Docs Home
tencentcloud 1.81.183 published on Wednesday, Apr 16, 2025 by tencentcloudstack
tencentcloud.TeoSecurityPolicyConfig
Explore with Pulumi AI
tencentcloud 1.81.183 published on Wednesday, Apr 16, 2025 by tencentcloudstack
Provides a resource to create a teo security policy
NOTE: If the user’s EO version is the personal version,
managed_rule_groupsneeds to set one; If the user’s EO version is a non personal version,managed_rule_groupsneeds to set 17. If the user does not set themanaged_rule_groupsparameter, the system will generate it by default.
Example Usage
If entity is ZoneDefaultPolicy
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.TeoSecurityPolicyConfig("example", {
entity: "ZoneDefaultPolicy",
securityPolicy: {
customRules: {
rules: [
{
action: {
blockIpActionParameters: {
duration: "120s",
},
name: "BlockIP",
},
condition: "${http.request.host} contain ['abc']",
enabled: "on",
name: "rule1",
priority: 50,
ruleType: "PreciseMatchRule",
},
{
action: {
name: "Deny",
},
condition: "${http.request.ip} in ['119.28.103.58']",
enabled: "off",
id: "2182252647",
name: "rule2",
ruleType: "BasicAccessRule",
},
],
},
managedRules: {
autoUpdate: {
autoUpdateToLatestVersion: "off",
},
detectionOnly: "off",
enabled: "on",
managedRuleGroups: [
{
action: {
name: "Deny",
},
groupId: "wafgroup-webshell-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-xxe-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-non-compliant-protocol-usages",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-file-upload-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-command-and-code-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ldap-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ssrf-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-unauthorized-accesses",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-xss-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-vulnerability-scanners",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-cms-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-other-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-sql-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-unauthorized-file-accesses",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-oa-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ssti-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-shiro-vulnerabilities",
sensitivityLevel: "strict",
},
],
semanticAnalysis: "off",
},
},
zoneId: "zone-37u62pwxfo8s",
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.TeoSecurityPolicyConfig("example",
entity="ZoneDefaultPolicy",
security_policy={
"custom_rules": {
"rules": [
{
"action": {
"block_ip_action_parameters": {
"duration": "120s",
},
"name": "BlockIP",
},
"condition": "${http.request.host} contain ['abc']",
"enabled": "on",
"name": "rule1",
"priority": 50,
"rule_type": "PreciseMatchRule",
},
{
"action": {
"name": "Deny",
},
"condition": "${http.request.ip} in ['119.28.103.58']",
"enabled": "off",
"id": "2182252647",
"name": "rule2",
"rule_type": "BasicAccessRule",
},
],
},
"managed_rules": {
"auto_update": {
"auto_update_to_latest_version": "off",
},
"detection_only": "off",
"enabled": "on",
"managed_rule_groups": [
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-webshell-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-xxe-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-non-compliant-protocol-usages",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-file-upload-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-command-and-code-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ldap-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ssrf-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-unauthorized-accesses",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-xss-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-vulnerability-scanners",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-cms-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-other-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-sql-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-unauthorized-file-accesses",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-oa-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ssti-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-shiro-vulnerabilities",
"sensitivity_level": "strict",
},
],
"semantic_analysis": "off",
},
},
zone_id="zone-37u62pwxfo8s")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewTeoSecurityPolicyConfig(ctx, "example", &tencentcloud.TeoSecurityPolicyConfigArgs{
Entity: pulumi.String("ZoneDefaultPolicy"),
SecurityPolicy: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyArgs{
CustomRules: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs{
Rules: tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArray{
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs{
BlockIpActionParameters: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs{
Duration: pulumi.String("120s"),
},
Name: pulumi.String("BlockIP"),
},
Condition: pulumi.String("${http.request.host} contain ['abc']"),
Enabled: pulumi.String("on"),
Name: pulumi.String("rule1"),
Priority: pulumi.Float64(50),
RuleType: pulumi.String("PreciseMatchRule"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs{
Name: pulumi.String("Deny"),
},
Condition: pulumi.String("${http.request.ip} in ['119.28.103.58']"),
Enabled: pulumi.String("off"),
Id: pulumi.String("2182252647"),
Name: pulumi.String("rule2"),
RuleType: pulumi.String("BasicAccessRule"),
},
},
},
ManagedRules: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs{
AutoUpdate: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs{
AutoUpdateToLatestVersion: pulumi.String("off"),
},
DetectionOnly: pulumi.String("off"),
Enabled: pulumi.String("on"),
ManagedRuleGroups: tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArray{
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-webshell-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-xxe-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-non-compliant-protocol-usages"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-file-upload-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-command-and-code-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ldap-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ssrf-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-unauthorized-accesses"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-xss-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-vulnerability-scanners"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-cms-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-other-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-sql-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-unauthorized-file-accesses"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-oa-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ssti-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-shiro-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
},
SemanticAnalysis: pulumi.String("off"),
},
},
ZoneId: pulumi.String("zone-37u62pwxfo8s"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.TeoSecurityPolicyConfig("example", new()
{
Entity = "ZoneDefaultPolicy",
SecurityPolicy = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyArgs
{
CustomRules = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs
{
Rules = new[]
{
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
{
BlockIpActionParameters = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs
{
Duration = "120s",
},
Name = "BlockIP",
},
Condition = "${http.request.host} contain ['abc']",
Enabled = "on",
Name = "rule1",
Priority = 50,
RuleType = "PreciseMatchRule",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
{
Name = "Deny",
},
Condition = "${http.request.ip} in ['119.28.103.58']",
Enabled = "off",
Id = "2182252647",
Name = "rule2",
RuleType = "BasicAccessRule",
},
},
},
ManagedRules = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs
{
AutoUpdate = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs
{
AutoUpdateToLatestVersion = "off",
},
DetectionOnly = "off",
Enabled = "on",
ManagedRuleGroups = new[]
{
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-webshell-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-xxe-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-non-compliant-protocol-usages",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-file-upload-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-command-and-code-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ldap-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ssrf-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-unauthorized-accesses",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-xss-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-vulnerability-scanners",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-cms-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-other-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-sql-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-unauthorized-file-accesses",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-oa-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ssti-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-shiro-vulnerabilities",
SensitivityLevel = "strict",
},
},
SemanticAnalysis = "off",
},
},
ZoneId = "zone-37u62pwxfo8s",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.TeoSecurityPolicyConfig;
import com.pulumi.tencentcloud.TeoSecurityPolicyConfigArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TeoSecurityPolicyConfig("example", TeoSecurityPolicyConfigArgs.builder()
.entity("ZoneDefaultPolicy")
.securityPolicy(TeoSecurityPolicyConfigSecurityPolicyArgs.builder()
.customRules(TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs.builder()
.rules(
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs.builder()
.blockIpActionParameters(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs.builder()
.duration("120s")
.build())
.name("BlockIP")
.build())
.condition("${http.request.host} contain ['abc']")
.enabled("on")
.name("rule1")
.priority(50)
.ruleType("PreciseMatchRule")
.build(),
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs.builder()
.name("Deny")
.build())
.condition("${http.request.ip} in ['119.28.103.58']")
.enabled("off")
.id("2182252647")
.name("rule2")
.ruleType("BasicAccessRule")
.build())
.build())
.managedRules(TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs.builder()
.autoUpdate(TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs.builder()
.autoUpdateToLatestVersion("off")
.build())
.detectionOnly("off")
.enabled("on")
.managedRuleGroups(
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-webshell-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-xxe-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-non-compliant-protocol-usages")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-file-upload-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-command-and-code-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ldap-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ssrf-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-unauthorized-accesses")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-xss-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-vulnerability-scanners")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-cms-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-other-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-sql-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-unauthorized-file-accesses")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-oa-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ssti-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-shiro-vulnerabilities")
.sensitivityLevel("strict")
.build())
.semanticAnalysis("off")
.build())
.build())
.zoneId("zone-37u62pwxfo8s")
.build());
}
}
resources:
example:
type: tencentcloud:TeoSecurityPolicyConfig
properties:
entity: ZoneDefaultPolicy
securityPolicy:
customRules:
rules:
- action:
blockIpActionParameters:
duration: 120s
name: BlockIP
condition: $${http.request.host} contain ['abc']
enabled: on
name: rule1
priority: 50
ruleType: PreciseMatchRule
- action:
name: Deny
condition: $${http.request.ip} in ['119.28.103.58']
enabled: off
id: '2182252647'
