condition

(required) The criteria the access rule and JavaScript Challenge uses to determine if action should be taken on a request. - **URL_IS:** Matches if the concatenation of request URL path and query is identical to the contents of the `value` field. URL must start with a `/`. - **URL_IS_NOT:** Matches if the concatenation of request URL path and query is not identical to the contents of the `value` field. URL must start with a `/`. - **URL_STARTS_WITH:** Matches if the concatenation of request URL path and query starts with the contents of the `value` field. URL must start with a `/`. - **URL_PART_ENDS_WITH:** Matches if the concatenation of request URL path and query ends with the contents of the `value` field. - **URL_PART_CONTAINS:** Matches if the concatenation of request URL path and query contains the contents of the `value` field. - **URL_REGEX:** Matches if the concatenation of request URL path and query is described by the regular expression in the value field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - **URL_DOES_NOT_MATCH_REGEX:** Matches if the concatenation of request URL path and query is not described by the regular expression in the `value` field. The value must be a valid regular expression recognized by the PCRE library in Nginx (https://www.pcre.org). - **URL_DOES_NOT_START_WITH:** Matches if the concatenation of request URL path and query does not start with the contents of the `value` field. - **URL_PART_DOES_NOT_CONTAIN:** Matches if the concatenation of request URL path and query does not contain the contents of the `value` field. - **URL_PART_DOES_NOT_END_WITH:** Matches if the concatenation of request URL path and query does not end with the contents of the `value` field. - **IP_IS:** Matches if the request originates from one of the IP addresses contained in the defined address list. The `value` in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \*Example:* \"1.1.1.1\1.1.1.2\1.2.2.1/30\" - **IP_IS_NOT:** Matches if the request does not originate from any of the IP addresses contained in the defined address list. The `value` in this case is string with one or multiple IPs or CIDR notations separated by new line symbol \*Example:* \"1.1.1.1\1.1.1.2\1.2.2.1/30\" - **IP_IN_LIST:** Matches if the request originates from one of the IP addresses contained in the referenced address list. The `value` in this case is OCID of the address list. - **IP_NOT_IN_LIST:** Matches if the request does not originate from any IP address contained in the referenced address list. The `value` field in this case is OCID of the address list. - **HTTP_HEADER_CONTAINS:** The HTTP_HEADER_CONTAINS criteria is defined using a compound value separated by a colon: a header field name and a header field value. `host:test.example.com` is an example of a criteria value where `host` is the header field name and `test.example.com` is the header field value. A request matches when the header field name is a case insensitive match and the header field value is a case insensitive, substring match. *Example:* With a criteria value of `host:test.example.com`, where `host` is the name of the field and `test.example.com` is the value of the host field, a request with the header values, `Host: www.test.example.com` will match, where as a request with header values of `host: www.example.com` or `host: test.sub.example.com` will not match. - **HTTP_METHOD_IS:** Matches if the request method is identical to one of the values listed in field. The `value` in this case is string with one or multiple HTTP methods separated by new line symbol \The list of available methods: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH` *Example:* \"GET\POST\" - **HTTP_METHOD_IS_NOT:** Matches if the request is not identical to any of the contents of the `value` field. The `value` in this case is string with one or multiple HTTP methods separated by new line symbol \The list of available methods: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH` *Example:* \"GET\POST\" - **COUNTRY_IS:** Matches if the request originates from one of countries in the `value` field. The `value` in this case is string with one or multiple countries separated by new line symbol \Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. *Example:* \"AL\DZ\AM\" - **COUNTRY_IS_NOT:** Matches if the request does not originate from any of countries in the `value` field. The `value` in this case is string with one or multiple countries separated by new line symbol \Country codes are in ISO 3166-1 alpha-2 format. For a list of codes, see ISO's website. *Example:* \"AL\DZ\AM\" - **USER_AGENT_IS:** Matches if the requesting user agent is identical to the contents of the `value` field. *Example:* `Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0` - **USER_AGENT_IS_NOT:** Matches if the requesting user agent is not identical to the contents of the `value` field. *Example:* `Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0`

Allowed values are: 'URL_IS', 'URL_IS_NOT', 'URL_STARTS_WITH', 'URL_PART_ENDS_WITH', 'URL_PART_CONTAINS', 'URL_REGEX', 'URL_DOES_NOT_MATCH_REGEX', 'URL_DOES_NOT_START_WITH', 'URL_PART_DOES_NOT_CONTAIN', 'URL_PART_DOES_NOT_END_WITH', 'IP_IS', 'IP_IS_NOT', 'IP_IN_LIST', 'IP_NOT_IN_LIST', 'HTTP_HEADER_CONTAINS', 'HTTP_METHOD_IS', 'HTTP_METHOD_IS_NOT', 'COUNTRY_IS', 'COUNTRY_IS_NOT', 'USER_AGENT_IS', 'USER_AGENT_IS_NOT'

value

(required) The criteria value.

is_case_sensitive

(optional) When enabled, the condition will be matched with case-sensitive rules.

action

(required)

Allowed values are: 'EXTEND_HTTP_RESPONSE_HEADER', 'ADD_HTTP_RESPONSE_HEADER', 'REMOVE_HTTP_RESPONSE_HEADER'

name

(required) The unique name of the access rule.

criteria

(required) The list of access rule criteria. The rule would be applied only for the requests that matched all the listed conditions.

action

(required) The action to take when the access criteria are met for a rule. If unspecified, defaults to `ALLOW`. - **ALLOW:** Takes no action, just logs the request. - **DETECT:** Takes no action, but creates an alert for the request. - **BLOCK:** Blocks the request by returning specified response code or showing error page. - **BYPASS:** Bypasses some or all challenges. - **REDIRECT:** Redirects the request to the specified URL. These fields are required when `REDIRECT` is selected: `redirectUrl`, `redirectResponseCode`. - **SHOW_CAPTCHA:** Show a CAPTCHA Challenge page instead of the requested page. Regardless of action, no further rules are processed once a rule is matched.

