_signal", {
workspaceId: example.id,
name: "demo",
description: "A description of my signal.",
});
const ipLimit = new fastly.NgwafWorkspaceRule("ip_limit", {
workspaceId: example.id,
type: "rate_limit",
description: "Rate limit demo rule-updated",
enabled: true,
conditions: [{
field: "ip",
operator: "equals",
value: "1.2.3.4",
}],
rateLimit: {
signal: "site.demo",
threshold: 100,
interval: 60,
duration: 300,
clientIdentifiers: [{
type: "ip",
}],
},
actions: [{
signal: "SUSPECTED-BOT",
type: "block_signal",
}],
});
import pulumi
import pulumi_fastly as fastly
example = fastly.NgwafWorkspace("example",
name="example",
description="Test NGWAF Workspace",
mode="block",
ip_anonymization="hashed",
client_ip_headers=[
"X-Forwarded-For",
"X-Real-IP",
],
default_blocking_response_code=429,
attack_signal_thresholds={})
demo_signal = fastly.NgwafWorkspaceSignal("demo_signal",
workspace_id=example.id,
name="demo",
description="A description of my signal.")
ip_limit = fastly.NgwafWorkspaceRule("ip_limit",
workspace_id=example.id,
type="rate_limit",
description="Rate limit demo rule-updated",
enabled=True,
conditions=[{
"field": "ip",
"operator": "equals",
"value": "1.2.3.4",
}],
rate_limit={
"signal": "site.demo",
"threshold": 100,
"interval": 60,
"duration": 300,
"client_identifiers": [{
"type": "ip",
}],
},
actions=[{
"signal": "SUSPECTED-BOT",
"type": "block_signal",
}])
package main
import (
"github.com/pulumi/pulumi-fastly/sdk/v11/go/fastly"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := fastly.NewNgwafWorkspace(ctx, "example", &fastly.NgwafWorkspaceArgs{
Name: pulumi.String("example"),
Description: pulumi.String("Test NGWAF Workspace"),
Mode: pulumi.String("block"),
IpAnonymization: pulumi.String("hashed"),
ClientIpHeaders: pulumi.StringArray{
pulumi.String("X-Forwarded-For"),
pulumi.String("X-Real-IP"),
},
DefaultBlockingResponseCode: pulumi.Int(429),
AttackSignalThresholds: &fastly.NgwafWorkspaceAttackSignalThresholdsArgs{},
})
if err != nil {
return err
}
_, err = fastly.NewNgwafWorkspaceSignal(ctx, "demo_signal", &fastly.NgwafWorkspaceSignalArgs{
WorkspaceId: example.ID(),
Name: pulumi.String("demo"),
Description: pulumi.String("A description of my signal."),
})
if err != nil {
return err
}
_, err = fastly.NewNgwafWorkspaceRule(ctx, "ip_limit", &fastly.NgwafWorkspaceRuleArgs{
WorkspaceId: example.ID(),
Type: pulumi.String("rate_limit"),
Description: pulumi.String("Rate limit demo rule-updated"),
Enabled: pulumi.Bool(true),
Conditions: fastly.NgwafWorkspaceRuleConditionArray{
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("ip"),
Operator: pulumi.String("equals"),
Value: pulumi.String("1.2.3.4"),
},
},
RateLimit: &fastly.NgwafWorkspaceRuleRateLimitArgs{
Signal: pulumi.String("site.demo"),
Threshold: pulumi.Int(100),
Interval: pulumi.Int(60),
Duration: pulumi.Int(300),
ClientIdentifiers: fastly.NgwafWorkspaceRuleRateLimitClientIdentifierArray{
&fastly.NgwafWorkspaceRuleRateLimitClientIdentifierArgs{
Type: pulumi.String("ip"),
},
},
},
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Signal: pulumi.String("SUSPECTED-BOT"),
Type: pulumi.String("block_signal"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fastly = Pulumi.Fastly;
return await Deployment.RunAsync(() =>
{
var example = new Fastly.NgwafWorkspace("example", new()
{
Name = "example",
Description = "Test NGWAF Workspace",
Mode = "block",
IpAnonymization = "hashed",
ClientIpHeaders = new[]
{
"X-Forwarded-For",
"X-Real-IP",
},
DefaultBlockingResponseCode = 429,
AttackSignalThresholds = null,
});
var demoSignal = new Fastly.NgwafWorkspaceSignal("demo_signal", new()
{
WorkspaceId = example.Id,
Name = "demo",
Description = "A description of my signal.",
});
var ipLimit = new Fastly.NgwafWorkspaceRule("ip_limit", new()
{
WorkspaceId = example.Id,
Type = "rate_limit",
Description = "Rate limit demo rule-updated",
Enabled = true,
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "ip",
Operator = "equals",
Value = "1.2.3.4",
},
},
RateLimit = new Fastly.Inputs.NgwafWorkspaceRuleRateLimitArgs
{
Signal = "site.demo",
Threshold = 100,
Interval = 60,
Duration = 300,
ClientIdentifiers = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleRateLimitClientIdentifierArgs
{
Type = "ip",
},
},
},
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Signal = "SUSPECTED-BOT",
Type = "block_signal",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fastly.NgwafWorkspace;
import com.pulumi.fastly.NgwafWorkspaceArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceAttackSignalThresholdsArgs;
import com.pulumi.fastly.NgwafWorkspaceSignal;
