{
"additionalProperties": false,
"description": "Advanced load balancer WafRule object",
"id": "ALBWafRule",
"module_id": "PolicyAdvancedLoadBalancer",
"properties": {
"avi_tags": {
"description": "Tags for WAF rule as per Modsec language. They are extracted from the tag action in a ModSec rule. Maximum of 64 items allowed.",
"items": {
"type": "string"
},
"required": false,
"title": "Avi tags",
"type": "array"
},
"enable": {
"default": true,
"description": "Enable or disable WAF Rule Group. Default value when not specified in API or module is interpreted by ALB Controller as true.",
"required": false,
"title": "Enable",
"type": "boolean"
},
"exclude_list": {
"description": "Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Maximum of 64 items allowed.",
"items": {
"$ref": "ALBWafExcludeListEntry
},
"required": false,
"title": "Exclude list",
"type": "array"
},
"index": {
"description": "Number of index.",
"required": true,
"title": "Index",
"type": "integer"
},
"is_sensitive": {
"default": false,
"description": "The rule field is sensitive and will not be displayed. Default value when not specified in API or module is interpreted by ALB Controller as false.",
"required": false,
"title": "Is sensitive",
"type": "boolean"
},
"mode": {
"$ref": "ALBWafMode,
"description": "WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT.",
"required": false,
"title": "Mode"
},
"name": {
"description": "User-friendly optional name for a rule.",
"required": false,
"title": "Name",
"type": "string"
},
"phase": {
"$ref": "ALBWafPhase,
"description": "The execution phase where this rule will be executed. Enum options - WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING.",
"required": false,
"title": "Phase"
},
"rule": {
"description": "Rule as per Modsec language.",
"required": true,
"title": "Rule",
"type": "string"
},
"rule_id": {
"description": "Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a ModSec rule. Rules within a single WAF Policy are required to have unique rule_ids.",
"required": false,
"title": "Rule id",
"type": "string"
}
},
"title": "WafRule",
"type": "object"
}