waf.oracle.com/v1beta1¶
APIVersion: waf.oracle.com/v1beta1
This content is generated from the checked-in CRD schemas in config/crd/bases/. If a description is missing or incorrect, fix the source comments or generator inputs and rerun make generate manifests; do not hand-edit config/crd/bases/*.yaml.
Packages¶
No customer-visible package currently exposes waf.oracle.com/v1beta1.
Resources¶
| Kind | Scope | Sample | Packages |
|---|---|---|---|
| NetworkAddressList | Namespaced | Sample | - |
| WebAppFirewall | Namespaced | Sample | - |
| WebAppFirewallPolicy | Namespaced | Sample | - |
NetworkAddressList¶
NetworkAddressList is the Schema for the networkaddresslists API.
Plural:networkaddresslistsScope:NamespacedAPIVersion:waf.oracle.com/v1beta1Sample: Sample (config/samples/waf_v1beta1_networkaddresslist.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
NetworkAddressListSpec defines the desired state of NetworkAddressList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
addresses |
A list of IP address prefixes in CIDR notation. To specify all addresses, use "0.0.0.0/0" for IPv4 and "::/0" for IPv6. | list[string] |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
NetworkAddressList display name, can be renamed. | string |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No | - | - |
jsonData |
- | string |
No | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
type |
- | string |
No | - | - |
vcnAddresses |
A list of private address prefixes, each associated with a particular VCN. To specify all addresses in a VCN, use "0.0.0.0/0" for IPv4 and "::/0" for IPv6. | list[object] |
No | - | - |
Spec.vcnAddresses[]¶
Back to NetworkAddressList spec
NetworkAddressListVcnAddress defines nested fields for NetworkAddressList.VcnAddress.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
addresses |
A private IP address or CIDR IP address range. | string |
Yes | - | - |
vcnId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the VCN. | string |
Yes | - | - |
Status¶
NetworkAddressListStatus defines the observed state of NetworkAddressList.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
addresses |
A list of IP address prefixes in CIDR notation. To specify all addresses, use "0.0.0.0/0" for IPv4 and "::/0" for IPv6. | list[string] |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
NetworkAddressList display name, can be renamed. | string |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No | - | - |
id |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the NetworkAddressList. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
lifecycleDetails |
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in FAILED state. | string |
No | - | - |
lifecycleState |
The current state of the NetworkAddressList. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time the NetworkAddressList was created. An RFC3339 formatted datetime string. | string |
No | - | - |
timeUpdated |
The time the NetworkAddressList was updated. An RFC3339 formatted datetime string. | string |
No | - | - |
type |
- | string |
No | - | - |
vcnAddresses |
A list of private address prefixes, each associated with a particular VCN. To specify all addresses in a VCN, use "0.0.0.0/0" for IPv4 and "::/0" for IPv6. | list[object] |
No | - | - |
Status.status¶
Back to NetworkAddressList status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to NetworkAddressList status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to NetworkAddressList status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to NetworkAddressList status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
Status.vcnAddresses[]¶
Back to NetworkAddressList status
NetworkAddressListVcnAddress defines nested fields for NetworkAddressList.VcnAddress.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
addresses |
A private IP address or CIDR IP address range. | string |
Yes | - | - |
vcnId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the VCN. | string |
Yes | - | - |
WebAppFirewall¶
WebAppFirewall is the Schema for the webappfirewalls API.
Plural:webappfirewallsScope:NamespacedAPIVersion:waf.oracle.com/v1beta1Sample: Sample (config/samples/waf_v1beta1_webappfirewall.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
WebAppFirewallSpec defines the desired state of WebAppFirewall.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
backendType |
- | string |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
WebAppFirewall display name, can be renamed. | string |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No | - | - |
jsonData |
- | string |
No | - | - |
loadBalancerId |
LoadBalancer OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) to which the WebAppFirewallPolicy is attached to. | string |
No | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
webAppFirewallPolicyId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of WebAppFirewallPolicy, which is attached to the resource. | string |
Yes | - | - |
Status¶
WebAppFirewallStatus defines the observed state of WebAppFirewall.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
backendType |
- | string |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
WebAppFirewall display name, can be renamed. | string |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No | - | - |
id |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the WebAppFirewall. | string |
No | - | - |
jsonData |
- | string |
No | - | - |
lifecycleDetails |
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in FAILED state. | string |
No | - | - |
lifecycleState |
The current state of the WebAppFirewall. | string |
No | - | - |
loadBalancerId |
LoadBalancer OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) to which the WebAppFirewallPolicy is attached to. | string |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time the WebAppFirewall was created. An RFC3339 formatted datetime string. | string |
No | - | - |
timeUpdated |
The time the WebAppFirewall was updated. An RFC3339 formatted datetime string. | string |
No | - | - |
webAppFirewallPolicyId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of WebAppFirewallPolicy, which is attached to the resource. | string |
No | - | - |
Status.status¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |
WebAppFirewallPolicy¶
WebAppFirewallPolicy is the Schema for the webappfirewallpolicies API.