Allowed values are: 'ALLOW', 'DETECT', 'BLOCK', 'BYPASS', 'REDIRECT', 'SHOW_CAPTCHA'

block_action

(optional) The method used to block requests if `action` is set to `BLOCK` and the access criteria are met. If unspecified, defaults to `SET_RESPONSE_CODE`.

Allowed values are: 'SET_RESPONSE_CODE', 'SHOW_ERROR_PAGE'

block_response_code

(optional) The response status code to return when `action` is set to `BLOCK`, `blockAction` is set to `SET_RESPONSE_CODE`, and the access criteria are met. If unspecified, defaults to `403`. The list of available response codes: `200`, `201`, `202`, `204`, `206`, `300`, `301`, `302`, `303`, `304`, `307`, `400`, `401`, `403`, `404`, `405`, `408`, `409`, `411`, `412`, `413`, `414`, `415`, `416`, `422`, `444`, `494`, `495`, `496`, `497`, `499`, `500`, `501`, `502`, `503`, `504`, `507`.

block_error_page_message

(optional) The message to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the access criteria are met. If unspecified, defaults to 'Access to the website is blocked.'

block_error_page_code

(optional) The error code to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the access criteria are met. If unspecified, defaults to 'Access rules'.

block_error_page_description

(optional) The description text to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the access criteria are met. If unspecified, defaults to 'Access blocked by website owner. Please contact support.'

bypass_challenges

(optional) The list of challenges to bypass when `action` is set to `BYPASS`. If unspecified or empty, all challenges are bypassed. - **JS_CHALLENGE:** Bypasses JavaScript Challenge. - **DEVICE_FINGERPRINT_CHALLENGE:** Bypasses Device Fingerprint Challenge. - **HUMAN_INTERACTION_CHALLENGE:** Bypasses Human Interaction Challenge. - **CAPTCHA:** Bypasses CAPTCHA Challenge.

Allowed values are: 'JS_CHALLENGE', 'DEVICE_FINGERPRINT_CHALLENGE', 'HUMAN_INTERACTION_CHALLENGE', 'CAPTCHA'

redirect_url

(optional) The target to which the request should be redirected, represented as a URI reference. Required when `action` is `REDIRECT`.

redirect_response_code

(optional) The response status code to return when `action` is set to `REDIRECT`. - **MOVED_PERMANENTLY:** Used for designating the permanent movement of a page (numerical code - 301). - **FOUND:** Used for designating the temporary movement of a page (numerical code - 302).

Allowed values are: 'MOVED_PERMANENTLY', 'FOUND'

captcha_title

(optional) The title used when showing a CAPTCHA challenge when `action` is set to `SHOW_CAPTCHA` and the request is challenged.

captcha_header

(optional) The text to show in the header when showing a CAPTCHA challenge when `action` is set to `SHOW_CAPTCHA` and the request is challenged.

captcha_footer

(optional) The text to show in the footer when showing a CAPTCHA challenge when `action` is set to `SHOW_CAPTCHA` and the request is challenged.

captcha_submit_label

(optional) The text to show on the label of the CAPTCHA challenge submit button when `action` is set to `SHOW_CAPTCHA` and the request is challenged.

response_header_manipulation

(optional) An object that represents an action to apply to an HTTP response headers if all rule criteria will be matched regardless of `action` value.

header

(required) A header field name that conforms to RFC 7230. Example: `example_header_name`

value

(required) A header field value that conforms to RFC 7230. Example: `example_value`

id

(optional) The OCID of the address list.

compartment_id

(optional) The OCID of the address list's compartment.

display_name

(optional) The user-friendly name of the address list.

address_count

(optional) The total number of unique IP addresses in the address list.

addresses

(optional) The list of IP addresses or CIDR notations.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

lifecycle_state

(optional) The current lifecycle state of the address list.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the address list was created, expressed in RFC 3339 timestamp format.

id

(optional) The OCID of the address list.

compartment_id

(optional) The OCID of the address list's compartment.

display_name

(optional) The user-friendly name of the address list.

address_count

(optional) The total number of unique IP addresses in the address list.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

lifecycle_state

(optional) The current lifecycle state of the address list.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the address list was created, in the format defined by RFC3339.

is_enabled

(required) Enables or disables the address rate limiting Web Application Firewall feature.

allowed_rate_per_address

(optional) The number of allowed requests per second from one IP address. If unspecified, defaults to `1`.

max_delayed_count_per_address

(optional) The maximum number of requests allowed to be queued before subsequent requests are dropped. If unspecified, defaults to `10`.

block_response_code

(optional) The response status code returned when a request is blocked. If unspecified, defaults to `503`. The list of available response codes: `400`, `401`, `403`, `404`, `405`, `408`, `409`, `411`, `412`, `413`, `414`, `415`, `416`, `422`, `494`, `495`, `496`, `497`, `499`, `500`, `501`, `502`, `503`, `504`, `507`.

block_action

(optional) The method used to block requests that fail the challenge, if `action` is set to `BLOCK`. If unspecified, defaults to `SHOW_ERROR_PAGE`.

Allowed values are: 'SET_RESPONSE_CODE', 'SHOW_ERROR_PAGE', 'SHOW_CAPTCHA'

block_response_code

(optional) The response status code to return when `action` is set to `BLOCK`, `blockAction` is set to `SET_RESPONSE_CODE` or `SHOW_ERROR_PAGE`, and the request is blocked. If unspecified, defaults to `403`. The list of available response codes: `200`, `201`, `202`, `204`, `206`, `300`, `301`, `302`, `303`, `304`, `307`, `400`, `401`, `403`, `404`, `405`, `408`, `409`, `411`, `412`, `413`, `414`, `415`, `416`, `422`, `444`, `494`, `495`, `496`, `497`, `499`, `500`, `501`, `502`, `503`, `504`, `507`.

block_error_page_message

(optional) The message to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the request is blocked. If unspecified, defaults to `Access to the website is blocked`.

block_error_page_description

(optional) The description text to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the request is blocked. If unspecified, defaults to `Access blocked by website owner. Please contact support.`

block_error_page_code

(optional) The error code to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE` and the request is blocked. If unspecified, defaults to `403`.

