» oci_waas_custom_protection_rule

This resource provides the Custom Protection Rule resource in Oracle Cloud Infrastructure Waas service.

Creates a new Custom Protection rule in the specified compartment.

» Example Usage

resource "oci_waas_custom_protection_rule" "test_custom_protection_rule" {
    #Required
    compartment_id = "${var.compartment_id}"
    display_name = "${var.custom_protection_rule_display_name}"
    template = "${var.custom_protection_rule_template}"

    #Optional
    defined_tags = {"Operations.CostCenter"= "42"}
    description = "${var.custom_protection_rule_description}"
    freeform_tags = {"Department"= "Finance"}
}

» Argument Reference

The following arguments are supported:

  • compartment_id - (Required) (Updatable) The OCID of the compartment in which to create the Custom Protection rule.
  • defined_tags - (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
  • description - (Optional) (Updatable) A description for the Custom Protection rule.
  • display_name - (Required) (Updatable) A user-friendly name for the Custom Protection rule.
  • freeform_tags - (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
  • template - (Required) (Updatable) The template text of the Custom Protection rule. The syntax is based on ModSecurity Rule Language. Additionally it needs to include two variables / placeholders which will be replaced during publishing.

    • {{mode}} - rule action, defined by user in UI, like OFF, DETECT or BLOCK.
    • {{id_1}} - unique rule ID which identifies a SecRule, generated by the system. Multiple IDs can be used by increasing the number of the variable for every SecRule defined in the template.

    Example usage: SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny" The example contains two SecRules each having distinct regex expression to match Cookie header value during second input analysis phase. The disruptive deny action takes effect only when {{mode}} is set to BLOCK. The message is logged either when {{mode}} is set to DETECT or BLOCK.

    For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

» Attributes Reference

The following attributes are exported:

  • compartment_id - The OCID of the Custom Protection rule's compartment.
  • defined_tags - Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
  • description - The description of the Custom Protection rule.
  • display_name - The user-friendly name of the Custom Protection rule.
  • freeform_tags - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
  • id - The OCID of the Custom Protection rule.
  • mod_security_rule_ids - The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
  • state - The current lifecycle state of the Custom Protection rule.
  • template - The template text of the Custom Protection rule. The syntax is based on ModSecurity Rule Language. Additionally it needs to include two variables / placeholders which will be replaced during publishing.

    • {{mode}} - rule action, defined by user in UI, like OFF, DETECT or BLOCK.
    • {{id_1}} - unique rule ID which identifies a SecRule, generated by the system. Multiple IDs can be used by increasing the number of the variable for every SecRule defined in the template.

    Example usage: SecRule REQUEST_COOKIES "regex matching SQL injection - part 1/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 1/2.', \ id: {{id_1}}, \ ctl:ruleEngine={{mode}}, \ deny" SecRule REQUEST_COOKIES "regex matching SQL injection - part 2/2" \ "phase:2, \ msg:'Detects chained SQL injection attempts 2/2.', \ id: {{id_2}}, \ ctl:ruleEngine={{mode}}, \ deny" The example contains two SecRules each having distinct regex expression to match Cookie header value during second input analysis phase. The disruptive deny action takes effect only when {{mode}} is set to BLOCK. The message is logged either when {{mode}} is set to DETECT or BLOCK.

    For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.

  • time_created - The date and time the protection rule was created, expressed in RFC 3339 timestamp format.

» Import

CustomProtectionRules can be imported using the id, e.g.

$ terraform import oci_waas_custom_protection_rule.test_custom_protection_rule "id"