Plural:webappfirewallpoliciesScope:NamespacedAPIVersion:waf.oracle.com/v1beta1Sample: Sample (config/samples/waf_v1beta1_webappfirewallpolicy.yaml)Packages: Not currently exposed by a customer-visible package.
Spec¶
WebAppFirewallPolicySpec defines the desired state of WebAppFirewallPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actions |
Predefined actions for use in multiple different rules. Not all actions are supported in every module. Some actions terminate further execution of modules and rules in a module and some do not. Actions names must be unique within this array. | list[object] |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment. | string |
Yes | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
WebAppFirewallPolicy display name, can be renamed. | string |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No | - | - |
requestAccessControl |
WebAppFirewallPolicyRequestAccessControl defines nested fields for WebAppFirewallPolicy.RequestAccessControl. | object |
No | - | - |
requestProtection |
WebAppFirewallPolicyRequestProtection defines nested fields for WebAppFirewallPolicy.RequestProtection. | object |
No | - | - |
requestRateLimiting |
WebAppFirewallPolicyRequestRateLimiting defines nested fields for WebAppFirewallPolicy.RequestRateLimiting. | object |
No | - | - |
responseAccessControl |
WebAppFirewallPolicyResponseAccessControl defines nested fields for WebAppFirewallPolicy.ResponseAccessControl. | object |
No | - | - |
responseProtection |
WebAppFirewallPolicyResponseProtection defines nested fields for WebAppFirewallPolicy.ResponseProtection. | object |
No | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
Spec.actions[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyAction defines nested fields for WebAppFirewallPolicy.Action.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
body |
WebAppFirewallPolicyActionBody defines nested fields for WebAppFirewallPolicy.Action.Body. | object |
No | - | - |
code |
Response code. The following response codes are valid values for this property: * 2xx 200 OK 201 Created 202 Accepted 206 Partial Content * 3xx 300 Multiple Choices 301 Moved Permanently 302 Found 303 See Other 307 Temporary Redirect * 4xx 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 405 Method Not Allowed 408 Request Timeout 409 Conflict 411 Length Required 412 Precondition Failed 413 Payload Too Large 414 URI Too Long 415 Unsupported Media Type 416 Range Not Satisfiable 422 Unprocessable Entity 429 Too Many Requests 494 Request Header Too Large 495 Cert Error 496 No Cert 497 HTTP to HTTPS * 5xx 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 507 Insufficient Storage Example: 200 |
integer |
No | - | - |
headers |
Adds headers defined in this array for HTTP response. Hop-by-hop headers are not allowed to be set: * Connection * Keep-Alive * Proxy-Authenticate * Proxy-Authorization * TE * Trailer * Transfer-Encoding * Upgrade | list[object] |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Action name. Can be used to reference the action. | string |
Yes | - | - |
type |
- | string |
No | - | - |
Spec.actions[].body¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyActionBody defines nested fields for WebAppFirewallPolicy.Action.Body.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
jsonData |
- | string |
No | - | - |
template |
Dynamic response body | string |
No | - | - |
text |
Static response body text. | string |
No | - | - |
type |
- | string |
No | - | - |
Spec.actions[].headers[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyActionHeader defines nested fields for WebAppFirewallPolicy.Action.Header.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
name |
The name of the header field. | string |
Yes | - | - |
value |
The value of the header field. | string |
Yes | - | - |
Spec.requestAccessControl¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestAccessControl defines nested fields for WebAppFirewallPolicy.RequestAccessControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
defaultActionName |
References an default Action to take if no AccessControlRule was matched. Allowed action types: * ALLOW continues execution of other modules and their rules. * RETURN_HTTP_RESPONSE terminates further execution of modules and rules and returns defined HTTP response. | string |
Yes | - | - |
rules |
Ordered list of AccessControlRules. Rules are executed in order of appearance in this array. | list[object] |
No | - | - |
Spec.requestAccessControl.rules[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestAccessControlRule defines nested fields for WebAppFirewallPolicy.RequestAccessControl.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
Spec.requestProtection¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestProtection defines nested fields for WebAppFirewallPolicy.RequestProtection.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
bodyInspectionSizeLimitExceededActionName |
References action by name from actions defined in WebAppFirewallPolicy. Executed if HTTP message body size exceeds limit set in field bodyInspectionSizeLimitInBytes. If this field is null HTTP message body will inspected up to bodyInspectionSizeLimitInBytes and the rest will not be inspected by Protection Capabilities. Allowed action types: * RETURN_HTTP_RESPONSE terminates further execution of modules and rules and returns defined HTTP response. |
string |
No | - | - |