captcha_title

(optional) The title used when showing a CAPTCHA challenge when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_CAPTCHA`, and the request is blocked. If unspecified, defaults to `Are you human?`

captcha_header

(optional) The text to show in the header when showing a CAPTCHA challenge when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_CAPTCHA`, and the request is blocked. If unspecified, defaults to `We have detected an increased number of attempts to access this webapp. To help us keep this webapp secure, please let us know that you are not a robot by entering the text from captcha below.`

captcha_footer

(optional) The text to show in the footer when showing a CAPTCHA challenge when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_CAPTCHA`, and the request is blocked. If unspecified, default to `Enter the letters and numbers as they are shown in image above`.

captcha_submit_label

(optional) The text to show on the label of the CAPTCHA challenge submit button when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_CAPTCHA`, and the request is blocked. If unspecified, defaults to `Yes, I am human`.

condition

(required) The condition of the caching rule criteria. - **URL_IS:** Matches if the concatenation of request URL path and query is identical to the contents of the `value` field. - **URL_STARTS_WITH:** Matches if the concatenation of request URL path and query starts with the contents of the `value` field. - **URL_PART_ENDS_WITH:** Matches if the concatenation of request URL path and query ends with the contents of the `value` field. - **URL_PART_CONTAINS:** Matches if the concatenation of request URL path and query contains the contents of the `value` field. URLs must start with a `/`. URLs can't contain restricted double slashes `//`. URLs can't contain the restricted `'` `&` `?` symbols. Resources to cache can only be specified by a URL, any query parameters are ignored.

Allowed values are: 'URL_IS', 'URL_STARTS_WITH', 'URL_PART_ENDS_WITH', 'URL_PART_CONTAINS'

value

(required) The value of the caching rule criteria.

key

(optional) The unique key for the caching rule.

name

(required) The name of the caching rule.

action

(required) The action to take when the criteria of a caching rule are met. - **CACHE:** Caches requested content when the criteria of the rule are met. - **BYPASS_CACHE:** Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.

Allowed values are: 'CACHE', 'BYPASS_CACHE'

caching_duration

(optional) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is `99`. Mixing of multiple units is not supported. Only applies when the `action` is set to `CACHE`. Example: `PT1H`

is_client_caching_enabled

(optional) Enables or disables client caching. Browsers use the `Cache-Control` header value for caching content locally in the browser. This setting overrides the addition of a `Cache-Control` header in responses.

client_caching_duration

(optional) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is `99`. Mixing of multiple units is not supported. Only applies when the `action` is set to `CACHE`. Example: `PT1H`

criteria

(required) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.

key

(optional) The unique key for the caching rule.

name

(required) The name of the caching rule.

action

(required) The action to take when the criteria of a caching rule are met. - **CACHE:** Caches requested content when the criteria of the rule are met. - **BYPASS_CACHE:** Allows requests to bypass the cache and be directed to the origin when the criteria of the rule is met.

Allowed values are: 'CACHE', 'BYPASS_CACHE'

caching_duration

(optional) The duration to cache content for the caching rule, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is `99`. Mixing of multiple units is not supported. Only applies when the `action` is set to `CACHE`. Example: `PT1H`

is_client_caching_enabled

(optional) Enables or disables client caching. Browsers use the `Cache-Control` header value for caching content locally in the browser. This setting overrides the addition of a `Cache-Control` header in responses.

client_caching_duration

(optional) The duration to cache content in the user's browser, specified in ISO 8601 extended format. Supported units: seconds, minutes, hours, days, weeks, months. The maximum value that can be set for any unit is `99`. Mixing of multiple units is not supported. Only applies when the `action` is set to `CACHE`. Example: `PT1H`

criteria

(required) The array of the rule criteria with condition and value. The caching rule would be applied for the requests that matched any of the listed conditions.

url

(required) The unique URL path at which to show the CAPTCHA challenge.

session_expiration_in_seconds

(required) The amount of time before the CAPTCHA expires, in seconds. If unspecified, defaults to `300`.

title

(required) The title used when displaying a CAPTCHA challenge. If unspecified, defaults to `Are you human?`

header_text

(optional) The text to show in the header when showing a CAPTCHA challenge. If unspecified, defaults to 'We have detected an increased number of attempts to access this website. To help us keep this site secure, please let us know that you are not a robot by entering the text from the image below.'

footer_text

(optional) The text to show in the footer when showing a CAPTCHA challenge. If unspecified, defaults to 'Enter the letters and numbers as they are shown in the image above.'

failure_message

(required) The text to show when incorrect CAPTCHA text is entered. If unspecified, defaults to `The CAPTCHA was incorrect. Try again.`

submit_label

(required) The text to show on the label of the CAPTCHA challenge submit button. If unspecified, defaults to `Yes, I am human`.

country

(optional) ISO 3166-1 alpha-2 code of the country where the organization is located. For a list of codes, see ISO's website.

state_province

(optional) The province where the organization is located.

locality

(optional) The city in which the organization is located.

organization

(optional) The organization name.

organizational_unit

(optional) The field to differentiate between divisions within an organization.

common_name

(optional) The fully qualified domain name used for DNS lookups of the server.

email_address

(optional) The email address of the server's administrator.

country

(optional) ISO 3166-1 alpha-2 code of the country where the organization is located. For a list of codes, see ISO's website.

state_province

(optional) The province where the organization is located.

locality

(optional) The city in which the organization is located.

organization

(optional) The organization name.

organizational_unit

(optional) The field to differentiate between divisions within an organization.

common_name

(optional) The Certificate Authority (CA) name.

email_address

(optional) The email address of the server's administrator.

algorithm

(optional) The algorithm identifier and parameters for the public key.

exponent

(optional) The private key exponent.

key_size

(optional) The number of bits in a key used by a cryptographic algorithm.

name

(optional) The certificate extension name.

is_critical

(optional) The critical flag of the extension. Critical extensions must be processed, non-critical extensions can be ignored.