import com.pulumi.fastly.NgwafWorkspaceSignalArgs;
import com.pulumi.fastly.NgwafWorkspaceRule;
import com.pulumi.fastly.NgwafWorkspaceRuleArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleConditionArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleRateLimitArgs;
import com.pulumi.fastly.inputs.NgwafWorkspaceRuleActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new NgwafWorkspace("example", NgwafWorkspaceArgs.builder()
.name("example")
.description("Test NGWAF Workspace")
.mode("block")
.ipAnonymization("hashed")
.clientIpHeaders(
"X-Forwarded-For",
"X-Real-IP")
.defaultBlockingResponseCode(429)
.attackSignalThresholds(NgwafWorkspaceAttackSignalThresholdsArgs.builder()
.build())
.build());
var demoSignal = new NgwafWorkspaceSignal("demoSignal", NgwafWorkspaceSignalArgs.builder()
.workspaceId(example.id())
.name("demo")
.description("A description of my signal.")
.build());
var ipLimit = new NgwafWorkspaceRule("ipLimit", NgwafWorkspaceRuleArgs.builder()
.workspaceId(example.id())
.type("rate_limit")
.description("Rate limit demo rule-updated")
.enabled(true)
.conditions(NgwafWorkspaceRuleConditionArgs.builder()
.field("ip")
.operator("equals")
.value("1.2.3.4")
.build())
.rateLimit(NgwafWorkspaceRuleRateLimitArgs.builder()
.signal("site.demo")
.threshold(100)
.interval(60)
.duration(300)
.clientIdentifiers(NgwafWorkspaceRuleRateLimitClientIdentifierArgs.builder()
.type("ip")
.build())
.build())
.actions(NgwafWorkspaceRuleActionArgs.builder()
.signal("SUSPECTED-BOT")
.type("block_signal")
.build())
.build());
}
}
resources:
example:
type: fastly:NgwafWorkspace
properties:
name: example
description: Test NGWAF Workspace
mode: block
ipAnonymization: hashed
clientIpHeaders:
- X-Forwarded-For
- X-Real-IP
defaultBlockingResponseCode: 429
attackSignalThresholds: {}
demoSignal:
type: fastly:NgwafWorkspaceSignal
name: demo_signal
properties:
workspaceId: ${example.id}
name: demo
description: A description of my signal.
ipLimit:
type: fastly:NgwafWorkspaceRule
name: ip_limit
properties:
workspaceId: ${example.id}
type: rate_limit
description: Rate limit demo rule-updated
enabled: true
conditions:
- field: ip
operator: equals
value: 1.2.3.4
rateLimit:
signal: site.demo
threshold: 100
interval: 60
duration: 300
clientIdentifiers:
- type: ip
actions:
- signal: SUSPECTED-BOT
type: block_signal
Create NgwafWorkspaceRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NgwafWorkspaceRule(name: string, args: NgwafWorkspaceRuleArgs, opts?: CustomResourceOptions);@overload
def NgwafWorkspaceRule(resource_name: str,
args: NgwafWorkspaceRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NgwafWorkspaceRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[NgwafWorkspaceRuleActionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
type: Optional[str] = None,
workspace_id: Optional[str] = None,
conditions: Optional[Sequence[NgwafWorkspaceRuleConditionArgs]] = None,
group_conditions: Optional[Sequence[NgwafWorkspaceRuleGroupConditionArgs]] = None,
group_operator: Optional[str] = None,
multival_conditions: Optional[Sequence[NgwafWorkspaceRuleMultivalConditionArgs]] = None,
rate_limit: Optional[NgwafWorkspaceRuleRateLimitArgs] = None,
request_logging: Optional[str] = None)func NewNgwafWorkspaceRule(ctx *Context, name string, args NgwafWorkspaceRuleArgs, opts ...ResourceOption) (*NgwafWorkspaceRule, error)public NgwafWorkspaceRule(string name, NgwafWorkspaceRuleArgs args, CustomResourceOptions? opts = null)
public NgwafWorkspaceRule(String name, NgwafWorkspaceRuleArgs args)
public NgwafWorkspaceRule(String name, NgwafWorkspaceRuleArgs args, CustomResourceOptions options)
type: fastly:NgwafWorkspaceRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NgwafWorkspaceRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ngwafWorkspaceRuleResource = new Fastly.NgwafWorkspaceRule("ngwafWorkspaceRuleResource", new()
{
Actions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleActionArgs
{
Type = "string",
AllowInteractive = false,
DeceptionType = "string",
RedirectUrl = "string",
ResponseCode = 0,
Signal = "string",
},
},
Description = "string",
Enabled = false,
Type = "string",
WorkspaceId = "string",
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleConditionArgs
{
Field = "string",
Operator = "string",
Value = "string",
},
},
GroupConditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionArgs
{
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleGroupConditionConditionArgs
{
Field = "string",
Operator = "string",
Value = "string",
},
},
GroupOperator = "string",
},
},
GroupOperator = "string",
MultivalConditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleMultivalConditionArgs
{
Conditions = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleMultivalConditionConditionArgs
{
Field = "string",
Operator = "string",
Value = "string",
},
},
Field = "string",
GroupOperator = "string",
Operator = "string",
},
},
RateLimit = new Fastly.Inputs.NgwafWorkspaceRuleRateLimitArgs
{
ClientIdentifiers = new[]
{
new Fastly.Inputs.NgwafWorkspaceRuleRateLimitClientIdentifierArgs
{
Type = "string",
Key = "string",
Name = "string",
},
},
Duration = 0,
Interval = 0,
Signal = "string",
Threshold = 0,
},
RequestLogging = "string",
});
example, err := fastly.NewNgwafWorkspaceRule(ctx, "ngwafWorkspaceRuleResource", &fastly.NgwafWorkspaceRuleArgs{
Actions: fastly.NgwafWorkspaceRuleActionArray{
&fastly.NgwafWorkspaceRuleActionArgs{
Type: pulumi.String("string"),
AllowInteractive: pulumi.Bool(false),
DeceptionType: pulumi.String("string"),
RedirectUrl: pulumi.String("string"),
ResponseCode: pulumi.Int(0),
Signal: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Type: pulumi.String("string"),
WorkspaceId: pulumi.String("string"),
Conditions: fastly.NgwafWorkspaceRuleConditionArray{
&fastly.NgwafWorkspaceRuleConditionArgs{
Field: pulumi.String("string"),
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
GroupConditions: fastly.NgwafWorkspaceRuleGroupConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionArgs{
Conditions: fastly.NgwafWorkspaceRuleGroupConditionConditionArray{
&fastly.NgwafWorkspaceRuleGroupConditionConditionArgs{
Field: pulumi.String("string"),
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
GroupOperator: pulumi.String("string"),
},
},
GroupOperator: pulumi.String("string"),
MultivalConditions: fastly.NgwafWorkspaceRuleMultivalConditionArray{
&fastly.NgwafWorkspaceRuleMultivalConditionArgs{
Conditions: fastly.NgwafWorkspaceRuleMultivalConditionConditionArray{
&fastly.NgwafWorkspaceRuleMultivalConditionConditionArgs{
Field: pulumi.String("string"),
Operator: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Field: pulumi.String("string"),
GroupOperator: pulumi.String("string"),
Operator: pulumi.String("string"),
},
},
RateLimit: &fastly.NgwafWorkspaceRuleRateLimitArgs{
ClientIdentifiers: fastly.NgwafWorkspaceRuleRateLimitClientIdentifierArray{
&fastly.NgwafWorkspaceRuleRateLimitClientIdentifierArgs{
Type: pulumi.String("string"),
Key: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Duration: pulumi.Int(0),
Interval: pulumi.Int(0),
Signal: pulumi.String("string"),
Threshold: pulumi.Int(0),
},
RequestLogging: pulumi.String("string"),
})
var ngwafWorkspaceRuleResource = new NgwafWorkspaceRule("ngwafWorkspaceRuleResource", NgwafWorkspaceRuleArgs.builder()
.actions(NgwafWorkspaceRuleActionArgs.builder()
.type("string")
.allowInteractive(false)
.deceptionType("string")
.redirectUrl("string")
.responseCode(0)
.signal("string")
.build())
.description("string")
.enabled(false)
.type("string")
.workspaceId("string")
.conditions(NgwafWorkspaceRuleConditionArgs.builder()
.field("string")
.operator("string")
.value("string")
.build())
.groupConditions(NgwafWorkspaceRuleGroupConditionArgs.builder()
.conditions(NgwafWorkspaceRuleGroupConditionConditionArgs.builder()
.field("string")
.operator("string")
.value("string")
.build())
.groupOperator("string")
.build())
.groupOperator("string")
.multivalConditions(NgwafWorkspaceRuleMultivalConditionArgs.builder()
.conditions(NgwafWorkspaceRuleMultivalConditionConditionArgs.builder()
.field("string")
.operator("string")
.value("string")
.build())
.field("string")
.groupOperator("string")
.operator("string")
.build())
.rateLimit(NgwafWorkspaceRuleRateLimitArgs.builder()
.clientIdentifiers(NgwafWorkspaceRuleRateLimitClientIdentifierArgs.builder()
.type("string")
.key("string")
.name("string")
.build())
.duration(0)
.interval(0)
.signal("string")
.threshold(0)
.build())
.requestLogging("string")
.build());
ngwaf_workspace_rule_resource = fastly.NgwafWorkspaceRule("ngwafWorkspaceRuleResource",
actions=[{
"type": "string",
"allow_interactive": False,
"deception_type": "string",
"redirect_url": "string",
"response_code": 0,
"signal": "string",
}],
description="string",
enabled=False,
type="string",
workspace_id="string",
conditions=[{
"field": "string",
"operator": "string",
"value": "string",
}],
group_conditions=[{
"conditions": [{
"field": "string",
"operator": "string",
"value": "string",
}],
"group_operator": "string",
}],
group_operator="string",
multival_conditions=[{
"conditions": [{
"field": "string",
"operator": "string",
"value": "string",
}],
"field": "string",
"group_operator": "string",