bodyInspectionSizeLimitInBytes |
Maximum size of inspected HTTP message body in bytes. Actions to take if this limit is exceeded are defined in bodyInspectionSizeLimitExceededActionName. Body inspection maximum size allowed is defined with per-tenancy limit: 8192 bytes. |
integer |
No | - | - |
rules |
Ordered list of ProtectionRules. Rules are executed in order of appearance in this array. ProtectionRules in this array can only use protection Capabilities of REQUEST_PROTECTION_CAPABILITY type. | list[object] |
No | - | - |
Spec.requestProtection.rules[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestProtectionRule defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
isBodyInspectionEnabled |
Enables/disables body inspection for this protection rule. Only Protection Rules in RequestProtection can have this option enabled. Response body inspection will be available at a later date. | boolean |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
protectionCapabilities |
An ordered list that references OCI-managed protection capabilities. Referenced protection capabilities are not necessarily executed in order of appearance. Their execution order is decided at runtime for improved performance. The array cannot contain entries with the same pair of capability key and version more than once. | list[object] |
Yes | - | - |
protectionCapabilitySettings |
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapabilitySettings. | object |
No | - | - |
Spec.requestProtection.rules[].protectionCapabilities[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestProtectionRuleProtectionCapability defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
Override action to take if capability was triggered, defined in Protection Rule for this capability. Only actions of type CHECK are allowed. | string |
No | - | - |
collaborativeActionThreshold |
The minimum sum of weights of associated collaborative protection capabilities that have triggered which must be reached in order for this capability to trigger. This field is ignored for non-collaborative capabilities. | integer |
No | - | - |
collaborativeWeights |
Explicit weight values to use for associated collaborative protection capabilities. | list[object] |
No | - | - |
exclusions |
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.Exclusions. | object |
No | - | - |
key |
Unique key of referenced protection capability. | string |
Yes | - | - |
version |
Version of referenced protection capability. | integer |
Yes | - | - |
Spec.requestProtection.rules[].protectionCapabilities[].collaborativeWeights[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilityCollaborativeWeight defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.CollaborativeWeight.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
key |
Unique key of collaborative capability for which weight will be overridden. | string |
Yes | - | - |
weight |
The value of weight to set. | integer |
Yes | - | - |
Spec.requestProtection.rules[].protectionCapabilities[].exclusions¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.Exclusions.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
args |
List of URL query parameter values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from inspecting. Example: If we have query parameter 'argumentName=argumentValue' and args=['argumentName'], both 'argumentName' and 'argumentValue' will not be inspected. | list[string] |
No | - | - |
requestCookies |
List of HTTP request cookie values (by cookie name) to exclude from inspecting. Example: If we have cookie 'cookieName=cookieValue' and requestCookies=['cookieName'], both 'cookieName' and 'cookieValue' will not be inspected. | list[string] |
No | - | - |
Spec.requestProtection.rules[].protectionCapabilitySettings¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapabilitySettings.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
allowedHttpMethods |
List of allowed HTTP methods. Each value as a RFC7230 formated token string. Used in protection capability 911100: Restrict HTTP Request Methods. | list[string] |
No | - | - |
maxHttpRequestHeaderLength |
Maximum allowed length of headers in an HTTP request. Used in protection capability: 9200024: Limit length of request header size. | integer |
No | - | - |
maxHttpRequestHeaders |
Maximum number of headers allowed in an HTTP request. Used in protection capability 9200014: Limit Number of Request Headers. | integer |
No | - | - |
maxNumberOfArguments |
Maximum number of arguments allowed. Used in protection capability 920380: Number of Arguments Limits. | integer |
No | - | - |
maxSingleArgumentLength |
Maximum allowed length of a single argument. Used in protection capability 920370: Limit argument value length. | integer |
No | - | - |
maxTotalArgumentLength |
Maximum allowed total length of all arguments. Used in protection capability 920390: Limit arguments total length. | integer |
No | - | - |
Spec.requestRateLimiting¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestRateLimiting defines nested fields for WebAppFirewallPolicy.RequestRateLimiting.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
rules |
Ordered list of RequestRateLimitingRules. Rules are executed in order of appearance in this array. | list[object] |
No | - | - |
Spec.requestRateLimiting.rules[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestRateLimitingRule defines nested fields for WebAppFirewallPolicy.RequestRateLimiting.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