value

(optional) The certificate extension value.

id

(required) The OCID of the certificate.

compartment_id

(required) The OCID of the certificate's compartment.

display_name

(required) The user-friendly name of the certificate.

issued_by

(optional)

subject_name

(optional)

issuer_name

(optional)

serial_number

(required) A unique, positive integer assigned by the Certificate Authority (CA). The issuer name and serial number identify a unique certificate.

version

(required) The version of the encoded certificate.

signature_algorithm

(required) The identifier for the cryptographic algorithm used by the Certificate Authority (CA) to sign this certificate.

time_not_valid_before

(required) The date and time the certificate will become valid, expressed in RFC 3339 timestamp format.

time_not_valid_after

(required) The date and time the certificate will expire, expressed in RFC 3339 timestamp format.

public_key_info

(optional)

extensions

(optional) Additional attributes associated with users or public keys for managing relationships between Certificate Authorities.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

lifecycle_state

(optional) The current lifecycle state of the SSL certificate.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the certificate was created, expressed in RFC 3339 timestamp format.

is_trust_verification_disabled

(optional) This indicates whether trust verification was disabled during the creation of SSL certificate. If `true` SSL certificate trust verification was disabled and this SSL certificate is most likely self-signed.

certificate_data

(optional) The data of the SSL certificate.

id

(optional) The OCID of the SSL certificate.

compartment_id

(optional) The OCID of the SSL certificate's compartment.

display_name

(optional) The user-friendly name of the SSL certificate.

time_not_valid_after

(optional) The date and time the certificate will expire, expressed in RFC 3339 timestamp format.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

lifecycle_state

(optional) The current lifecycle state of the certificate.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the certificate was created, in the format defined by RFC3339.

compartment_id

(required) The OCID of the compartment into which the resource should be moved. For information about moving resources between compartments, see Moving Resources to a Different Compartment.

compartment_id

(required) The OCID of the compartment into which the resource should be moved. For information about moving resources between compartments, see Moving Resources to a Different Compartment.

compartment_id

(required) The OCID of the compartment into which the resource should be moved. For information about moving resources between compartments, see Moving Resources to a Different Compartment.

compartment_id

(required) The OCID of the compartment into which the resource should be moved.

compartment_id

(required) The OCID of the compartment into which the resource should be moved. For information about moving resources between compartments, see Moving Resources to a Different Compartment.

compartment_id

(required) The OCID of the compartment in which to create the address list.

display_name

(required) A user-friendly name for the address list.

addresses

(required) A list of IP addresses or CIDR notations.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

compartment_id

(required) The OCID of the compartment in which to create the SSL certificate.

display_name

(optional) A user-friendly name for the SSL certificate. The name can be changed and does not need to be unique.

certificate_data

(required) The data of the SSL certificate. **Note:** Many SSL certificate providers require an intermediate certificate chain to ensure a trusted status. If your SSL certificate requires an intermediate certificate chain, please append the intermediate certificate key in the `certificateData` field after the leaf certificate issued by the SSL certificate provider. If you are unsure if your certificate requires an intermediate certificate chain, see your certificate provider's documentation. The example below shows an intermediate certificate appended to a leaf certificate.

private_key_data

(required) The private key of the SSL certificate.

is_trust_verification_disabled

(optional) Set to `true` if the SSL certificate is self-signed.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

compartment_id

(required) The OCID of the compartment in which to create the custom protection rule.

display_name

(required) A user-friendly name for the custom protection rule.

description

(optional) A description for the Custom Protection rule.

template

(required) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language. Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule. `id: {{id_1}}` - This field is populated with a unique rule ID generated by the WAF service which identifies a `SecRule`. More than one `SecRule` can be defined in the `template` field of a CreateCustomSecurityRule call. The value of the first `SecRule` must be `id: {{id_1}}` and the `id` field of each subsequent `SecRule` should increase by one, as shown in the example. `ctl:ruleEngine={{mode}}` - The action to be taken when the criteria of the `SecRule` are met, either `OFF`, `DETECT` or `BLOCK`. This field is automatically populated with the corresponding value of the `action` field of the `CustomProtectionRuleSetting` schema when the `WafConfig` is updated. *Example:* ``` SecRule REQUEST_COOKIES \"regex matching SQL injection - part 1/2\" \\ \"phase:2, \\ msg:'Detects chained SQL injection attempts 1/2.', \\ id: {{id_1}}, \\ ctl:ruleEngine={{mode}}, \\ deny\" SecRule REQUEST_COOKIES \"regex matching SQL injection - part 2/2\" \\ \"phase:2, \\ msg:'Detects chained SQL injection attempts 2/2.', \\ id: {{id_2}}, \\ ctl:ruleEngine={{mode}}, \\ deny\" ``` The example contains two `SecRules` each having distinct regex expression to match the `Cookie` header value during the second input analysis phase. For more information about custom protection rules, see Custom Protection Rules. For more information about ModSecurity syntax, see Making Rules: The Basic Syntax. For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

protocol

(required) The protocol used for the target, http or https.

Allowed values are: 'HTTP', 'HTTPS'

host

(required) The host portion of the redirect.

port

(optional) Port number of the target destination of the redirect, default to match protocol

path

(required) The path component of the target URL (e.g., \"/path/to/resource\" in \"https://target.example.com/path/to/resource?redirected\"), which can be empty, static, or request-copying, or request-prefixing. Use of \\ is not permitted except to escape a following \\, {, or }. An empty value is treated the same as static \"/\". A static value must begin with a leading \"/\", optionally followed by other path characters. A request-copying value must exactly match \"{path}\", and will be replaced with the path component of the request URL (including its initial \"/\"). A request-prefixing value must start with \"/\" and end with a non-escaped \"{path}\", which will be replaced with the path component of the request URL (including its initial \"/\"). Only one such replacement token is allowed.