name: rule2
ruleType: BasicAccessRule
managedRules:
autoUpdate:
autoUpdateToLatestVersion: off
detectionOnly: off
enabled: on
managedRuleGroups:
- action:
name: Deny
groupId: wafgroup-webshell-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-xxe-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-non-compliant-protocol-usages
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-file-upload-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-command-and-code-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ldap-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ssrf-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-unauthorized-accesses
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-xss-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-vulnerability-scanners
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-cms-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-other-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-sql-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-unauthorized-file-accesses
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-oa-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ssti-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-shiro-vulnerabilities
sensitivityLevel: strict
semanticAnalysis: off
zoneId: zone-37u62pwxfo8s
If entity is Host
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.TeoSecurityPolicyConfig("example", {
entity: "Host",
host: "www.example.com",
securityPolicy: {
customRules: {
rules: [
{
action: {
blockIpActionParameters: {
duration: "120s",
},
name: "BlockIP",
},
condition: "${http.request.host} contain ['abc']",
enabled: "on",
name: "rule1",
priority: 50,
ruleType: "PreciseMatchRule",
},
{
action: {
name: "Deny",
},
condition: "${http.request.ip} in ['119.28.103.58']",
enabled: "off",
id: "2182252647",
name: "rule2",
ruleType: "BasicAccessRule",
},
],
},
managedRules: {
autoUpdate: {
autoUpdateToLatestVersion: "off",
},
detectionOnly: "off",
enabled: "on",
managedRuleGroups: [
{
action: {
name: "Deny",
},
groupId: "wafgroup-webshell-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-xxe-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-non-compliant-protocol-usages",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-file-upload-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-command-and-code-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ldap-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ssrf-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-unauthorized-accesses",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-xss-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-vulnerability-scanners",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-cms-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-other-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-sql-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-unauthorized-file-accesses",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-oa-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ssti-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-shiro-vulnerabilities",
sensitivityLevel: "strict",
},
],
semanticAnalysis: "off",
},
},
zoneId: "zone-37u62pwxfo8s",
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.TeoSecurityPolicyConfig("example",
entity="Host",
host="www.example.com",
security_policy={
"custom_rules": {
"rules": [
{
"action": {
"block_ip_action_parameters": {
"duration": "120s",
},
"name": "BlockIP",
},
"condition": "${http.request.host} contain ['abc']",
"enabled": "on",
"name": "rule1",
"priority": 50,
"rule_type": "PreciseMatchRule",
},
{
"action": {
"name": "Deny",
},
"condition": "${http.request.ip} in ['119.28.103.58']",
"enabled": "off",
"id": "2182252647",
"name": "rule2",
"rule_type": "BasicAccessRule",
},
],
},
"managed_rules": {
"auto_update": {
"auto_update_to_latest_version": "off",
},
"detection_only": "off",
"enabled": "on",
"managed_rule_groups": [
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-webshell-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-xxe-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-non-compliant-protocol-usages",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-file-upload-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-command-and-code-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ldap-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ssrf-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-unauthorized-accesses",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-xss-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-vulnerability-scanners",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-cms-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-other-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-sql-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-unauthorized-file-accesses",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-oa-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ssti-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-shiro-vulnerabilities",
"sensitivity_level": "strict",
},
],
"semantic_analysis": "off",
},
},
zone_id="zone-37u62pwxfo8s")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewTeoSecurityPolicyConfig(ctx, "example", &tencentcloud.TeoSecurityPolicyConfigArgs{
Entity: pulumi.String("Host"),
Host: pulumi.String("www.example.com"),
SecurityPolicy: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyArgs{
CustomRules: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs{
Rules: tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArray{
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs{
BlockIpActionParameters: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs{
Duration: pulumi.String("120s"),
},
Name: pulumi.String("BlockIP"),
},
Condition: pulumi.String("${http.request.host} contain ['abc']"),
Enabled: pulumi.String("on"),
Name: pulumi.String("rule1"),
Priority: pulumi.Float64(50),
RuleType: pulumi.String("PreciseMatchRule"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs{
Name: pulumi.String("Deny"),
},
Condition: pulumi.String("${http.request.ip} in ['119.28.103.58']"),
Enabled: pulumi.String("off"),
Id: pulumi.String("2182252647"),
Name: pulumi.String("rule2"),
RuleType: pulumi.String("BasicAccessRule"),
},
},
},
ManagedRules: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs{
AutoUpdate: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs{
AutoUpdateToLatestVersion: pulumi.String("off"),
},
DetectionOnly: pulumi.String("off"),
Enabled: pulumi.String("on"),
ManagedRuleGroups: tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArray{
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-webshell-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-xxe-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-non-compliant-protocol-usages"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-file-upload-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-command-and-code-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ldap-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ssrf-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-unauthorized-accesses"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-xss-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-vulnerability-scanners"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-cms-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-other-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-sql-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-unauthorized-file-accesses"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-oa-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ssti-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-shiro-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
},
SemanticAnalysis: pulumi.String("off"),
},
},
ZoneId: pulumi.String("zone-37u62pwxfo8s"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.TeoSecurityPolicyConfig("example", new()
{
Entity = "Host",
Host = "www.example.com",
SecurityPolicy = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyArgs
{
CustomRules = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs
{
Rules = new[]
{
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
{
BlockIpActionParameters = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs
{
Duration = "120s",
},
Name = "BlockIP",
},
Condition = "${http.request.host} contain ['abc']",
Enabled = "on",
Name = "rule1",
Priority = 50,
RuleType = "PreciseMatchRule",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
{
Name = "Deny",
},
Condition = "${http.request.ip} in ['119.28.103.58']",
Enabled = "off",
Id = "2182252647",
Name = "rule2",
RuleType = "BasicAccessRule",
},
},
},
ManagedRules = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs
{
AutoUpdate = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs
{
AutoUpdateToLatestVersion = "off",
},
DetectionOnly = "off",
Enabled = "on",
ManagedRuleGroups = new[]
{
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-webshell-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-xxe-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-non-compliant-protocol-usages",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-file-upload-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-command-and-code-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ldap-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ssrf-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-unauthorized-accesses",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-xss-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-vulnerability-scanners",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-cms-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-other-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-sql-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-unauthorized-file-accesses",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-oa-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ssti-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-shiro-vulnerabilities",
SensitivityLevel = "strict",
},
},
SemanticAnalysis = "off",
},
},
ZoneId = "zone-37u62pwxfo8s",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.TeoSecurityPolicyConfig;
import com.pulumi.tencentcloud.TeoSecurityPolicyConfigArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TeoSecurityPolicyConfig("example", TeoSecurityPolicyConfigArgs.builder()
.entity("Host")
.host("www.example.com")
.securityPolicy(TeoSecurityPolicyConfigSecurityPolicyArgs.builder()
.customRules(TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs.builder()
.rules(
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs.builder()
.blockIpActionParameters(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs.builder()
.duration("120s")
.build())
.name("BlockIP")
.build())
.condition("${http.request.host} contain ['abc']")
.enabled("on")
.name("rule1")
.priority(50)
.ruleType("PreciseMatchRule")
.build(),
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs.builder()
.name("Deny")
.build())
.condition("${http.request.ip} in ['119.28.103.58']")
.enabled("off")
.id("2182252647")
.name("rule2")
.ruleType("BasicAccessRule")
.build())
.build())
.managedRules(TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs.builder()
.autoUpdate(TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs.builder()
.autoUpdateToLatestVersion("off")
.build())
.detectionOnly("off")
.enabled("on")
.managedRuleGroups(
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-webshell-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-xxe-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-non-compliant-protocol-usages")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-file-upload-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-command-and-code-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ldap-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ssrf-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-unauthorized-accesses")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-xss-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-vulnerability-scanners")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-cms-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-other-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-sql-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-unauthorized-file-accesses")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-oa-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ssti-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-shiro-vulnerabilities")