"operator": "string",
}],
rate_limit={
"client_identifiers": [{
"type": "string",
"key": "string",
"name": "string",
}],
"duration": 0,
"interval": 0,
"signal": "string",
"threshold": 0,
},
request_logging="string")
const ngwafWorkspaceRuleResource = new fastly.NgwafWorkspaceRule("ngwafWorkspaceRuleResource", {
actions: [{
type: "string",
allowInteractive: false,
deceptionType: "string",
redirectUrl: "string",
responseCode: 0,
signal: "string",
}],
description: "string",
enabled: false,
type: "string",
workspaceId: "string",
conditions: [{
field: "string",
operator: "string",
value: "string",
}],
groupConditions: [{
conditions: [{
field: "string",
operator: "string",
value: "string",
}],
groupOperator: "string",
}],
groupOperator: "string",
multivalConditions: [{
conditions: [{
field: "string",
operator: "string",
value: "string",
}],
field: "string",
groupOperator: "string",
operator: "string",
}],
rateLimit: {
clientIdentifiers: [{
type: "string",
key: "string",
name: "string",
}],
duration: 0,
interval: 0,
signal: "string",
threshold: 0,
},
requestLogging: "string",
});
type: fastly:NgwafWorkspaceRule
properties:
actions:
- allowInteractive: false
deceptionType: string
redirectUrl: string
responseCode: 0
signal: string
type: string
conditions:
- field: string
operator: string
value: string
description: string
enabled: false
groupConditions:
- conditions:
- field: string
operator: string
value: string
groupOperator: string
groupOperator: string
multivalConditions:
- conditions:
- field: string
operator: string
value: string
field: string
groupOperator: string
operator: string
rateLimit:
clientIdentifiers:
- key: string
name: string
type: string
duration: 0
interval: 0
signal: string
threshold: 0
requestLogging: string
type: string
workspaceId: string
NgwafWorkspaceRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NgwafWorkspaceRule resource accepts the following input properties:
- Actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- Conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - Group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Multival
Conditions List<NgwafWorkspace Rule Multival Condition> - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - Rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone.
- Actions
[]Ngwaf
Workspace Rule Action Args - List of actions to perform when the rule matches.
- Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- Conditions
[]Ngwaf
Workspace Rule Condition Args - Flat list of individual conditions. Each must include
field,operator, andvalue. - Group
Conditions []NgwafWorkspace Rule Group Condition Args - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Multival
Conditions []NgwafWorkspace Rule Multival Condition Args - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - Rate
Limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
- conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival
Conditions List<NgwafWorkspace Rule Multival Condition> - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions
Ngwaf
Workspace Rule Action[] - List of actions to perform when the rule matches.
- description string
- The description of the rule.
- enabled boolean
- Whether the rule is currently enabled.
- type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id string - The ID of the workspace.
- conditions
Ngwaf
Workspace Rule Condition[] - Flat list of individual conditions. Each must include
field,operator, andvalue. - group
Conditions NgwafWorkspace Rule Group Condition[] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival
Conditions NgwafWorkspace Rule Multival Condition[] - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions
Sequence[Ngwaf
Workspace Rule Action Args] - List of actions to perform when the rule matches.
- description str
- The description of the rule.
- enabled bool
- Whether the rule is currently enabled.
- type str
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace_
id str - The ID of the workspace.
- conditions
Sequence[Ngwaf
Workspace Rule Condition Args] - Flat list of individual conditions. Each must include
field,operator, andvalue. - group_
conditions Sequence[NgwafWorkspace Rule Group Condition Args] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group_
operator str - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival_
conditions Sequence[NgwafWorkspace Rule Multival Condition Args] - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate_
limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- request_
logging str - Logging behavior for matching requests. Accepted values are
sampledandnone.