query

(required) The query component of the target URL (e.g., \"?redirected\" in \"https://target.example.com/path/to/resource?redirected\"), which can be empty, static, or request-copying. Use of \\ is not permitted except to escape a following \\, {, or }. An empty value results in a redirection target URL with no query component. A static value must begin with a leading \"?\", optionally followed by other query characters. A request-copying value must exactly match \"{query}\", and will be replaced with the query component of the request URL (including a leading \"?\" if and only if the request URL includes a query component).

compartment_id

(required) The OCID of the HTTP Redirects compartment.

display_name

(optional) The user-friendly name of the HTTP Redirect. The name can be changed and does not need to be unique.

domain

(required) The domain from which traffic will be redirected.

target

(required) The redirect target object including all the redirect data.

response_code

(optional) The response code returned for the redirect to the client. For more information, see RFC 7231.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

name

(required) The name of the header.

value

(required) The value of the header.

uri

(required) The URI of the origin. Does not support paths. Port numbers should be specified in the `httpPort` and `httpsPort` fields.

http_port

(optional) The HTTP port on the origin that the web application listens on. If unspecified, defaults to `80`. If `0` is specified - the origin is not used for HTTP traffic.

https_port

(optional) The HTTPS port on the origin that the web application listens on. If unspecified, defaults to `443`. If `0` is specified - the origin is not used for HTTPS traffic.

custom_headers

(optional) A list of HTTP headers to forward to your origin.

origin

(optional) The IP address or CIDR notation of the origin server.

weight

(optional) The weight of the origin used in load balancing. Origins with higher weights will receive larger proportions of client requests.

origins

(optional) The list of objects containing origin references and additional properties.

method

(required) Load balancing methods are algorithms used to efficiently distribute traffic among origin servers. - **IP_HASH:** All the incoming requests from the same client IP address should go to the same content origination server. IP_HASH load balancing method uses origin weights when choosing which origin should the hash be assigned to initially. - **ROUND_ROBIN:** Forwards requests sequentially to the available origin servers. The first request - to the first origin server, the second request - to the next origin server, and so on. After it sends a request to the last origin server, it starts again with the first origin server. When using weights on origins, Weighted Round Robin assigns more requests to origins with a greater weight. Over a period of time, origins will receive a number of requests in proportion to their weight. - **STICKY_COOKIE:** Adds a session cookie to the first response from the origin server and identifies the server that sent the response. The client's next request contains the cookie value, and nginx routes the request to the origin server that responded to the first request. STICKY_COOKIE load balancing method falls back to Round Robin for the first request.

Allowed values are: 'IP_HASH', 'ROUND_ROBIN', 'STICKY_COOKIE'

is_enabled

(optional) Enables or disables the health checks.

method

(optional) An HTTP verb (i.e. HEAD, GET, or POST) to use when performing the health check.

Allowed values are: 'GET', 'HEAD', 'POST'

path

(optional) Path to visit on your origins when performing the health check.

headers

(optional) HTTP header fields to include in health check requests, expressed as `\"name\": \"value\"` properties. Because HTTP header field names are case-insensitive, any use of names that are case-insensitive equal to other names will be rejected. If Host is not specified, requests will include a Host header field with value matching the policy's protected domain. If User-Agent is not specified, requests will include a User-Agent header field with value \"waf health checks\". **Note:** The only currently-supported header fields are Host and User-Agent.

expected_response_code_group

(optional) The HTTP response codes that signify a healthy state. - **2XX:** Success response code group. - **3XX:** Redirection response code group. - **4XX:** Client errors response code group. - **5XX:** Server errors response code group.

Allowed values are: '2XX', '3XX', '4XX', '5XX'

is_response_text_check_enabled

(optional) Enables or disables additional check for predefined text in addition to response code.

expected_response_text

(optional) Health check will search for the given text in a case-sensitive manner within the response body and will fail if the text is not found.

interval_in_seconds

(optional) Time between health checks of an individual origin server, in seconds.

timeout_in_seconds

(optional) Response timeout represents wait time until request is considered failed, in seconds.

healthy_threshold

(optional) Number of successful health checks after which the server is marked up.

unhealthy_threshold

(optional) Number of failed health checks after which the server is marked down.

certificate_id

(optional) The OCID of the SSL certificate to use if HTTPS is supported.

is_https_enabled

(optional) Enable or disable HTTPS support. If true, a `certificateId` is required. If unspecified, defaults to `false`.

is_https_forced

(optional) Force HTTP to HTTPS redirection. If unspecified, defaults to `false`.

tls_protocols

(optional) A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted. - **TLS_V1:** corresponds to TLS 1.0 specification. - **TLS_V1_1:** corresponds to TLS 1.1 specification. - **TLS_V1_2:** corresponds to TLS 1.2 specification. - **TLS_V1_3:** corresponds to TLS 1.3 specification. Enabled TLS protocols must go in a row. For example if `TLS_v1_1` and `TLS_V1_3` are enabled, `TLS_V1_2` must be enabled too.

Allowed values are: 'TLS_V1', 'TLS_V1_1', 'TLS_V1_2', 'TLS_V1_3'

is_origin_compression_enabled

(optional) Enable or disable GZIP compression of origin responses. If enabled, the header `Accept-Encoding: gzip` is sent to origin, otherwise, the empty `Accept-Encoding:` header is used.

is_behind_cdn

(optional) Enabling `isBehindCdn` allows for the collection of IP addresses from client requests if the WAF is connected to a CDN.

client_address_header

(optional) Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if `isBehindCdn` is enabled. The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address. Example: `X-Client-Ip: 11.1.1.1, 13.3.3.3` In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing. - **X_FORWARDED_FOR:** Corresponds to `X-Forwarded-For` header name. - **X_CLIENT_IP:** Corresponds to `X-Client-Ip` header name. - **X_REAL_IP:** Corresponds to `X-Real-Ip` header name. - **CLIENT_IP:** Corresponds to `Client-Ip` header name. - **TRUE_CLIENT_IP:** Corresponds to `True-Client-Ip` header name.