.sensitivityLevel("strict")
.build())
.semanticAnalysis("off")
.build())
.build())
.zoneId("zone-37u62pwxfo8s")
.build());
}
}
resources:
example:
type: tencentcloud:TeoSecurityPolicyConfig
properties:
entity: Host
host: www.example.com
securityPolicy:
customRules:
rules:
- action:
blockIpActionParameters:
duration: 120s
name: BlockIP
condition: $${http.request.host} contain ['abc']
enabled: on
name: rule1
priority: 50
ruleType: PreciseMatchRule
- action:
name: Deny
condition: $${http.request.ip} in ['119.28.103.58']
enabled: off
id: '2182252647'
name: rule2
ruleType: BasicAccessRule
managedRules:
autoUpdate:
autoUpdateToLatestVersion: off
detectionOnly: off
enabled: on
managedRuleGroups:
- action:
name: Deny
groupId: wafgroup-webshell-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-xxe-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-non-compliant-protocol-usages
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-file-upload-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-command-and-code-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ldap-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ssrf-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-unauthorized-accesses
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-xss-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-vulnerability-scanners
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-cms-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-other-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-sql-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-unauthorized-file-accesses
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-oa-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ssti-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-shiro-vulnerabilities
sensitivityLevel: strict
semanticAnalysis: off
zoneId: zone-37u62pwxfo8s
If entity is Template
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.TeoSecurityPolicyConfig("example", {
entity: "Template",
securityPolicy: {
customRules: {
rules: [
{
action: {
blockIpActionParameters: {
duration: "120s",
},
name: "BlockIP",
},
condition: "${http.request.host} contain ['abc']",
enabled: "on",
name: "rule1",
priority: 50,
ruleType: "PreciseMatchRule",
},
{
action: {
name: "Deny",
},
condition: "${http.request.ip} in ['119.28.103.58']",
enabled: "off",
id: "2182252647",
name: "rule2",
ruleType: "BasicAccessRule",
},
],
},
managedRules: {
autoUpdate: {
autoUpdateToLatestVersion: "off",
},
detectionOnly: "off",
enabled: "on",
managedRuleGroups: [
{
action: {
name: "Deny",
},
groupId: "wafgroup-webshell-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-xxe-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-non-compliant-protocol-usages",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-file-upload-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-command-and-code-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ldap-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ssrf-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-unauthorized-accesses",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-xss-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-vulnerability-scanners",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-cms-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-other-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-sql-injections",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-unauthorized-file-accesses",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-oa-vulnerabilities",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-ssti-attacks",
sensitivityLevel: "strict",
},
{
action: {
name: "Deny",
},
groupId: "wafgroup-shiro-vulnerabilities",
sensitivityLevel: "strict",
},
],
semanticAnalysis: "off",
},
},
templateId: "temp-05dtxkyw",
zoneId: "zone-37u62pwxfo8s",
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.TeoSecurityPolicyConfig("example",
entity="Template",
security_policy={
"custom_rules": {
"rules": [
{
"action": {
"block_ip_action_parameters": {
"duration": "120s",
},
"name": "BlockIP",
},
"condition": "${http.request.host} contain ['abc']",
"enabled": "on",
"name": "rule1",
"priority": 50,
"rule_type": "PreciseMatchRule",
},
{
"action": {
"name": "Deny",
},
"condition": "${http.request.ip} in ['119.28.103.58']",
"enabled": "off",
"id": "2182252647",
"name": "rule2",
"rule_type": "BasicAccessRule",
},
],
},
"managed_rules": {
"auto_update": {
"auto_update_to_latest_version": "off",
},
"detection_only": "off",
"enabled": "on",
"managed_rule_groups": [
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-webshell-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-xxe-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-non-compliant-protocol-usages",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-file-upload-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-command-and-code-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ldap-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ssrf-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-unauthorized-accesses",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-xss-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-vulnerability-scanners",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-cms-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-other-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-sql-injections",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-unauthorized-file-accesses",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-oa-vulnerabilities",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-ssti-attacks",
"sensitivity_level": "strict",
},
{
"action": {
"name": "Deny",
},
"group_id": "wafgroup-shiro-vulnerabilities",
"sensitivity_level": "strict",
},
],
"semantic_analysis": "off",
},
},
template_id="temp-05dtxkyw",
zone_id="zone-37u62pwxfo8s")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewTeoSecurityPolicyConfig(ctx, "example", &tencentcloud.TeoSecurityPolicyConfigArgs{
Entity: pulumi.String("Template"),
SecurityPolicy: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyArgs{
CustomRules: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs{
Rules: tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArray{
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs{
BlockIpActionParameters: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs{
Duration: pulumi.String("120s"),
},
Name: pulumi.String("BlockIP"),
},
Condition: pulumi.String("${http.request.host} contain ['abc']"),
Enabled: pulumi.String("on"),
Name: pulumi.String("rule1"),
Priority: pulumi.Float64(50),
RuleType: pulumi.String("PreciseMatchRule"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs{
Name: pulumi.String("Deny"),
},
Condition: pulumi.String("${http.request.ip} in ['119.28.103.58']"),
Enabled: pulumi.String("off"),
Id: pulumi.String("2182252647"),
Name: pulumi.String("rule2"),
RuleType: pulumi.String("BasicAccessRule"),
},
},
},
ManagedRules: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs{
AutoUpdate: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs{
AutoUpdateToLatestVersion: pulumi.String("off"),
},
DetectionOnly: pulumi.String("off"),
Enabled: pulumi.String("on"),
ManagedRuleGroups: tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArray{
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-webshell-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-xxe-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-non-compliant-protocol-usages"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-file-upload-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-command-and-code-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ldap-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ssrf-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-unauthorized-accesses"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-xss-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-vulnerability-scanners"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-cms-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-other-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-sql-injections"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-unauthorized-file-accesses"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-oa-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-ssti-attacks"),
SensitivityLevel: pulumi.String("strict"),
},
&tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs{
Action: &tencentcloud.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs{
Name: pulumi.String("Deny"),
},
GroupId: pulumi.String("wafgroup-shiro-vulnerabilities"),
SensitivityLevel: pulumi.String("strict"),
},
},
SemanticAnalysis: pulumi.String("off"),
},
},
TemplateId: pulumi.String("temp-05dtxkyw"),
ZoneId: pulumi.String("zone-37u62pwxfo8s"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.TeoSecurityPolicyConfig("example", new()
{
Entity = "Template",
SecurityPolicy = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyArgs
{
CustomRules = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs
{
Rules = new[]
{
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
{
BlockIpActionParameters = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs
{
Duration = "120s",
},
Name = "BlockIP",
},
Condition = "${http.request.host} contain ['abc']",
Enabled = "on",
Name = "rule1",
Priority = 50,
RuleType = "PreciseMatchRule",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
{
Name = "Deny",
},
Condition = "${http.request.ip} in ['119.28.103.58']",
Enabled = "off",
Id = "2182252647",
Name = "rule2",
RuleType = "BasicAccessRule",
},
},
},
ManagedRules = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs
{
AutoUpdate = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs
{
AutoUpdateToLatestVersion = "off",
},
DetectionOnly = "off",
Enabled = "on",
ManagedRuleGroups = new[]
{
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-webshell-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-xxe-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-non-compliant-protocol-usages",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-file-upload-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-command-and-code-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ldap-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ssrf-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-unauthorized-accesses",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-xss-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-vulnerability-scanners",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-cms-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-other-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-sql-injections",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-unauthorized-file-accesses",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-oa-vulnerabilities",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-ssti-attacks",
SensitivityLevel = "strict",
},
new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
{
Action = new Tencentcloud.Inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
{
Name = "Deny",
},
GroupId = "wafgroup-shiro-vulnerabilities",
SensitivityLevel = "strict",
},
},
SemanticAnalysis = "off",
},
},
TemplateId = "temp-05dtxkyw",
ZoneId = "zone-37u62pwxfo8s",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.TeoSecurityPolicyConfig;
import com.pulumi.tencentcloud.TeoSecurityPolicyConfigArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs;
import com.pulumi.tencentcloud.inputs.TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TeoSecurityPolicyConfig("example", TeoSecurityPolicyConfigArgs.builder()
.entity("Template")
.securityPolicy(TeoSecurityPolicyConfigSecurityPolicyArgs.builder()
.customRules(TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs.builder()
.rules(
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs.builder()
.blockIpActionParameters(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs.builder()
.duration("120s")
.build())
.name("BlockIP")
.build())