- actions List<Property Map>
- List of actions to perform when the rule matches.
- description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
- conditions List<Property Map>
- Flat list of individual conditions. Each must include
field,operator, andvalue. - group
Conditions List<Property Map> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival
Conditions List<Property Map> - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate
Limit Property Map - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone.
Outputs
All input properties are implicitly available as output properties. Additionally, the NgwafWorkspaceRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NgwafWorkspaceRule Resource
Get an existing NgwafWorkspaceRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NgwafWorkspaceRuleState, opts?: CustomResourceOptions): NgwafWorkspaceRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[NgwafWorkspaceRuleActionArgs]] = None,
conditions: Optional[Sequence[NgwafWorkspaceRuleConditionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
group_conditions: Optional[Sequence[NgwafWorkspaceRuleGroupConditionArgs]] = None,
group_operator: Optional[str] = None,
multival_conditions: Optional[Sequence[NgwafWorkspaceRuleMultivalConditionArgs]] = None,
rate_limit: Optional[NgwafWorkspaceRuleRateLimitArgs] = None,
request_logging: Optional[str] = None,
type: Optional[str] = None,
workspace_id: Optional[str] = None) -> NgwafWorkspaceRulefunc GetNgwafWorkspaceRule(ctx *Context, name string, id IDInput, state *NgwafWorkspaceRuleState, opts ...ResourceOption) (*NgwafWorkspaceRule, error)public static NgwafWorkspaceRule Get(string name, Input<string> id, NgwafWorkspaceRuleState? state, CustomResourceOptions? opts = null)public static NgwafWorkspaceRule get(String name, Output<String> id, NgwafWorkspaceRuleState state, CustomResourceOptions options)resources: _: type: fastly:NgwafWorkspaceRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- Conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Multival
Conditions List<NgwafWorkspace Rule Multival Condition> - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - Rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone. - Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- Actions
[]Ngwaf
Workspace Rule Action Args - List of actions to perform when the rule matches.
- Conditions
[]Ngwaf
Workspace Rule Condition Args - Flat list of individual conditions. Each must include
field,operator, andvalue. - Description string
- The description of the rule.
- Enabled bool
- Whether the rule is currently enabled.
- Group
Conditions []NgwafWorkspace Rule Group Condition Args - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - Group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - Multival
Conditions []NgwafWorkspace Rule Multival Condition Args - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - Rate
Limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- Request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone. - Type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - Workspace
Id string - The ID of the workspace.
- actions
List<Ngwaf
Workspace Rule Action> - List of actions to perform when the rule matches.
- conditions
List<Ngwaf
Workspace Rule Condition> - Flat list of individual conditions. Each must include
field,operator, andvalue. - description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- group
Conditions List<NgwafWorkspace Rule Group Condition> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival
Conditions List<NgwafWorkspace Rule Multival Condition> - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone. - type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
- actions
Ngwaf
Workspace Rule Action[] - List of actions to perform when the rule matches.
- conditions
Ngwaf
Workspace Rule Condition[] - Flat list of individual conditions. Each must include
field,operator, andvalue. - description string
- The description of the rule.
- enabled boolean
- Whether the rule is currently enabled.
- group
Conditions NgwafWorkspace Rule Group Condition[] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator string - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival
Conditions NgwafWorkspace Rule Multival Condition[] - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate
Limit NgwafWorkspace Rule Rate Limit - Block specifically for rate*limit rules.
- request
Logging string - Logging behavior for matching requests. Accepted values are
sampledandnone. - type string
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id string - The ID of the workspace.
- actions
Sequence[Ngwaf
Workspace Rule Action Args] - List of actions to perform when the rule matches.
- conditions
Sequence[Ngwaf
Workspace Rule Condition Args] - Flat list of individual conditions. Each must include
field,operator, andvalue. - description str
- The description of the rule.
- enabled bool
- Whether the rule is currently enabled.
- group_
conditions Sequence[NgwafWorkspace Rule Group Condition Args] - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group_
operator str - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival_
conditions Sequence[NgwafWorkspace Rule Multival Condition Args] - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate_
limit NgwafWorkspace Rule Rate Limit Args - Block specifically for rate*limit rules.
- request_
logging str - Logging behavior for matching requests. Accepted values are
sampledandnone. - type str
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace_
id str - The ID of the workspace.
- actions List<Property Map>
- List of actions to perform when the rule matches.
- conditions List<Property Map>
- Flat list of individual conditions. Each must include
field,operator, andvalue. - description String
- The description of the rule.
- enabled Boolean
- Whether the rule is currently enabled.