Allowed values are: 'X_FORWARDED_FOR', 'X_CLIENT_IP', 'X_REAL_IP', 'CLIENT_IP', 'TRUE_CLIENT_IP'

is_cache_control_respected

(optional) Enable or disable automatic content caching based on the response `cache-control` header. This feature enables the origin to act as a proxy cache. Caching is usually defined using `cache-control` header. For example `cache-control: max-age=120` means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.

is_response_buffering_enabled

(optional) Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

cipher_group

(optional) The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only. - **DEFAULT:** Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: `ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA`

Allowed values are: 'DEFAULT'

load_balancing_method

(optional) An object that represents a load balancing method and its properties.

websocket_path_prefixes

(optional) ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of `websocketPathPrefixes` array value. In All other cases challenges, like JSC, HIC and etc., remain active.

is_sni_enabled

(optional) SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port.

health_checks

(optional)

is_enabled

(required) Enables or disables the device fingerprint challenge Web Application Firewall feature.

action

(optional) The action to take on requests from detected bots. If unspecified, defaults to `DETECT`.

Allowed values are: 'DETECT', 'BLOCK'

failure_threshold

(optional) The number of failed requests allowed before taking action. If unspecified, defaults to `10`.

action_expiration_in_seconds

(optional) The number of seconds between challenges for the same IP address. If unspecified, defaults to `60`.

failure_threshold_expiration_in_seconds

(optional) The number of seconds before the failure threshold resets. If unspecified, defaults to `60`.

max_address_count

(optional) The maximum number of IP addresses permitted with the same device fingerprint. If unspecified, defaults to `20`.

max_address_count_expiration_in_seconds

(optional) The number of seconds before the maximum addresses count resets. If unspecified, defaults to `60`.

challenge_settings

(optional)

is_enabled

(required) Enables or disables the human interaction challenge Web Application Firewall feature.

action

(optional) The action to take against requests from detected bots. If unspecified, defaults to `DETECT`.

Allowed values are: 'DETECT', 'BLOCK'

failure_threshold

(optional) The number of failed requests before taking action. If unspecified, defaults to `10`.

action_expiration_in_seconds

(optional) The number of seconds between challenges for the same IP address. If unspecified, defaults to `60`.

failure_threshold_expiration_in_seconds

(optional) The number of seconds before the failure threshold resets. If unspecified, defaults to `60`.

interaction_threshold

(optional) The number of interactions required to pass the challenge. If unspecified, defaults to `3`.

recording_period_in_seconds

(optional) The number of seconds to record the interactions from the user. If unspecified, defaults to `15`.

set_http_header

(optional) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the `action` is set to `DETECT`.

challenge_settings

(optional)

is_nat_enabled

(optional) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.

is_enabled

(required) Enables or disables the JavaScript challenge Web Application Firewall feature.

action

(optional) The action to take against requests from detected bots. If unspecified, defaults to `DETECT`.

Allowed values are: 'DETECT', 'BLOCK'

failure_threshold

(optional) The number of failed requests before taking action. If unspecified, defaults to `10`.

action_expiration_in_seconds

(optional) The number of seconds between challenges from the same IP address. If unspecified, defaults to `60`.

set_http_header

(optional) Adds an additional HTTP header to requests that fail the challenge before being passed to the origin. Only applicable when the `action` is set to `DETECT`.

challenge_settings

(optional)

are_redirects_challenged

(optional) When enabled, redirect responses from the origin will also be challenged. This will change HTTP 301/302 responses from origin to HTTP 200 with an HTML body containing JavaScript page redirection.

criteria

(optional) When defined, the JavaScript Challenge would be applied only for the requests that matched all the listed conditions.

is_nat_enabled

(optional) When enabled, the user is identified not only by the IP address but also by an unique additional hash, which prevents blocking visitors with shared IP addresses.

target

(optional) The target of the exclusion.

Allowed values are: 'REQUEST_COOKIES', 'REQUEST_COOKIE_NAMES', 'ARGS', 'ARGS_NAMES'

exclusions

(optional)

id

(optional) The OCID of the custom protection rule.

action

(optional) The action to take when the custom protection rule is triggered. `DETECT` - Logs the request when the criteria of the custom protection rule are met. `BLOCK` - Blocks the request when the criteria of the custom protection rule are met.

Allowed values are: 'DETECT', 'BLOCK'

exclusions

(optional)

block_action

(optional) If `action` is set to `BLOCK`, this specifies how the traffic is blocked when detected as malicious by a protection rule. If unspecified, defaults to `SET_RESPONSE_CODE`.

Allowed values are: 'SHOW_ERROR_PAGE', 'SET_RESPONSE_CODE'

block_response_code

(optional) The response code returned when `action` is set to `BLOCK`, `blockAction` is set to `SET_RESPONSE_CODE`, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to `403`. The list of available response codes: `400`, `401`, `403`, `405`, `409`, `411`, `412`, `413`, `414`, `415`, `416`, `500`, `501`, `502`, `503`, `504`, `507`.

block_error_page_message

(optional) The message to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to 'Access to the website is blocked.'

block_error_page_code

(optional) The error code to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to `403`.

block_error_page_description

(optional) The description text to show on the error page when `action` is set to `BLOCK`, `blockAction` is set to `SHOW_ERROR_PAGE`, and the traffic is detected as malicious by a protection rule. If unspecified, defaults to `Access blocked by website owner. Please contact support.`

max_argument_count

(optional) The maximum number of arguments allowed to be passed to your application before an action is taken. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to `255`. This setting only applies if a corresponding protection rule is enabled, such as the \"Number of Arguments Limits\" rule (key: 960335). Example: If `maxArgumentCount` to `2` for the Max Number of Arguments protection rule (key: 960335), the following requests would be blocked: `GET /myapp/path?query=one&query=two&query=three` `POST /myapp/path` with Body `{\"argument1\":\"one\",\"argument2\":\"two\",\"argument3\":\"three\"}`

max_name_length_per_argument

(optional) The maximum length allowed for each argument name, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to `400`. This setting only applies if a corresponding protection rule is enabled, such as the \"Values Limits\" rule (key: 960208).