.condition("${http.request.host} contain ['abc']")
.enabled("on")
.name("rule1")
.priority(50)
.ruleType("PreciseMatchRule")
.build(),
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs.builder()
.name("Deny")
.build())
.condition("${http.request.ip} in ['119.28.103.58']")
.enabled("off")
.id("2182252647")
.name("rule2")
.ruleType("BasicAccessRule")
.build())
.build())
.managedRules(TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs.builder()
.autoUpdate(TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs.builder()
.autoUpdateToLatestVersion("off")
.build())
.detectionOnly("off")
.enabled("on")
.managedRuleGroups(
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-webshell-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-xxe-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-non-compliant-protocol-usages")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-file-upload-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-command-and-code-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ldap-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ssrf-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-unauthorized-accesses")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-xss-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-vulnerability-scanners")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-cms-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-other-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-sql-injections")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-unauthorized-file-accesses")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-oa-vulnerabilities")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-ssti-attacks")
.sensitivityLevel("strict")
.build(),
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs.builder()
.action(TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs.builder()
.name("Deny")
.build())
.groupId("wafgroup-shiro-vulnerabilities")
.sensitivityLevel("strict")
.build())
.semanticAnalysis("off")
.build())
.build())
.templateId("temp-05dtxkyw")
.zoneId("zone-37u62pwxfo8s")
.build());
}
}
resources:
example:
type: tencentcloud:TeoSecurityPolicyConfig
properties:
entity: Template
securityPolicy:
customRules:
rules:
- action:
blockIpActionParameters:
duration: 120s
name: BlockIP
condition: $${http.request.host} contain ['abc']
enabled: on
name: rule1
priority: 50
ruleType: PreciseMatchRule
- action:
name: Deny
condition: $${http.request.ip} in ['119.28.103.58']
enabled: off
id: '2182252647'
name: rule2
ruleType: BasicAccessRule
managedRules:
autoUpdate:
autoUpdateToLatestVersion: off
detectionOnly: off
enabled: on
managedRuleGroups:
- action:
name: Deny
groupId: wafgroup-webshell-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-xxe-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-non-compliant-protocol-usages
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-file-upload-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-command-and-code-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ldap-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ssrf-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-unauthorized-accesses
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-xss-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-vulnerability-scanners
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-cms-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-other-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-sql-injections
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-unauthorized-file-accesses
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-oa-vulnerabilities
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-ssti-attacks
sensitivityLevel: strict
- action:
name: Deny
groupId: wafgroup-shiro-vulnerabilities
sensitivityLevel: strict
semanticAnalysis: off
templateId: temp-05dtxkyw
zoneId: zone-37u62pwxfo8s
Create TeoSecurityPolicyConfig Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TeoSecurityPolicyConfig(name: string, args: TeoSecurityPolicyConfigArgs, opts?: CustomResourceOptions);@overload
def TeoSecurityPolicyConfig(resource_name: str,
args: TeoSecurityPolicyConfigArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TeoSecurityPolicyConfig(resource_name: str,
opts: Optional[ResourceOptions] = None,
zone_id: Optional[str] = None,
entity: Optional[str] = None,
host: Optional[str] = None,
security_policy: Optional[TeoSecurityPolicyConfigSecurityPolicyArgs] = None,
template_id: Optional[str] = None,
teo_security_policy_config_id: Optional[str] = None)func NewTeoSecurityPolicyConfig(ctx *Context, name string, args TeoSecurityPolicyConfigArgs, opts ...ResourceOption) (*TeoSecurityPolicyConfig, error)public TeoSecurityPolicyConfig(string name, TeoSecurityPolicyConfigArgs args, CustomResourceOptions? opts = null)public TeoSecurityPolicyConfig(String name, TeoSecurityPolicyConfigArgs args)
public TeoSecurityPolicyConfig(String name, TeoSecurityPolicyConfigArgs args, CustomResourceOptions options)
type: tencentcloud:TeoSecurityPolicyConfig
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. TeoSecurityPolicyConfigArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. TeoSecurityPolicyConfigArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. TeoSecurityPolicyConfigArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. TeoSecurityPolicyConfigArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. TeoSecurityPolicyConfigArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
TeoSecurityPolicyConfig Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TeoSecurityPolicyConfig resource accepts the following input properties:
- Zone
Id This property is required. string - Zone ID.
- Entity string
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- Host string
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- Security
Policy TeoSecurity Policy Config Security Policy - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- Template
Id string - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- Teo
Security stringPolicy Config Id - ID of the resource.
- Zone
Id This property is required. string - Zone ID.
- Entity string
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- Host string
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- Security
Policy TeoSecurity Policy Config Security Policy Args - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- Template
Id string - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- Teo
Security stringPolicy Config Id - ID of the resource.
- zone
Id This property is required. String - Zone ID.
- entity String
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host String
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security
Policy TeoSecurity Policy Config Security Policy - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template
Id String - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo
Security StringPolicy Config Id - ID of the resource.
- zone
Id This property is required. string - Zone ID.
- entity string
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host string
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security
Policy TeoSecurity Policy Config Security Policy - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template
Id string - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo
Security stringPolicy Config Id - ID of the resource.
- zone_
id This property is required. str - Zone ID.
- entity str
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host str
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security_
policy TeoSecurity Policy Config Security Policy Args - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template_
id str - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo_
security_ strpolicy_ config_ id - ID of the resource.
- zone
Id This property is required. String - Zone ID.
- entity String
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host String
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security
Policy Property Map - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template
Id String - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo
Security StringPolicy Config Id - ID of the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the TeoSecurityPolicyConfig resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing TeoSecurityPolicyConfig Resource
Get an existing TeoSecurityPolicyConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TeoSecurityPolicyConfigState, opts?: CustomResourceOptions): TeoSecurityPolicyConfig@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
entity: Optional[str] = None,
host: Optional[str] = None,
security_policy: Optional[TeoSecurityPolicyConfigSecurityPolicyArgs] = None,
template_id: Optional[str] = None,
teo_security_policy_config_id: Optional[str] = None,
zone_id: Optional[str] = None) -> TeoSecurityPolicyConfigfunc GetTeoSecurityPolicyConfig(ctx *Context, name string, id IDInput, state *TeoSecurityPolicyConfigState, opts ...ResourceOption) (*TeoSecurityPolicyConfig, error)public static TeoSecurityPolicyConfig Get(string name, Input<string> id, TeoSecurityPolicyConfigState? state, CustomResourceOptions? opts = null)public static TeoSecurityPolicyConfig get(String name, Output<String> id, TeoSecurityPolicyConfigState state, CustomResourceOptions options)resources: _: type: tencentcloud:TeoSecurityPolicyConfig get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Entity string
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- Host string
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- Security
Policy TeoSecurity Policy Config Security Policy - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- Template
Id string - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- Teo
Security stringPolicy Config Id - ID of the resource.
- Zone
Id string - Zone ID.
- Entity string
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- Host string
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- Security
Policy TeoSecurity Policy Config Security Policy Args - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- Template
Id string - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- Teo
Security stringPolicy Config Id - ID of the resource.
- Zone
Id string - Zone ID.
- entity String
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host String
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security
Policy TeoSecurity Policy Config Security Policy - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template
Id String - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo
Security StringPolicy Config Id - ID of the resource.
- zone
Id String - Zone ID.
- entity string
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host string
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security
Policy TeoSecurity Policy Config Security Policy - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template
Id string - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo
Security stringPolicy Config Id - ID of the resource.
- zone
Id string - Zone ID.
- entity str
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host str
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security_
policy TeoSecurity Policy Config Security Policy Args - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template_
id str - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo_
security_ strpolicy_ config_ id - ID of the resource.
- zone_
id str - Zone ID.
- entity String
- Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..
- host String
- Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.
- security
Policy Property Map - Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
- template
Id String - Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
- teo
Security StringPolicy Config Id - ID of the resource.
- zone
Id String - Zone ID.
Supporting Types
TeoSecurityPolicyConfigSecurityPolicy, TeoSecurityPolicyConfigSecurityPolicyArgs
, TeoSecurityPolicyConfigSecurityPolicyArgs
- Custom
Rules TeoSecurity Policy Config Security Policy Custom Rules - Custom rule configuration.
- Managed
Rules TeoSecurity Policy Config Security Policy Managed Rules - Managed rule configuration.
- Custom
Rules TeoSecurity Policy Config Security Policy Custom Rules - Custom rule configuration.