- group
Conditions List<Property Map> - List of grouped conditions with nested logic. Each group must define a
group_operatorand at least one condition. - group
Operator String - Logical operator to apply to group conditions. Accepted values are
anyandall. - multival
Conditions List<Property Map> - List of multival conditions with nested logic. Each multival list must define a
field, operator,<span pulumi-lang-nodejs=" groupOperator" pulumi-lang-dotnet=" GroupOperator" pulumi-lang-go=" groupOperator" pulumi-lang-python=" group_operator" pulumi-lang-yaml=" groupOperator" pulumi-lang-java=" groupOperator"> group_operatorand at least one condition. - rate
Limit Property Map - Block specifically for rate*limit rules.
- request
Logging String - Logging behavior for matching requests. Accepted values are
sampledandnone. - type String
- The type of the rule. Accepted values are
request,signal,rate_limit, andtemplated_signal. - workspace
Id String - The ID of the workspace.
Supporting Types
NgwafWorkspaceRuleAction, NgwafWorkspaceRuleActionArgs
- Type string
- The action type. One of:
add_signal,allow,block,browser_challenge,dynamic_challenge,exclude_signal,verify_tokenor for rate limit rule valid values:log_request,block_signal,browser_challenge,verify_token - Allow
Interactive bool - Specifies if interaction is allowed (used when
type =<span pulumi-lang-nodejs=" browserChallenge" pulumi-lang-dotnet=" BrowserChallenge" pulumi-lang-go=" browserChallenge" pulumi-lang-python=" browser_challenge" pulumi-lang-yaml=" browserChallenge" pulumi-lang-java=" browserChallenge"> browser_challenge). - Deception
Type string - specifies the type of deception (used when
type = deception). - Redirect
Url string - Redirect target (used when
type = redirect). - Response
Code int - Response code used with redirect.
- Signal string
- Signal name to exclude (used when
type =<span pulumi-lang-nodejs=" excludeSignal" pulumi-lang-dotnet=" ExcludeSignal" pulumi-lang-go=" excludeSignal" pulumi-lang-python=" exclude_signal" pulumi-lang-yaml=" excludeSignal" pulumi-lang-java=" excludeSignal"> exclude_signal).
- Type string
- The action type. One of:
add_signal,allow,block,browser_challenge,dynamic_challenge,exclude_signal,verify_tokenor for rate limit rule valid values:log_request,block_signal,browser_challenge,verify_token - Allow
Interactive bool - Specifies if interaction is allowed (used when
type =<span pulumi-lang-nodejs=" browserChallenge" pulumi-lang-dotnet=" BrowserChallenge" pulumi-lang-go=" browserChallenge" pulumi-lang-python=" browser_challenge" pulumi-lang-yaml=" browserChallenge" pulumi-lang-java=" browserChallenge"> browser_challenge). - Deception
Type string - specifies the type of deception (used when
type = deception). - Redirect
Url string - Redirect target (used when
type = redirect). - Response
Code int - Response code used with redirect.
- Signal string
- Signal name to exclude (used when
type =<span pulumi-lang-nodejs=" excludeSignal" pulumi-lang-dotnet=" ExcludeSignal" pulumi-lang-go=" excludeSignal" pulumi-lang-python=" exclude_signal" pulumi-lang-yaml=" excludeSignal" pulumi-lang-java=" excludeSignal"> exclude_signal).
- type String
- The action type. One of:
add_signal,allow,block,browser_challenge,dynamic_challenge,exclude_signal,verify_tokenor for rate limit rule valid values:log_request,block_signal,browser_challenge,verify_token - allow
Interactive Boolean - Specifies if interaction is allowed (used when
type =<span pulumi-lang-nodejs=" browserChallenge" pulumi-lang-dotnet=" BrowserChallenge" pulumi-lang-go=" browserChallenge" pulumi-lang-python=" browser_challenge" pulumi-lang-yaml=" browserChallenge" pulumi-lang-java=" browserChallenge"> browser_challenge). - deception
Type String - specifies the type of deception (used when
type = deception). - redirect
Url String - Redirect target (used when
type = redirect). - response
Code Integer - Response code used with redirect.
- signal String
- Signal name to exclude (used when
type =<span pulumi-lang-nodejs=" excludeSignal" pulumi-lang-dotnet=" ExcludeSignal" pulumi-lang-go=" excludeSignal" pulumi-lang-python=" exclude_signal" pulumi-lang-yaml=" excludeSignal" pulumi-lang-java=" excludeSignal"> exclude_signal).