max_total_name_length_of_arguments

(optional) The maximum length allowed for the sum of the argument name and value, in characters. Arguements are query parameters or body parameters in a PUT or POST request. If unspecified, defaults to `64000`. This setting only applies if a corresponding protection rule is enabled, such as the \"Total Arguments Limits\" rule (key: 960341).

recommendations_period_in_days

(optional) The length of time to analyze traffic traffic, in days. After the analysis period, `WafRecommendations` will be populated. If unspecified, defaults to `10`. Use `GET /waasPolicies/{waasPolicyId}/wafRecommendations` to view WAF recommendations.

is_response_inspected

(optional) Inspects the response body of origin responses. Can be used to detect leakage of sensitive data. If unspecified, defaults to `false`. **Note:** Only origin responses with a Content-Type matching a value in `mediaTypes` will be inspected.

max_response_size_in_ki_b

(optional) The maximum response size to be fully inspected, in binary kilobytes (KiB). Anything over this limit will be partially inspected. If unspecified, defaults to `1024`.

allowed_http_methods

(optional) The list of allowed HTTP methods. If unspecified, default to `[OPTIONS, GET, HEAD, POST]`. This setting only applies if a corresponding protection rule is enabled, such as the \"Restrict HTTP Request Methods\" rule (key: 911100).

Allowed values are: 'OPTIONS', 'GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'TRACE', 'CONNECT', 'PATCH', 'PROPFIND'

media_types

(optional) The list of media types to allow for inspection, if `isResponseInspected` is enabled. Only responses with MIME types in this list will be inspected. If unspecified, defaults to `[\"text/html\", \"text/plain\", \"text/xml\"]`. Supported MIME types include: - text/html - text/plain - text/asp - text/css - text/x-script - application/json - text/webviewhtml - text/x-java-source - application/x-javascript - application/javascript - application/ecmascript - text/javascript - text/ecmascript - text/x-script.perl - text/x-script.phyton - application/plain - application/xml - text/xml

name

(required) The unique name of the whitelist.

addresses

(optional) A set of IP addresses or CIDR notations to include in the whitelist.

address_lists

(optional) A list of OCID of IP address lists to include in the whitelist.

access_rules

(optional) The access rules applied to the Web Application Firewall. Access rules allow custom content access policies to be defined and `ALLOW`, `DETECT`, or `BLOCK` actions to be taken on a request when specified criteria are met.

address_rate_limiting

(optional) The settings used to limit the number of requests from an IP address.

captchas

(optional) A list of CAPTCHA challenge settings. CAPTCHAs challenge requests to ensure a human is attempting to reach the specified URL and not a bot.

device_fingerprint_challenge

(optional) The device fingerprint challenge settings. Blocks bots based on unique device fingerprint information.

human_interaction_challenge

(optional) The human interaction challenge settings. Detects natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.

js_challenge

(optional) The JavaScript challenge settings. Blocks bots by challenging requests from browsers that have no JavaScript support.

origin

(optional) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in `Origins`. Required when creating the `WafConfig` resource, but is not required upon updating the configuration.

caching_rules

(optional) A list of caching rules applied to the web application.

custom_protection_rules

(optional) A list of the custom protection rule OCIDs and their actions.

origin_groups

(optional) The map of origin groups and their keys used to associate origins to the `wafConfig`. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the `origins` field of a `UpdateWaasPolicy` request.

protection_settings

(optional) The settings applied to protection rules.

whitelists

(optional) A list of IP addresses that bypass the Web Application Firewall.

compartment_id

(required) The OCID of the compartment in which to create the WAAS policy.

display_name

(optional) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.

domain

(required) The web application domain that the WAAS policy protects.

additional_domains

(optional) An array of additional domains for the specified web application.

origins

(optional) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.

origin_groups

(optional) The map of origin groups and their keys used to associate origins to the `wafConfig`. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the `origins` field of a `UpdateWaasPolicy` request.

policy_config

(optional)

waf_config

(optional)

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

id

(optional) The OCID of the custom protection rule.

compartment_id

(optional) The OCID of the custom protection rule's compartment.

display_name

(optional) The user-friendly name of the custom protection rule.

description

(optional) The description of the custom protection rule.

mod_security_rule_ids

(optional) The auto-generated ID for the custom protection rule. These IDs are referenced in logs.

template

(optional) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language. Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule. `id: {{id_1}}` - This field is populated with a unique rule ID generated by the WAF service which identifies a `SecRule`. More than one `SecRule` can be defined in the `template` field of a CreateCustomSecurityRule call. The value of the first `SecRule` must be `id: {{id_1}}` and the `id` field of each subsequent `SecRule` should increase by one, as shown in the example. `ctl:ruleEngine={{mode}}` - The action to be taken when the criteria of the `SecRule` are met, either `OFF`, `DETECT` or `BLOCK`. This field is automatically populated with the corresponding value of the `action` field of the `CustomProtectionRuleSetting` schema when the `WafConfig` is updated. *Example:* ``` SecRule REQUEST_COOKIES \"regex matching SQL injection - part 1/2\" \\ \"phase:2, \\ msg:'Detects chained SQL injection attempts 1/2.', \\ id: {{id_1}}, \\ ctl:ruleEngine={{mode}}, \\ deny\" SecRule REQUEST_COOKIES \"regex matching SQL injection - part 2/2\" \\ \"phase:2, \\ msg:'Detects chained SQL injection attempts 2/2.', \\ id: {{id_2}}, \\ ctl:ruleEngine={{mode}}, \\ deny\" ``` The example contains two `SecRules` each having distinct regex expression to match the `Cookie` header value during the second input analysis phase. For more information about custom protection rules, see Custom Protection Rules. For more information about ModSecurity syntax, see Making Rules: The Basic Syntax. For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.

lifecycle_state

(optional) The current lifecycle state of the custom protection rule.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the protection rule was created, expressed in RFC 3339 timestamp format.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

id

(optional) The OCID of the custom protection rule.

compartment_id

(optional) The OCID of the custom protection rule's compartment.

display_name

(optional) The user-friendly name of the custom protection rule.