configurations |
Rate Limiting Configurations. Each configuration counts requests towards its own requestsLimit. |
list[object] |
Yes | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
Spec.requestRateLimiting.rules[].configurations[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyRequestRateLimitingRuleConfiguration defines nested fields for WebAppFirewallPolicy.RequestRateLimiting.Rule.Configuration.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionDurationInSeconds |
Duration of block action application in seconds when requestsLimit is reached. Optional and can be 0 (no block duration). |
integer |
No | - | - |
periodInSeconds |
Evaluation period in seconds. | integer |
Yes | - | - |
requestsLimit |
Requests allowed per evaluation period. | integer |
Yes | - | - |
Spec.responseAccessControl¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseAccessControl defines nested fields for WebAppFirewallPolicy.ResponseAccessControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
rules |
Ordered list of AccessControlRules. Rules are executed in order of appearance in this array. | list[object] |
No | - | - |
Spec.responseAccessControl.rules[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseAccessControlRule defines nested fields for WebAppFirewallPolicy.ResponseAccessControl.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
Spec.responseProtection¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseProtection defines nested fields for WebAppFirewallPolicy.ResponseProtection.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
rules |
Ordered list of ProtectionRules. Rules are executed in order of appearance in this array. ProtectionRules in this array can only use protection capabilities of RESPONSE_PROTECTION_CAPABILITY type. | list[object] |
No | - | - |
Spec.responseProtection.rules[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseProtectionRule defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
isBodyInspectionEnabled |
Enables/disables body inspection for this protection rule. Only Protection Rules in RequestProtection can have this option enabled. Response body inspection will be available at a later date. | boolean |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
protectionCapabilities |
An ordered list that references OCI-managed protection capabilities. Referenced protection capabilities are not necessarily executed in order of appearance. Their execution order is decided at runtime for improved performance. The array cannot contain entries with the same pair of capability key and version more than once. | list[object] |
Yes | - | - |
protectionCapabilitySettings |
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapabilitySettings. | object |
No | - | - |
Spec.responseProtection.rules[].protectionCapabilities[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseProtectionRuleProtectionCapability defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
Override action to take if capability was triggered, defined in Protection Rule for this capability. Only actions of type CHECK are allowed. | string |
No | - | - |
collaborativeActionThreshold |
The minimum sum of weights of associated collaborative protection capabilities that have triggered which must be reached in order for this capability to trigger. This field is ignored for non-collaborative capabilities. | integer |
No | - | - |
collaborativeWeights |
Explicit weight values to use for associated collaborative protection capabilities. | list[object] |
No | - | - |
exclusions |
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.Exclusions. | object |
No | - | - |
key |
Unique key of referenced protection capability. | string |
Yes | - | - |
version |
Version of referenced protection capability. | integer |
Yes | - | - |
Spec.responseProtection.rules[].protectionCapabilities[].collaborativeWeights[]¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilityCollaborativeWeight defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.CollaborativeWeight.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
key |
Unique key of collaborative capability for which weight will be overridden. | string |
Yes | - | - |
weight |
The value of weight to set. | integer |
Yes | - | - |
Spec.responseProtection.rules[].protectionCapabilities[].exclusions¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.Exclusions.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
args |
List of URL query parameter values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from inspecting. Example: If we have query parameter 'argumentName=argumentValue' and args=['argumentName'], both 'argumentName' and 'argumentValue' will not be inspected. | list[string] |
No | - | - |
requestCookies |
List of HTTP request cookie values (by cookie name) to exclude from inspecting. Example: If we have cookie 'cookieName=cookieValue' and requestCookies=['cookieName'], both 'cookieName' and 'cookieValue' will not be inspected. | list[string] |
No | - | - |
Spec.responseProtection.rules[].protectionCapabilitySettings¶
Back to WebAppFirewallPolicy spec
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapabilitySettings.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
allowedHttpMethods |
List of allowed HTTP methods. Each value as a RFC7230 formated token string. Used in protection capability 911100: Restrict HTTP Request Methods. | list[string] |