- Managed
Rules TeoSecurity Policy Config Security Policy Managed Rules - Managed rule configuration.
- custom
Rules TeoSecurity Policy Config Security Policy Custom Rules - Custom rule configuration.
- managed
Rules TeoSecurity Policy Config Security Policy Managed Rules - Managed rule configuration.
- custom
Rules TeoSecurity Policy Config Security Policy Custom Rules - Custom rule configuration.
- managed
Rules TeoSecurity Policy Config Security Policy Managed Rules - Managed rule configuration.
- custom_
rules TeoSecurity Policy Config Security Policy Custom Rules - Custom rule configuration.
- managed_
rules TeoSecurity Policy Config Security Policy Managed Rules - Managed rule configuration.
- custom
Rules Property Map - Custom rule configuration.
- managed
Rules Property Map - Managed rule configuration.
TeoSecurityPolicyConfigSecurityPolicyCustomRules, TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs
, TeoSecurityPolicyConfigSecurityPolicyCustomRulesArgs
- Rules
List<Teo
Security Policy Config Security Policy Custom Rules Rule> - List of custom rule definitions. when modifying the Web protection configuration using ModifySecurityPolicy: - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
- Rules
[]Teo
Security Policy Config Security Policy Custom Rules Rule - List of custom rule definitions. when modifying the Web protection configuration using ModifySecurityPolicy: - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
- rules
List<Teo
Security Policy Config Security Policy Custom Rules Rule> - List of custom rule definitions. when modifying the Web protection configuration using ModifySecurityPolicy: - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
- rules
Teo
Security Policy Config Security Policy Custom Rules Rule[] - List of custom rule definitions. when modifying the Web protection configuration using ModifySecurityPolicy: - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
- rules
Sequence[Teo
Security Policy Config Security Policy Custom Rules Rule] - List of custom rule definitions. when modifying the Web protection configuration using ModifySecurityPolicy: - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
- rules List<Property Map>
- List of custom rule definitions. when modifying the Web protection configuration using ModifySecurityPolicy: - if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations. - if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRule, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleArgs
- Action
This property is required. TeoSecurity Policy Config Security Policy Custom Rules Rule Action - Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
- Condition
This property is required. string - The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.
- Enabled
This property is required. string - Indicates whether the custom rule is enabled. valid values: on: enabled off: disabled.
- Name
This property is required. string - The name of the custom rule.
- Id string
- The ID of a custom rule. the rule ID supports different rule configuration operations: - add a new rule: ID is empty or the ID parameter is not specified; - modify an existing rule: specify the rule ID that needs to be updated/modified; - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.
- Priority double
- Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports
rule_typeisPreciseMatchRule. - Rule
Type string - Type of custom rule. valid values: BasicAccessRule: basic access control; PreciseMatchRule: exact matching rule, default; ManagedAccessRule: expert customized rule, for output only. the default value is PreciseMatchRule.
- Action
This property is required. TeoSecurity Policy Config Security Policy Custom Rules Rule Action - Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
- Condition
This property is required. string - The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.
- Enabled
This property is required. string - Indicates whether the custom rule is enabled. valid values: on: enabled off: disabled.
- Name
This property is required. string - The name of the custom rule.
- Id string
- The ID of a custom rule. the rule ID supports different rule configuration operations: - add a new rule: ID is empty or the ID parameter is not specified; - modify an existing rule: specify the rule ID that needs to be updated/modified; - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.
- Priority float64
- Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports
rule_typeisPreciseMatchRule. - Rule
Type string - Type of custom rule. valid values: BasicAccessRule: basic access control; PreciseMatchRule: exact matching rule, default; ManagedAccessRule: expert customized rule, for output only. the default value is PreciseMatchRule.
- action
This property is required. TeoSecurity Policy Config Security Policy Custom Rules Rule Action - Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
- condition
This property is required. String - The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.
- enabled
This property is required. String - Indicates whether the custom rule is enabled. valid values: on: enabled off: disabled.
- name
This property is required. String - The name of the custom rule.
- id String
- The ID of a custom rule. the rule ID supports different rule configuration operations: - add a new rule: ID is empty or the ID parameter is not specified; - modify an existing rule: specify the rule ID that needs to be updated/modified; - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.
- priority Double
- Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports
rule_typeisPreciseMatchRule. - rule
Type String - Type of custom rule. valid values: BasicAccessRule: basic access control; PreciseMatchRule: exact matching rule, default; ManagedAccessRule: expert customized rule, for output only. the default value is PreciseMatchRule.
- action
This property is required. TeoSecurity Policy Config Security Policy Custom Rules Rule Action - Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
- condition
This property is required. string - The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.
- enabled
This property is required. string - Indicates whether the custom rule is enabled. valid values: on: enabled off: disabled.
- name
This property is required. string - The name of the custom rule.
- id string
- The ID of a custom rule. the rule ID supports different rule configuration operations: - add a new rule: ID is empty or the ID parameter is not specified; - modify an existing rule: specify the rule ID that needs to be updated/modified; - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.
- priority number
- Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports
rule_typeisPreciseMatchRule. - rule
Type string - Type of custom rule. valid values: BasicAccessRule: basic access control; PreciseMatchRule: exact matching rule, default; ManagedAccessRule: expert customized rule, for output only. the default value is PreciseMatchRule.
- action
This property is required. TeoSecurity Policy Config Security Policy Custom Rules Rule Action - Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
- condition
This property is required. str - The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.
- enabled
This property is required. str - Indicates whether the custom rule is enabled. valid values: on: enabled off: disabled.
- name
This property is required. str - The name of the custom rule.
- id str
- The ID of a custom rule. the rule ID supports different rule configuration operations: - add a new rule: ID is empty or the ID parameter is not specified; - modify an existing rule: specify the rule ID that needs to be updated/modified; - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.
- priority float
- Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports
rule_typeisPreciseMatchRule. - rule_
type str - Type of custom rule. valid values: BasicAccessRule: basic access control; PreciseMatchRule: exact matching rule, default; ManagedAccessRule: expert customized rule, for output only. the default value is PreciseMatchRule.
- action
This property is required. Property Map - Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
- condition
This property is required. String - The specific content of the custom rule must comply with the expression grammar. please refer to the product document for detailed specifications.
- enabled
This property is required. String - Indicates whether the custom rule is enabled. valid values: on: enabled off: disabled.
- name
This property is required. String - The name of the custom rule.
- id String
- The ID of a custom rule. the rule ID supports different rule configuration operations: - add a new rule: ID is empty or the ID parameter is not specified; - modify an existing rule: specify the rule ID that needs to be updated/modified; - delete an existing rule: existing Rules not included in the Rules list of the CustomRules parameter will be deleted.
- priority Number
- Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports
rule_typeisPreciseMatchRule. - rule
Type String - Type of custom rule. valid values: BasicAccessRule: basic access control; PreciseMatchRule: exact matching rule, default; ManagedAccessRule: expert customized rule, for output only. the default value is PreciseMatchRule.
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleAction, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionArgs
- Name
This property is required. string - Specific actions for safe execution. valid values:.
- Block
Ip TeoAction Parameters Security Policy Config Security Policy Custom Rules Rule Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- Redirect
Action TeoParameters Security Policy Config Security Policy Custom Rules Rule Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- Return
Custom TeoPage Action Parameters Security Policy Config Security Policy Custom Rules Rule Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- Name
This property is required. string - Specific actions for safe execution. valid values:.
- Block
Ip TeoAction Parameters Security Policy Config Security Policy Custom Rules Rule Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- Redirect
Action TeoParameters Security Policy Config Security Policy Custom Rules Rule Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- Return
Custom TeoPage Action Parameters Security Policy Config Security Policy Custom Rules Rule Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. String - Specific actions for safe execution. valid values:.
- block
Ip TeoAction Parameters Security Policy Config Security Policy Custom Rules Rule Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect
Action TeoParameters Security Policy Config Security Policy Custom Rules Rule Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return
Custom TeoPage Action Parameters Security Policy Config Security Policy Custom Rules Rule Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. string - Specific actions for safe execution. valid values:.
- block
Ip TeoAction Parameters Security Policy Config Security Policy Custom Rules Rule Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect
Action TeoParameters Security Policy Config Security Policy Custom Rules Rule Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return
Custom TeoPage Action Parameters Security Policy Config Security Policy Custom Rules Rule Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. str - Specific actions for safe execution. valid values:.