- type string
- The action type. One of:
add_signal,allow,block,browser_challenge,dynamic_challenge,exclude_signal,verify_tokenor for rate limit rule valid values:log_request,block_signal,browser_challenge,verify_token - allow
Interactive boolean - Specifies if interaction is allowed (used when
type =<span pulumi-lang-nodejs=" browserChallenge" pulumi-lang-dotnet=" BrowserChallenge" pulumi-lang-go=" browserChallenge" pulumi-lang-python=" browser_challenge" pulumi-lang-yaml=" browserChallenge" pulumi-lang-java=" browserChallenge"> browser_challenge). - deception
Type string - specifies the type of deception (used when
type = deception). - redirect
Url string - Redirect target (used when
type = redirect). - response
Code number - Response code used with redirect.
- signal string
- Signal name to exclude (used when
type =<span pulumi-lang-nodejs=" excludeSignal" pulumi-lang-dotnet=" ExcludeSignal" pulumi-lang-go=" excludeSignal" pulumi-lang-python=" exclude_signal" pulumi-lang-yaml=" excludeSignal" pulumi-lang-java=" excludeSignal"> exclude_signal).
- type str
- The action type. One of:
add_signal,allow,block,browser_challenge,dynamic_challenge,exclude_signal,verify_tokenor for rate limit rule valid values:log_request,block_signal,browser_challenge,verify_token - allow_
interactive bool - Specifies if interaction is allowed (used when
type =<span pulumi-lang-nodejs=" browserChallenge" pulumi-lang-dotnet=" BrowserChallenge" pulumi-lang-go=" browserChallenge" pulumi-lang-python=" browser_challenge" pulumi-lang-yaml=" browserChallenge" pulumi-lang-java=" browserChallenge"> browser_challenge). - deception_
type str - specifies the type of deception (used when
type = deception). - redirect_
url str - Redirect target (used when
type = redirect). - response_
code int - Response code used with redirect.
- signal str
- Signal name to exclude (used when
type =<span pulumi-lang-nodejs=" excludeSignal" pulumi-lang-dotnet=" ExcludeSignal" pulumi-lang-go=" excludeSignal" pulumi-lang-python=" exclude_signal" pulumi-lang-yaml=" excludeSignal" pulumi-lang-java=" excludeSignal"> exclude_signal).
- type String
- The action type. One of:
add_signal,allow,block,browser_challenge,dynamic_challenge,exclude_signal,verify_tokenor for rate limit rule valid values:log_request,block_signal,browser_challenge,verify_token - allow
Interactive Boolean - Specifies if interaction is allowed (used when
type =<span pulumi-lang-nodejs=" browserChallenge" pulumi-lang-dotnet=" BrowserChallenge" pulumi-lang-go=" browserChallenge" pulumi-lang-python=" browser_challenge" pulumi-lang-yaml=" browserChallenge" pulumi-lang-java=" browserChallenge"> browser_challenge). - deception
Type String - specifies the type of deception (used when
type = deception). - redirect
Url String - Redirect target (used when
type = redirect). - response
Code Number - Response code used with redirect.
- signal String
- Signal name to exclude (used when
type =<span pulumi-lang-nodejs=" excludeSignal" pulumi-lang-dotnet=" ExcludeSignal" pulumi-lang-go=" excludeSignal" pulumi-lang-python=" exclude_signal" pulumi-lang-yaml=" excludeSignal" pulumi-lang-java=" excludeSignal"> exclude_signal).
NgwafWorkspaceRuleCondition, NgwafWorkspaceRuleConditionArgs
NgwafWorkspaceRuleGroupCondition, NgwafWorkspaceRuleGroupConditionArgs
- Conditions
List<Ngwaf
Workspace Rule Group Condition Condition> - A list of nested conditions in this group.
- Group
Operator string - Logical operator for the group. Accepted values are
anyandall.
- Conditions
[]Ngwaf
Workspace Rule Group Condition Condition - A list of nested conditions in this group.
- Group
Operator string - Logical operator for the group. Accepted values are
anyandall.
- conditions
List<Ngwaf
Workspace Rule Group Condition Condition> - A list of nested conditions in this group.
- group
Operator String - Logical operator for the group. Accepted values are
anyandall.
- conditions
Ngwaf
Workspace Rule Group Condition Condition[] - A list of nested conditions in this group.
- group
Operator string - Logical operator for the group. Accepted values are
anyandall.
- conditions
Sequence[Ngwaf
Workspace Rule Group Condition Condition] - A list of nested conditions in this group.
- group_
operator str - Logical operator for the group. Accepted values are
anyandall.
- conditions List<Property Map>
- A list of nested conditions in this group.
- group
Operator String - Logical operator for the group. Accepted values are
anyandall.
NgwafWorkspaceRuleGroupConditionCondition, NgwafWorkspaceRuleGroupConditionConditionArgs
NgwafWorkspaceRuleMultivalCondition, NgwafWorkspaceRuleMultivalConditionArgs
- Conditions
List<Ngwaf
Workspace Rule Multival Condition Condition> - A list of nested conditions in this list.