No | - | - |
maxHttpRequestHeaderLength |
Maximum allowed length of headers in an HTTP request. Used in protection capability: 9200024: Limit length of request header size. | integer |
No | - | - |
maxHttpRequestHeaders |
Maximum number of headers allowed in an HTTP request. Used in protection capability 9200014: Limit Number of Request Headers. | integer |
No | - | - |
maxNumberOfArguments |
Maximum number of arguments allowed. Used in protection capability 920380: Number of Arguments Limits. | integer |
No | - | - |
maxSingleArgumentLength |
Maximum allowed length of a single argument. Used in protection capability 920370: Limit argument value length. | integer |
No | - | - |
maxTotalArgumentLength |
Maximum allowed total length of all arguments. Used in protection capability 920390: Limit arguments total length. | integer |
No | - | - |
Status¶
WebAppFirewallPolicyStatus defines the observed state of WebAppFirewallPolicy.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actions |
Predefined actions for use in multiple different rules. Not all actions are supported in every module. Some actions terminate further execution of modules and rules in a module and some do not. Actions names must be unique within this array. | list[object] |
No | - | - |
compartmentId |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the compartment. | string |
No | - | - |
definedTags |
Defined tags for this resource. Each key is predefined and scoped to a namespace. Example: {"foo-namespace": {"bar-key": "value"}} |
map[string, map[string, string]] |
No | - | - |
displayName |
WebAppFirewallPolicy display name, can be renamed. | string |
No | - | - |
freeformTags |
Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: {"bar-key": "value"} |
map[string, string] |
No | - | - |
id |
The OCID (https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm) of the WebAppFirewallPolicy. | string |
No | - | - |
lifecycleDetails |
A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in FAILED state. | string |
No | - | - |
lifecycleState |
The current state of the WebAppFirewallPolicy. | string |
No | - | - |
requestAccessControl |
WebAppFirewallPolicyRequestAccessControl defines nested fields for WebAppFirewallPolicy.RequestAccessControl. | object |
No | - | - |
requestProtection |
WebAppFirewallPolicyRequestProtection defines nested fields for WebAppFirewallPolicy.RequestProtection. | object |
No | - | - |
requestRateLimiting |
WebAppFirewallPolicyRequestRateLimiting defines nested fields for WebAppFirewallPolicy.RequestRateLimiting. | object |
No | - | - |
responseAccessControl |
WebAppFirewallPolicyResponseAccessControl defines nested fields for WebAppFirewallPolicy.ResponseAccessControl. | object |
No | - | - |
responseProtection |
WebAppFirewallPolicyResponseProtection defines nested fields for WebAppFirewallPolicy.ResponseProtection. | object |
No | - | - |
status |
- | object |
Yes | - | - |
systemTags |
Usage of system tag keys. These predefined keys are scoped to namespaces. Example: {"orcl-cloud": {"free-tier-retained": "true"}} |
map[string, map[string, string]] |
No | - | - |
timeCreated |
The time the WebAppFirewallPolicy was created. An RFC3339 formatted datetime string. | string |
No | - | - |
timeUpdated |
The time the WebAppFirewallPolicy was updated. An RFC3339 formatted datetime string. | string |
No | - | - |
Status.actions[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyAction defines nested fields for WebAppFirewallPolicy.Action.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
body |
WebAppFirewallPolicyActionBody defines nested fields for WebAppFirewallPolicy.Action.Body. | object |
No | - | - |
code |
Response code. The following response codes are valid values for this property: * 2xx 200 OK 201 Created 202 Accepted 206 Partial Content * 3xx 300 Multiple Choices 301 Moved Permanently 302 Found 303 See Other 307 Temporary Redirect * 4xx 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 405 Method Not Allowed 408 Request Timeout 409 Conflict 411 Length Required 412 Precondition Failed 413 Payload Too Large 414 URI Too Long 415 Unsupported Media Type 416 Range Not Satisfiable 422 Unprocessable Entity 429 Too Many Requests 494 Request Header Too Large 495 Cert Error 496 No Cert 497 HTTP to HTTPS * 5xx 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 507 Insufficient Storage Example: 200 |
integer |
No | - | - |
headers |
Adds headers defined in this array for HTTP response. Hop-by-hop headers are not allowed to be set: * Connection * Keep-Alive * Proxy-Authenticate * Proxy-Authorization * TE * Trailer * Transfer-Encoding * Upgrade | list[object] |
No | - | - |
jsonData |
- | string |
No | - | - |
name |
Action name. Can be used to reference the action. | string |
Yes | - | - |
type |
- | string |
No | - | - |
Status.actions[].body¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyActionBody defines nested fields for WebAppFirewallPolicy.Action.Body.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
jsonData |
- | string |
No | - | - |
template |
Dynamic response body | string |
No | - | - |
text |
Static response body text. | string |
No | - | - |
type |
- | string |
No | - | - |
Status.actions[].headers[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyActionHeader defines nested fields for WebAppFirewallPolicy.Action.Header.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