- block_
ip_ Teoaction_ parameters Security Policy Config Security Policy Custom Rules Rule Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect_
action_ Teoparameters Security Policy Config Security Policy Custom Rules Rule Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return_
custom_ Teopage_ action_ parameters Security Policy Config Security Policy Custom Rules Rule Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. String - Specific actions for safe execution. valid values:.
- block
Ip Property MapAction Parameters - Additional parameter when Name is BlockIP.
- redirect
Action Property MapParameters - Additional parameter when Name is Redirect.
- return
Custom Property MapPage Action Parameters - Additional parameter when Name is ReturnCustomPage.
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParameters, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionBlockIpActionParametersArgs
- Duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- Duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. String - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. str - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. String - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionRedirectActionParameters, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionRedirectActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionRedirectActionParametersArgs
- Url
This property is required. string - Redirect URL.
- Url
This property is required. string - Redirect URL.
- url
This property is required. String - Redirect URL.
- url
This property is required. string - Redirect URL.
- url
This property is required. str - Redirect URL.
- url
This property is required. String - Redirect URL.
TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionReturnCustomPageActionParameters, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionReturnCustomPageActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyCustomRulesRuleActionReturnCustomPageActionParametersArgs
- Error
Page Id This property is required. string - Response custom page ID.
- Response
Code This property is required. string - Response status code.
- Error
Page Id This property is required. string - Response custom page ID.
- Response
Code This property is required. string - Response status code.
- error
Page Id This property is required. String - Response custom page ID.
- response
Code This property is required. String - Response status code.
- error
Page Id This property is required. string - Response custom page ID.
- response
Code This property is required. string - Response status code.
- error_
page_ id This property is required. str - Response custom page ID.
- response_
code This property is required. str - Response status code.
- error
Page Id This property is required. String - Response custom page ID.
- response
Code This property is required. String - Response status code.
TeoSecurityPolicyConfigSecurityPolicyManagedRules, TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesArgs
- Detection
Only This property is required. string - Indicates whether the evaluation mode is Enabled. it is valid only when the Enabled parameter is set to on. valid values: on: Enabled. all managed rules take effect in observation mode. off: disabled. all managed rules take effect according to the actual configuration..
- Enabled
This property is required. string - Indicates whether the managed rule is enabled. valid values: on: enabled. all managed rules take effect as configured; off: disabled. all managed rules do not take effect..
- Auto
Update TeoSecurity Policy Config Security Policy Managed Rules Auto Update - Managed rule automatic update option.
- Managed
Rule List<TeoGroups Security Policy Config Security Policy Managed Rules Managed Rule Group> - Configuration of the managed rule group. if this structure is passed as an empty array or the GroupId is not included in the list, it will be processed based on the default method.
- Semantic
Analysis string - Whether the managed rule semantic analysis option is Enabled is valid only when the Enabled parameter is on. valid values: on: enable. perform semantic analysis on requests before processing them; off: disable. process requests directly without semantic analysis. default off.
- Detection
Only This property is required. string - Indicates whether the evaluation mode is Enabled. it is valid only when the Enabled parameter is set to on. valid values: on: Enabled. all managed rules take effect in observation mode. off: disabled. all managed rules take effect according to the actual configuration..
- Enabled
This property is required. string - Indicates whether the managed rule is enabled. valid values: on: enabled. all managed rules take effect as configured; off: disabled. all managed rules do not take effect..
- Auto
Update TeoSecurity Policy Config Security Policy Managed Rules Auto Update - Managed rule automatic update option.
- Managed
Rule []TeoGroups Security Policy Config Security Policy Managed Rules Managed Rule Group - Configuration of the managed rule group. if this structure is passed as an empty array or the GroupId is not included in the list, it will be processed based on the default method.
- Semantic
Analysis string - Whether the managed rule semantic analysis option is Enabled is valid only when the Enabled parameter is on. valid values: on: enable. perform semantic analysis on requests before processing them; off: disable. process requests directly without semantic analysis. default off.
- detection
Only This property is required. String - Indicates whether the evaluation mode is Enabled. it is valid only when the Enabled parameter is set to on. valid values: on: Enabled. all managed rules take effect in observation mode. off: disabled. all managed rules take effect according to the actual configuration..
- enabled
This property is required. String - Indicates whether the managed rule is enabled. valid values: on: enabled. all managed rules take effect as configured; off: disabled. all managed rules do not take effect..
- auto
Update TeoSecurity Policy Config Security Policy Managed Rules Auto Update - Managed rule automatic update option.
- managed
Rule List<TeoGroups Security Policy Config Security Policy Managed Rules Managed Rule Group> - Configuration of the managed rule group. if this structure is passed as an empty array or the GroupId is not included in the list, it will be processed based on the default method.
- semantic
Analysis String - Whether the managed rule semantic analysis option is Enabled is valid only when the Enabled parameter is on. valid values: on: enable. perform semantic analysis on requests before processing them; off: disable. process requests directly without semantic analysis. default off.
- detection
Only This property is required. string - Indicates whether the evaluation mode is Enabled. it is valid only when the Enabled parameter is set to on. valid values: on: Enabled. all managed rules take effect in observation mode. off: disabled. all managed rules take effect according to the actual configuration..
- enabled
This property is required. string - Indicates whether the managed rule is enabled. valid values: on: enabled. all managed rules take effect as configured; off: disabled. all managed rules do not take effect..
- auto
Update TeoSecurity Policy Config Security Policy Managed Rules Auto Update - Managed rule automatic update option.
- managed
Rule TeoGroups Security Policy Config Security Policy Managed Rules Managed Rule Group[] - Configuration of the managed rule group. if this structure is passed as an empty array or the GroupId is not included in the list, it will be processed based on the default method.
- semantic
Analysis string - Whether the managed rule semantic analysis option is Enabled is valid only when the Enabled parameter is on. valid values: on: enable. perform semantic analysis on requests before processing them; off: disable. process requests directly without semantic analysis. default off.
- detection_
only This property is required. str - Indicates whether the evaluation mode is Enabled. it is valid only when the Enabled parameter is set to on. valid values: on: Enabled. all managed rules take effect in observation mode. off: disabled. all managed rules take effect according to the actual configuration..
- enabled
This property is required. str - Indicates whether the managed rule is enabled. valid values: on: enabled. all managed rules take effect as configured; off: disabled. all managed rules do not take effect..
- auto_
update TeoSecurity Policy Config Security Policy Managed Rules Auto Update - Managed rule automatic update option.
- managed_
rule_ Sequence[Teogroups Security Policy Config Security Policy Managed Rules Managed Rule Group] - Configuration of the managed rule group. if this structure is passed as an empty array or the GroupId is not included in the list, it will be processed based on the default method.
- semantic_
analysis str - Whether the managed rule semantic analysis option is Enabled is valid only when the Enabled parameter is on. valid values: on: enable. perform semantic analysis on requests before processing them; off: disable. process requests directly without semantic analysis. default off.
- detection
Only This property is required. String - Indicates whether the evaluation mode is Enabled. it is valid only when the Enabled parameter is set to on. valid values: on: Enabled. all managed rules take effect in observation mode. off: disabled. all managed rules take effect according to the actual configuration..
- enabled
This property is required. String - Indicates whether the managed rule is enabled. valid values: on: enabled. all managed rules take effect as configured; off: disabled. all managed rules do not take effect..
- auto
Update Property Map - Managed rule automatic update option.
- managed
Rule List<Property Map>Groups - Configuration of the managed rule group. if this structure is passed as an empty array or the GroupId is not included in the list, it will be processed based on the default method.
- semantic
Analysis String - Whether the managed rule semantic analysis option is Enabled is valid only when the Enabled parameter is on. valid values: on: enable. perform semantic analysis on requests before processing them; off: disable. process requests directly without semantic analysis. default off.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdate, TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesAutoUpdateArgs
- Auto
Update To Latest Version This property is required. string - Indicates whether to enable automatic update to the latest version. valid values: on: enabled off: disabled.
- Ruleset
Version string - The currently used version, in the format compliant with ISO 8601 standard, such as 2023-12-21T12:00:32Z. it is empty by default and is only an output parameter.