- Field string
- Enums for multival condition field.. Accepted values are
post_parameter,query_parameter,request_cookie,request_header,response_header, andsignal. - Group
Operator string - Logical operator for the group. Accepted values are
anyandall. - Operator string
- Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Accepted values are
existsanddoes_not_exist.
- Conditions
[]Ngwaf
Workspace Rule Multival Condition Condition - A list of nested conditions in this list.
- Field string
- Enums for multival condition field.. Accepted values are
post_parameter,query_parameter,request_cookie,request_header,response_header, andsignal. - Group
Operator string - Logical operator for the group. Accepted values are
anyandall. - Operator string
- Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Accepted values are
existsanddoes_not_exist.
- conditions
List<Ngwaf
Workspace Rule Multival Condition Condition> - A list of nested conditions in this list.
- field String
- Enums for multival condition field.. Accepted values are
post_parameter,query_parameter,request_cookie,request_header,response_header, andsignal. - group
Operator String - Logical operator for the group. Accepted values are
anyandall. - operator String
- Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Accepted values are
existsanddoes_not_exist.
- conditions
Ngwaf
Workspace Rule Multival Condition Condition[] - A list of nested conditions in this list.
- field string
- Enums for multival condition field.. Accepted values are
post_parameter,query_parameter,request_cookie,request_header,response_header, andsignal. - group
Operator string - Logical operator for the group. Accepted values are
anyandall. - operator string
- Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Accepted values are
existsanddoes_not_exist.
- conditions
Sequence[Ngwaf
Workspace Rule Multival Condition Condition] - A list of nested conditions in this list.
- field str
- Enums for multival condition field.. Accepted values are
post_parameter,query_parameter,request_cookie,request_header,response_header, andsignal. - group_
operator str - Logical operator for the group. Accepted values are
anyandall. - operator str
- Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Accepted values are
existsanddoes_not_exist.
- conditions List<Property Map>
- A list of nested conditions in this list.
- field String
- Enums for multival condition field.. Accepted values are
post_parameter,query_parameter,request_cookie,request_header,response_header, andsignal. - group
Operator String - Logical operator for the group. Accepted values are
anyandall. - operator String
- Indicates whether the supplied conditions will check for existence or non-existence of matching field values. Accepted values are
existsanddoes_not_exist.
NgwafWorkspaceRuleMultivalConditionCondition, NgwafWorkspaceRuleMultivalConditionConditionArgs
NgwafWorkspaceRuleRateLimit, NgwafWorkspaceRuleRateLimitArgs
- Client
Identifiers List<NgwafWorkspace Rule Rate Limit Client Identifier> - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- Duration int
- Duration in seconds for the rate limit.
- Interval int
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- Signal string
- Reference ID of the custom signal this rule uses to count requests.
- Threshold int
- Rate limit threshold. Minimum 1 and maximum 10,000.
- Client
Identifiers []NgwafWorkspace Rule Rate Limit Client Identifier - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- Duration int
- Duration in seconds for the rate limit.
- Interval int
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- Signal string
- Reference ID of the custom signal this rule uses to count requests.
- Threshold int
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client
Identifiers List<NgwafWorkspace Rule Rate Limit Client Identifier> - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration Integer
- Duration in seconds for the rate limit.
- interval Integer
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal String
- Reference ID of the custom signal this rule uses to count requests.
- threshold Integer
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client
Identifiers NgwafWorkspace Rule Rate Limit Client Identifier[] - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration number
- Duration in seconds for the rate limit.
- interval number
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal string
- Reference ID of the custom signal this rule uses to count requests.
- threshold number
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client_
identifiers Sequence[NgwafWorkspace Rule Rate Limit Client Identifier] - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration int
- Duration in seconds for the rate limit.
- interval int
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal str
- Reference ID of the custom signal this rule uses to count requests.
- threshold int
- Rate limit threshold. Minimum 1 and maximum 10,000.
- client
Identifiers List<Property Map> - List of client identifiers used for rate limiting. Can only be length 1 or 2.
- duration Number
- Duration in seconds for the rate limit.
- interval Number
- Time interval for the rate limit in seconds. Accepted values are 60, 600, and 3600.
- signal String
- Reference ID of the custom signal this rule uses to count requests.
- threshold Number
- Rate limit threshold. Minimum 1 and maximum 10,000.
NgwafWorkspaceRuleRateLimitClientIdentifier, NgwafWorkspaceRuleRateLimitClientIdentifierArgs
Import
Fastly Next-Gen WAF workspace rules can be imported using the format <workspaceID>/<ruleID>, e.g.:
$ pulumi import fastly:index/ngwafWorkspaceRule:NgwafWorkspaceRule demo <workspaceID>/<ruleID>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Fastly pulumi/pulumi-fastly
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
fastlyTerraform Provider.