name |
The name of the header field. | string |
Yes | - | - |
value |
The value of the header field. | string |
Yes | - | - |
Status.requestAccessControl¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestAccessControl defines nested fields for WebAppFirewallPolicy.RequestAccessControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
defaultActionName |
References an default Action to take if no AccessControlRule was matched. Allowed action types: * ALLOW continues execution of other modules and their rules. * RETURN_HTTP_RESPONSE terminates further execution of modules and rules and returns defined HTTP response. | string |
Yes | - | - |
rules |
Ordered list of AccessControlRules. Rules are executed in order of appearance in this array. | list[object] |
No | - | - |
Status.requestAccessControl.rules[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestAccessControlRule defines nested fields for WebAppFirewallPolicy.RequestAccessControl.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
Status.requestProtection¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestProtection defines nested fields for WebAppFirewallPolicy.RequestProtection.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
bodyInspectionSizeLimitExceededActionName |
References action by name from actions defined in WebAppFirewallPolicy. Executed if HTTP message body size exceeds limit set in field bodyInspectionSizeLimitInBytes. If this field is null HTTP message body will inspected up to bodyInspectionSizeLimitInBytes and the rest will not be inspected by Protection Capabilities. Allowed action types: * RETURN_HTTP_RESPONSE terminates further execution of modules and rules and returns defined HTTP response. |
string |
No | - | - |
bodyInspectionSizeLimitInBytes |
Maximum size of inspected HTTP message body in bytes. Actions to take if this limit is exceeded are defined in bodyInspectionSizeLimitExceededActionName. Body inspection maximum size allowed is defined with per-tenancy limit: 8192 bytes. |
integer |
No | - | - |
rules |
Ordered list of ProtectionRules. Rules are executed in order of appearance in this array. ProtectionRules in this array can only use protection Capabilities of REQUEST_PROTECTION_CAPABILITY type. | list[object] |
No | - | - |
Status.requestProtection.rules[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestProtectionRule defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
isBodyInspectionEnabled |
Enables/disables body inspection for this protection rule. Only Protection Rules in RequestProtection can have this option enabled. Response body inspection will be available at a later date. | boolean |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
protectionCapabilities |
An ordered list that references OCI-managed protection capabilities. Referenced protection capabilities are not necessarily executed in order of appearance. Their execution order is decided at runtime for improved performance. The array cannot contain entries with the same pair of capability key and version more than once. | list[object] |
Yes | - | - |
protectionCapabilitySettings |
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapabilitySettings. | object |
No | - | - |
Status.requestProtection.rules[].protectionCapabilities[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestProtectionRuleProtectionCapability defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
Override action to take if capability was triggered, defined in Protection Rule for this capability. Only actions of type CHECK are allowed. | string |
No | - | - |
collaborativeActionThreshold |
The minimum sum of weights of associated collaborative protection capabilities that have triggered which must be reached in order for this capability to trigger. This field is ignored for non-collaborative capabilities. | integer |
No | - | - |
collaborativeWeights |
Explicit weight values to use for associated collaborative protection capabilities. | list[object] |
No | - | - |
exclusions |
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.Exclusions. | object |
No | - | - |
key |
Unique key of referenced protection capability. | string |
Yes | - | - |
version |
Version of referenced protection capability. | integer |
Yes | - | - |
Status.requestProtection.rules[].protectionCapabilities[].collaborativeWeights[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilityCollaborativeWeight defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.CollaborativeWeight.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
key |
Unique key of collaborative capability for which weight will be overridden. | string |
Yes | - | - |
weight |
The value of weight to set. | integer |
Yes | - | - |
Status.requestProtection.rules[].protectionCapabilities[].exclusions¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapability.Exclusions.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
args |
List of URL query parameter values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from inspecting. Example: If we have query parameter 'argumentName=argumentValue' and args=['argumentName'], both 'argumentName' and 'argumentValue' will not be inspected. | list[string] |
No | - | - |
requestCookies |
List of HTTP request cookie values (by cookie name) to exclude from inspecting. Example: If we have cookie 'cookieName=cookieValue' and requestCookies=['cookieName'], both 'cookieName' and 'cookieValue' will not be inspected. | list[string] |