- Auto
Update To Latest Version This property is required. string - Indicates whether to enable automatic update to the latest version. valid values: on: enabled off: disabled.
- Ruleset
Version string - The currently used version, in the format compliant with ISO 8601 standard, such as 2023-12-21T12:00:32Z. it is empty by default and is only an output parameter.
- auto
Update To Latest Version This property is required. String - Indicates whether to enable automatic update to the latest version. valid values: on: enabled off: disabled.
- ruleset
Version String - The currently used version, in the format compliant with ISO 8601 standard, such as 2023-12-21T12:00:32Z. it is empty by default and is only an output parameter.
- auto
Update To Latest Version This property is required. string - Indicates whether to enable automatic update to the latest version. valid values: on: enabled off: disabled.
- ruleset
Version string - The currently used version, in the format compliant with ISO 8601 standard, such as 2023-12-21T12:00:32Z. it is empty by default and is only an output parameter.
- auto_
update_ to_ latest_ version This property is required. str - Indicates whether to enable automatic update to the latest version. valid values: on: enabled off: disabled.
- ruleset_
version str - The currently used version, in the format compliant with ISO 8601 standard, such as 2023-12-21T12:00:32Z. it is empty by default and is only an output parameter.
- auto
Update To Latest Version This property is required. String - Indicates whether to enable automatic update to the latest version. valid values: on: enabled off: disabled.
- ruleset
Version String - The currently used version, in the format compliant with ISO 8601 standard, such as 2023-12-21T12:00:32Z. it is empty by default and is only an output parameter.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroup, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupArgs
- Action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- Group
Id This property is required. string - Group name of the managed rule. if the rule group for the configuration is not specified, it will be processed based on the default configuration. refer to product documentation for the specific value of GroupId.
- Sensitivity
Level This property is required. string - Protection level of the managed rule group. valid values: loose: lenient, only contains ultra-high risk rules. at this point, configure Action, and RuleActions configuration is invalid; normal: normal, contains ultra-high risk and high-risk rules. at this point, configure Action, and RuleActions configuration is invalid; strict: strict, contains ultra-high risk, high-risk and medium-risk rules. at this point, configure Action, and RuleActions configuration is invalid; extreme: super strict, contains ultra-high risk, high-risk, medium-risk and low-risk rules. at this point, configure Action, and RuleActions configuration is invalid; custom: custom, refined strategy. configure the disposal method for each individual rule. at this point, the Action field is invalid. use RuleActions to configure the refined strategy for each individual rule..
- Meta
Datas List<TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data> - Managed rule group information, for output only.
- Rule
Actions List<TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action> - Specific configuration of rule items under the managed rule group. the configuration is effective only when SensitivityLevel is custom.
- Action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- Group
Id This property is required. string - Group name of the managed rule. if the rule group for the configuration is not specified, it will be processed based on the default configuration. refer to product documentation for the specific value of GroupId.
- Sensitivity
Level This property is required. string - Protection level of the managed rule group. valid values: loose: lenient, only contains ultra-high risk rules. at this point, configure Action, and RuleActions configuration is invalid; normal: normal, contains ultra-high risk and high-risk rules. at this point, configure Action, and RuleActions configuration is invalid; strict: strict, contains ultra-high risk, high-risk and medium-risk rules. at this point, configure Action, and RuleActions configuration is invalid; extreme: super strict, contains ultra-high risk, high-risk, medium-risk and low-risk rules. at this point, configure Action, and RuleActions configuration is invalid; custom: custom, refined strategy. configure the disposal method for each individual rule. at this point, the Action field is invalid. use RuleActions to configure the refined strategy for each individual rule..
- Meta
Datas []TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data - Managed rule group information, for output only.
- Rule
Actions []TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action - Specific configuration of rule items under the managed rule group. the configuration is effective only when SensitivityLevel is custom.
- action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- group
Id This property is required. String - Group name of the managed rule. if the rule group for the configuration is not specified, it will be processed based on the default configuration. refer to product documentation for the specific value of GroupId.
- sensitivity
Level This property is required. String - Protection level of the managed rule group. valid values: loose: lenient, only contains ultra-high risk rules. at this point, configure Action, and RuleActions configuration is invalid; normal: normal, contains ultra-high risk and high-risk rules. at this point, configure Action, and RuleActions configuration is invalid; strict: strict, contains ultra-high risk, high-risk and medium-risk rules. at this point, configure Action, and RuleActions configuration is invalid; extreme: super strict, contains ultra-high risk, high-risk, medium-risk and low-risk rules. at this point, configure Action, and RuleActions configuration is invalid; custom: custom, refined strategy. configure the disposal method for each individual rule. at this point, the Action field is invalid. use RuleActions to configure the refined strategy for each individual rule..
- meta
Datas List<TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data> - Managed rule group information, for output only.
- rule
Actions List<TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action> - Specific configuration of rule items under the managed rule group. the configuration is effective only when SensitivityLevel is custom.
- action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- group
Id This property is required. string - Group name of the managed rule. if the rule group for the configuration is not specified, it will be processed based on the default configuration. refer to product documentation for the specific value of GroupId.
- sensitivity
Level This property is required. string - Protection level of the managed rule group. valid values: loose: lenient, only contains ultra-high risk rules. at this point, configure Action, and RuleActions configuration is invalid; normal: normal, contains ultra-high risk and high-risk rules. at this point, configure Action, and RuleActions configuration is invalid; strict: strict, contains ultra-high risk, high-risk and medium-risk rules. at this point, configure Action, and RuleActions configuration is invalid; extreme: super strict, contains ultra-high risk, high-risk, medium-risk and low-risk rules. at this point, configure Action, and RuleActions configuration is invalid; custom: custom, refined strategy. configure the disposal method for each individual rule. at this point, the Action field is invalid. use RuleActions to configure the refined strategy for each individual rule..
- meta
Datas TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data[] - Managed rule group information, for output only.
- rule
Actions TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action[] - Specific configuration of rule items under the managed rule group. the configuration is effective only when SensitivityLevel is custom.
- action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- group_
id This property is required. str - Group name of the managed rule. if the rule group for the configuration is not specified, it will be processed based on the default configuration. refer to product documentation for the specific value of GroupId.
- sensitivity_
level This property is required. str - Protection level of the managed rule group. valid values: loose: lenient, only contains ultra-high risk rules. at this point, configure Action, and RuleActions configuration is invalid; normal: normal, contains ultra-high risk and high-risk rules. at this point, configure Action, and RuleActions configuration is invalid; strict: strict, contains ultra-high risk, high-risk and medium-risk rules. at this point, configure Action, and RuleActions configuration is invalid; extreme: super strict, contains ultra-high risk, high-risk, medium-risk and low-risk rules. at this point, configure Action, and RuleActions configuration is invalid; custom: custom, refined strategy. configure the disposal method for each individual rule. at this point, the Action field is invalid. use RuleActions to configure the refined strategy for each individual rule..
- meta_
datas Sequence[TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data] - Managed rule group information, for output only.
- rule_
actions Sequence[TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action] - Specific configuration of rule items under the managed rule group. the configuration is effective only when SensitivityLevel is custom.
- action
This property is required. Property Map - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- group
Id This property is required. String - Group name of the managed rule. if the rule group for the configuration is not specified, it will be processed based on the default configuration. refer to product documentation for the specific value of GroupId.
- sensitivity
Level This property is required. String - Protection level of the managed rule group. valid values: loose: lenient, only contains ultra-high risk rules. at this point, configure Action, and RuleActions configuration is invalid; normal: normal, contains ultra-high risk and high-risk rules. at this point, configure Action, and RuleActions configuration is invalid; strict: strict, contains ultra-high risk, high-risk and medium-risk rules. at this point, configure Action, and RuleActions configuration is invalid; extreme: super strict, contains ultra-high risk, high-risk, medium-risk and low-risk rules. at this point, configure Action, and RuleActions configuration is invalid; custom: custom, refined strategy. configure the disposal method for each individual rule. at this point, the Action field is invalid. use RuleActions to configure the refined strategy for each individual rule..
- meta
Datas List<Property Map> - Managed rule group information, for output only.
- rule
Actions List<Property Map> - Specific configuration of rule items under the managed rule group. the configuration is effective only when SensitivityLevel is custom.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupAction, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionArgs
- Name
This property is required. string - Specific actions for safe execution. valid values:.
