WafRule
Advanced load balancer WafRule object
Name | Description | Type | Notes |
---|---|---|---|
avi_tags | Avi tags Tags for WAF rule as per Modsec language. They are extracted from the tag action in a ModSec rule. Maximum of 64 items allowed. |
array of string | |
enable | Enable Enable or disable WAF Rule Group. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
exclude_list | Exclude list Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Maximum of 64 items allowed. |
array of ALBWafExcludeListEntry | |
index | Index Number of index. |
integer | Required |
is_sensitive | Is sensitive The rule field is sensitive and will not be displayed. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
mode | Mode WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. |
ALBWafMode | |
name | Name User-friendly optional name for a rule. |
string | |
phase | Phase The execution phase where this rule will be executed. Enum options - WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING. |
ALBWafPhase | |
rule | Rule Rule as per Modsec language. |
string | Required |
rule_id | Rule id Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a ModSec rule. Rules within a single WAF Policy are required to have unique rule_ids. |
string |