No | - | - |
Status.requestProtection.rules[].protectionCapabilitySettings¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.RequestProtection.Rule.ProtectionCapabilitySettings.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
allowedHttpMethods |
List of allowed HTTP methods. Each value as a RFC7230 formated token string. Used in protection capability 911100: Restrict HTTP Request Methods. | list[string] |
No | - | - |
maxHttpRequestHeaderLength |
Maximum allowed length of headers in an HTTP request. Used in protection capability: 9200024: Limit length of request header size. | integer |
No | - | - |
maxHttpRequestHeaders |
Maximum number of headers allowed in an HTTP request. Used in protection capability 9200014: Limit Number of Request Headers. | integer |
No | - | - |
maxNumberOfArguments |
Maximum number of arguments allowed. Used in protection capability 920380: Number of Arguments Limits. | integer |
No | - | - |
maxSingleArgumentLength |
Maximum allowed length of a single argument. Used in protection capability 920370: Limit argument value length. | integer |
No | - | - |
maxTotalArgumentLength |
Maximum allowed total length of all arguments. Used in protection capability 920390: Limit arguments total length. | integer |
No | - | - |
Status.requestRateLimiting¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestRateLimiting defines nested fields for WebAppFirewallPolicy.RequestRateLimiting.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
rules |
Ordered list of RequestRateLimitingRules. Rules are executed in order of appearance in this array. | list[object] |
No | - | - |
Status.requestRateLimiting.rules[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestRateLimitingRule defines nested fields for WebAppFirewallPolicy.RequestRateLimiting.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
configurations |
Rate Limiting Configurations. Each configuration counts requests towards its own requestsLimit. |
list[object] |
Yes | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
Status.requestRateLimiting.rules[].configurations[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyRequestRateLimitingRuleConfiguration defines nested fields for WebAppFirewallPolicy.RequestRateLimiting.Rule.Configuration.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionDurationInSeconds |
Duration of block action application in seconds when requestsLimit is reached. Optional and can be 0 (no block duration). |
integer |
No | - | - |
periodInSeconds |
Evaluation period in seconds. | integer |
Yes | - | - |
requestsLimit |
Requests allowed per evaluation period. | integer |
Yes | - | - |
Status.responseAccessControl¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseAccessControl defines nested fields for WebAppFirewallPolicy.ResponseAccessControl.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
rules |
Ordered list of AccessControlRules. Rules are executed in order of appearance in this array. | list[object] |
No | - | - |
Status.responseAccessControl.rules[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseAccessControlRule defines nested fields for WebAppFirewallPolicy.ResponseAccessControl.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
Status.responseProtection¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseProtection defines nested fields for WebAppFirewallPolicy.ResponseProtection.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
rules |
Ordered list of ProtectionRules. Rules are executed in order of appearance in this array. ProtectionRules in this array can only use protection capabilities of RESPONSE_PROTECTION_CAPABILITY type. | list[object] |
No | - | - |
Status.responseProtection.rules[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseProtectionRule defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
References action by name from actions defined in WebAppFirewallPolicy. | string |
Yes | - | - |
condition |
An expression that determines whether or not the rule action should be executed. | string |
No | - | - |
conditionLanguage |
The language used to parse condition from field condition. Available languages: * JMESPATH an extended JMESPath language syntax. |
string |
No | - | - |
isBodyInspectionEnabled |
Enables/disables body inspection for this protection rule. Only Protection Rules in RequestProtection can have this option enabled. Response body inspection will be available at a later date. | boolean |
No | - | - |
name |
Rule name. Must be unique within the module. | string |
Yes | - | - |
protectionCapabilities |
An ordered list that references OCI-managed protection capabilities. Referenced protection capabilities are not necessarily executed in order of appearance. Their execution order is decided at runtime for improved performance. The array cannot contain entries with the same pair of capability key and version more than once. | list[object] |
Yes | - | - |
protectionCapabilitySettings |
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapabilitySettings. | object |
No | - | - |
Status.responseProtection.rules[].protectionCapabilities[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseProtectionRuleProtectionCapability defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
actionName |
Override action to take if capability was triggered, defined in Protection Rule for this capability. Only actions of type CHECK are allowed. | string |