- Block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- Redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- Return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- Name
This property is required. string - Specific actions for safe execution. valid values:.
- Block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- Redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- Return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. String - Specific actions for safe execution. valid values:.
- block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. string - Specific actions for safe execution. valid values:.
- block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. str - Specific actions for safe execution. valid values:.
- block_
ip_ Teoaction_ parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect_
action_ Teoparameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return_
custom_ Teopage_ action_ parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. String - Specific actions for safe execution. valid values:.
- block
Ip Property MapAction Parameters - Additional parameter when Name is BlockIP.
- redirect
Action Property MapParameters - Additional parameter when Name is Redirect.
- return
Custom Property MapPage Action Parameters - Additional parameter when Name is ReturnCustomPage.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionBlockIpActionParameters, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionBlockIpActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionBlockIpActionParametersArgs
- Duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- Duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. String - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. str - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. String - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionRedirectActionParameters, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionRedirectActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionRedirectActionParametersArgs
- Url
This property is required. string - Redirect URL.
- Url
This property is required. string - Redirect URL.
- url
This property is required. String - Redirect URL.
- url
This property is required. string - Redirect URL.
- url
This property is required. str - Redirect URL.
- url
This property is required. String - Redirect URL.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionReturnCustomPageActionParameters, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionReturnCustomPageActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupActionReturnCustomPageActionParametersArgs
- Error
Page Id This property is required. string - Response custom page ID.
- Response
Code This property is required. string - Response status code.
- Error
Page Id This property is required. string - Response custom page ID.
- Response
Code This property is required. string - Response status code.
- error
Page Id This property is required. String - Response custom page ID.
- response
Code This property is required. String - Response status code.
- error
Page Id This property is required. string - Response custom page ID.
- response
Code This property is required. string - Response status code.
- error_
page_ id This property is required. str - Response custom page ID.
- response_
code This property is required. str - Response status code.
- error
Page Id This property is required. String - Response custom page ID.
- response
Code This property is required. String - Response status code.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupMetaData, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupMetaDataArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupMetaDataArgs
- Group
Detail This property is required. string - Group
Name This property is required. string - Rule
Details This property is required. List<TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data Rule Detail>
- Group
Detail This property is required. string - Group
Name This property is required. string - Rule
Details This property is required. []TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data Rule Detail
- group
Detail This property is required. String - group
Name This property is required. String - rule
Details This property is required. List<TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data Rule Detail>
- group
Detail This property is required. string - group
Name This property is required. string - rule
Details This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data Rule Detail[]
- group_
detail This property is required. str - group_
name This property is required. str - rule_
details This property is required. Sequence[TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Meta Data Rule Detail]
- group
Detail This property is required. String - group
Name This property is required. String - rule
Details This property is required. List<Property Map>
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupMetaDataRuleDetail, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupMetaDataRuleDetailArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupMetaDataRuleDetailArgs
- Description
This property is required. string - Risk
Level This property is required. string - Rule
Id This property is required. string - Rule
Version This property is required. string This property is required. List<string>
- Description
This property is required. string - Risk
Level This property is required. string - Rule
Id This property is required. string - Rule
Version This property is required. string This property is required. []string
- description
This property is required. String - risk
Level This property is required. String - rule
Id This property is required. String - rule
Version This property is required. String This property is required. List<String>
- description
This property is required. string - risk
Level This property is required. string - rule
Id This property is required. string - rule
Version This property is required. string This property is required. string[]
- description
This property is required. str - risk_
level This property is required. str - rule_
id This property is required. str - rule_
version This property is required. str This property is required. Sequence[str]
- description
This property is required. String - risk
Level This property is required. String - rule
Id This property is required. String - rule
Version This property is required. String This property is required. List<String>
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleAction, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionArgs
- Action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- Rule
Id This property is required. string - Specific items under the managed rule group, which are used to rewrite the configuration content of this individual rule item. refer to product documentation for details.
- Action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- Rule
Id This property is required. string - Specific items under the managed rule group, which are used to rewrite the configuration content of this individual rule item. refer to product documentation for details.
- action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- rule
Id This property is required. String - Specific items under the managed rule group, which are used to rewrite the configuration content of this individual rule item. refer to product documentation for details.
- action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- rule
Id This property is required. string - Specific items under the managed rule group, which are used to rewrite the configuration content of this individual rule item. refer to product documentation for details.
- action
This property is required. TeoSecurity Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- rule_
id This property is required. str - Specific items under the managed rule group, which are used to rewrite the configuration content of this individual rule item. refer to product documentation for details.
- action
This property is required. Property Map - Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
- rule
Id This property is required. String - Specific items under the managed rule group, which are used to rewrite the configuration content of this individual rule item. refer to product documentation for details.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionAction, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionArgs
- Name
This property is required. string - Specific actions for safe execution. valid values:.
- Block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- Redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- Return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- Name
This property is required. string - Specific actions for safe execution. valid values:.
- Block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- Redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- Return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. String - Specific actions for safe execution. valid values:.
- block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. string - Specific actions for safe execution. valid values:.
- block
Ip TeoAction Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect
Action TeoParameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return
Custom TeoPage Action Parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. str - Specific actions for safe execution. valid values:.
- block_
ip_ Teoaction_ parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Block Ip Action Parameters - Additional parameter when Name is BlockIP.
- redirect_
action_ Teoparameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Redirect Action Parameters - Additional parameter when Name is Redirect.
- return_
custom_ Teopage_ action_ parameters Security Policy Config Security Policy Managed Rules Managed Rule Group Rule Action Action Return Custom Page Action Parameters - Additional parameter when Name is ReturnCustomPage.
- name
This property is required. String - Specific actions for safe execution. valid values:.
- block
Ip Property MapAction Parameters - Additional parameter when Name is BlockIP.
- redirect
Action Property MapParameters - Additional parameter when Name is Redirect.
- return
Custom Property MapPage Action Parameters - Additional parameter when Name is ReturnCustomPage.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionBlockIpActionParameters, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionBlockIpActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionBlockIpActionParametersArgs
- Duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- Duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. String - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. string - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. str - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
- duration
This property is required. String - Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionRedirectActionParameters, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionRedirectActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionRedirectActionParametersArgs
- Url
This property is required. string - Redirect URL.
- Url
This property is required. string - Redirect URL.
- url
This property is required. String - Redirect URL.
- url
This property is required. string - Redirect URL.
- url
This property is required. str - Redirect URL.
- url
This property is required. String - Redirect URL.
TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionReturnCustomPageActionParameters, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionReturnCustomPageActionParametersArgs
, TeoSecurityPolicyConfigSecurityPolicyManagedRulesManagedRuleGroupRuleActionActionReturnCustomPageActionParametersArgs
- Error
Page Id This property is required. string - Response custom page ID.
- Response
Code This property is required. string - Response status code.
- Error
Page Id This property is required. string - Response custom page ID.
- Response
Code This property is required. string - Response status code.
- error
Page Id This property is required. String - Response custom page ID.
- response
Code This property is required. String - Response status code.
- error
Page Id This property is required. string - Response custom page ID.
- response
Code This property is required. string - Response status code.
- error_
page_ id This property is required. str - Response custom page ID.
- response_
code This property is required. str - Response status code.
- error
Page Id This property is required. String - Response custom page ID.
- response
Code This property is required. String - Response status code.
Import
teo security policy can be imported using the id, e.g.
If entity is ZoneDefaultPolicy
$ pulumi import tencentcloud:index/teoSecurityPolicyConfig:TeoSecurityPolicyConfig example zone-37u62pwxfo8s#ZoneDefaultPolicy
If entity is Host
$ pulumi import tencentcloud:index/teoSecurityPolicyConfig:TeoSecurityPolicyConfig example zone-37u62pwxfo8s#Host#www.example.com
If entity is Template
$ pulumi import tencentcloud:index/teoSecurityPolicyConfig:TeoSecurityPolicyConfig example zone-37u62pwxfo8s#Template#temp-05dtxkyw
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- tencentcloud tencentcloudstack/terraform-provider-tencentcloud
- License
- Notes
- This Pulumi package is based on the
tencentcloudTerraform Provider.
tencentcloud 1.81.183 published on Wednesday, Apr 16, 2025 by tencentcloudstack