No | - | - |
collaborativeActionThreshold |
The minimum sum of weights of associated collaborative protection capabilities that have triggered which must be reached in order for this capability to trigger. This field is ignored for non-collaborative capabilities. | integer |
No | - | - |
collaborativeWeights |
Explicit weight values to use for associated collaborative protection capabilities. | list[object] |
No | - | - |
exclusions |
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.Exclusions. | object |
No | - | - |
key |
Unique key of referenced protection capability. | string |
Yes | - | - |
version |
Version of referenced protection capability. | integer |
Yes | - | - |
Status.responseProtection.rules[].protectionCapabilities[].collaborativeWeights[]¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilityCollaborativeWeight defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.CollaborativeWeight.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
key |
Unique key of collaborative capability for which weight will be overridden. | string |
Yes | - | - |
weight |
The value of weight to set. | integer |
Yes | - | - |
Status.responseProtection.rules[].protectionCapabilities[].exclusions¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilityExclusions defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapability.Exclusions.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
args |
List of URL query parameter values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from inspecting. Example: If we have query parameter 'argumentName=argumentValue' and args=['argumentName'], both 'argumentName' and 'argumentValue' will not be inspected. | list[string] |
No | - | - |
requestCookies |
List of HTTP request cookie values (by cookie name) to exclude from inspecting. Example: If we have cookie 'cookieName=cookieValue' and requestCookies=['cookieName'], both 'cookieName' and 'cookieValue' will not be inspected. | list[string] |
No | - | - |
Status.responseProtection.rules[].protectionCapabilitySettings¶
Back to WebAppFirewallPolicy status
WebAppFirewallPolicyResponseProtectionRuleProtectionCapabilitySettings defines nested fields for WebAppFirewallPolicy.ResponseProtection.Rule.ProtectionCapabilitySettings.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
allowedHttpMethods |
List of allowed HTTP methods. Each value as a RFC7230 formated token string. Used in protection capability 911100: Restrict HTTP Request Methods. | list[string] |
No | - | - |
maxHttpRequestHeaderLength |
Maximum allowed length of headers in an HTTP request. Used in protection capability: 9200024: Limit length of request header size. | integer |
No | - | - |
maxHttpRequestHeaders |
Maximum number of headers allowed in an HTTP request. Used in protection capability 9200014: Limit Number of Request Headers. | integer |
No | - | - |
maxNumberOfArguments |
Maximum number of arguments allowed. Used in protection capability 920380: Number of Arguments Limits. | integer |
No | - | - |
maxSingleArgumentLength |
Maximum allowed length of a single argument. Used in protection capability 920370: Limit argument value length. | integer |
No | - | - |
maxTotalArgumentLength |
Maximum allowed total length of all arguments. Used in protection capability 920390: Limit arguments total length. | integer |
No | - | - |
Status.status¶
Back to WebAppFirewallPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
async |
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first. | object |
No | - | - |
conditions |
- | list[object] |
No | - | - |
createdAt |
- | string (date-time) |
No | - | - |
deletedAt |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
ocid |
- | string |
No | - | - |
opcRequestId |
OpcRequestID is the latest non-empty OCI request ID from a mutating OCI response or surfaced OCI service error that materially contributed to the current shared status projection. Headerless follow-up observations keep the last non-empty value intact. | string |
No | - | - |
reason |
- | string |
No | - | - |
requestedAt |
- | string (date-time) |
No | - | - |
updatedAt |
- | string (date-time) |
No | - | - |
Status.status.async¶
Back to WebAppFirewallPolicy status
Async is the canonical controller-owned async contract. Resource-local legacy work-request fields may remain as compatibility mirrors while follow-on migrations land, but new async state should project here first.
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
current |
- | object |
No | - | - |
Status.status.async.current¶
Back to WebAppFirewallPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
message |
- | string |
No | - | - |
normalizedClass |
- | string |
Yes | - | attention, canceled, failed, pending, succeeded, unknown |
percentComplete |
- | number |
No | - | - |
phase |
- | string |
Yes | - | create, delete, update |
rawOperationType |
- | string |
No | - | - |
rawStatus |
- | string |
No | - | - |
source |
- | string |
Yes | - | lifecycle, none, workrequest |
updatedAt |
- | string (date-time) |
Yes | - | - |
workRequestId |
- | string |
No | - | - |
Status.status.conditions[]¶
Back to WebAppFirewallPolicy status
| Field | Description | Type | Required | Default | Enum |
|---|---|---|---|---|---|
lastTransitionTime |
- | string (date-time) |
No | - | - |
message |
- | string |
No | - | - |
reason |
- | string |
No | - | - |
status |
- | string |
Yes | - | - |
type |
- | string |
Yes | - | - |