mod_security_rule_ids

(optional) The auto-generated ID for the custom protection rule. These IDs are referenced in logs.

lifecycle_state

(optional) The current lifecycle state of the custom protection rule.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the protection rule was created, expressed in RFC 3339 timestamp format.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

cidr

(optional) An edge node subnet. This can include /24 or /8 addresses.

time_modified

(optional) The date and time the last change was made to the indicated edge node subnet, expressed in RFC 3339 timestamp format.

l_region

(optional) The name of the region containing the indicated subnet.

code

(required)

message

(required)

header

(required) A header field name that conforms to RFC 7230. Example: `example_header_name`

value

(required) A header field value that conforms to RFC 7230. Example: `example_value`

key

(required) The unique key for the bot.

name

(optional) The bot name.

is_enabled

(required) Enables or disables the bot.

description

(optional) The description of the bot.

id

(optional) The OCID of the HTTP Redirect.

compartment_id

(optional) The OCID of the HTTP Redirect's compartment.

display_name

(optional) The user-friendly name of the HTTP Redirect. The name can be changed and does not need to be unique.

domain

(optional) The domain from which traffic will be redirected.

target

(optional) The redirect target object including all the redirect data.

response_code

(optional) The response code returned for the redirect to the client. For more information, see RFC 7231.

time_created

(optional) The date and time the policy was created, expressed in RFC 3339 timestamp format.

lifecycle_state

(optional) The current lifecycle state of the HTTP Redirect.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

id

(optional) The OCID of the HTTP Redirect.

compartment_id

(optional) The OCID of the HTTP Redirect's compartment.

display_name

(optional) The user-friendly name of the HTTP Redirect. The name can be changed and does not need to be unique.

domain

(optional) The domain from which traffic will be redirected.

target

(optional) The redirect target object including all the redirect data.

response_code

(optional) The response code returned for the redirect to the client. For more information, see RFC 7231.

lifecycle_state

(optional) The current lifecycle state of the HTTP Redirect.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the policy was created, expressed in RFC 3339 timestamp format.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

key

(optional) The unique key of the protection rule.

mod_security_rule_ids

(optional) The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.

name

(optional) The name of the protection rule.

description

(optional) The description of the protection rule.

action

(optional) The action to take when the traffic is detected as malicious. If unspecified, defaults to `OFF`.

Allowed values are: 'OFF', 'DETECT', 'BLOCK'

labels

(optional) The list of labels for the protection rule. **Note:** Protection rules with a `ResponseBody` label will have no effect unless `isResponseInspected` is true.

exclusions

(optional)

key

(required) The unique key of the protection rule.

action

(required) The action to apply to the protection rule. If unspecified, defaults to `OFF`.

Allowed values are: 'OFF', 'DETECT', 'BLOCK'

exclusions

(optional) The types of requests excluded from the protection rule action. If the requests matches the criteria in the `exclusions`, the protection rule action will not be executed.

resources

(optional) A resource to purge, specified by either a hostless absolute path starting with a single slash (Example: `/path/to/resource`) or by a relative path in which the first component will be interpreted as a domain protected by the WAAS policy (Example: `example.com/path/to/resource`).

key

(optional) The unique key for the recommended protection rule.

mod_security_rule_ids

(optional) The list of the ModSecurity rule IDs associated with the protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.

name

(optional) The name of the recommended protection rule.

description

(optional) The description of the recommended protection rule.

labels

(optional) The list of labels for the recommended protection rule.

recommended_action

(optional) The recommended action to apply to the protection rule.

header

(required) A header field name that conforms to RFC 7230. Example: `example_header_name`

name

(optional) The name of the cookie used to track the persistence. Can contain any US-ASCII character except separator or control character.

domain

(optional) The domain for which the cookie is set, defaults to WAAS policy domain.

expiration_time_in_seconds

(optional) The time for which a browser should keep the cookie in seconds. Empty value will cause the cookie to expire at the end of a browser session.

key

(optional) The unique key of the threat intelligence feed.

name

(optional) The name of the threat intelligence feed.

action

(optional) The action to take when traffic is flagged as malicious by data from the threat intelligence feed. If unspecified, defaults to `OFF`.

Allowed values are: 'OFF', 'DETECT', 'BLOCK'

description

(optional) The description of the threat intelligence feed.

key

(required) The unique key of the object for which the action applies.

action

(required) The selected action. If unspecified, defaults to `OFF`.

Allowed values are: 'OFF', 'DETECT', 'BLOCK'

display_name

(optional) A user-friendly name for the address list.

addresses

(optional) A list of IP addresses or CIDR notations.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

display_name

(optional) A user-friendly name for the SSL certificate. The name can be changed and does not need to be unique.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

display_name

(optional) A user-friendly name for the custom protection rule.

description

(optional) A description for the custom protection rule.

template

(optional) The template text of the custom protection rule. All custom protection rules are expressed in ModSecurity Rule Language. Additionally, each rule must include two placeholder variables that are updated by the WAF service upon publication of the rule. `id: {{id_1}}` - This field is populated with a unique rule ID generated by the WAF service which identifies a `SecRule`. More than one `SecRule` can be defined in the `template` field of a CreateCustomSecurityRule call. The value of the first `SecRule` must be `id: {{id_1}}` and the `id` field of each subsequent `SecRule` should increase by one, as shown in the example. `ctl:ruleEngine={{mode}}` - The action to be taken when the criteria of the `SecRule` are met, either `OFF`, `DETECT` or `BLOCK`. This field is automatically populated with the corresponding value of the `action` field of the `CustomProtectionRuleSetting` schema when the `WafConfig` is updated. *Example:* ``` SecRule REQUEST_COOKIES \"regex matching SQL injection - part 1/2\" \\ \"phase:2, \\ msg:'Detects chained SQL injection attempts 1/2.', \\ id: {{id_1}}, \\ ctl:ruleEngine={{mode}}, \\ deny\" SecRule REQUEST_COOKIES \"regex matching SQL injection - part 2/2\" \\ \"phase:2, \\ msg:'Detects chained SQL injection attempts 2/2.', \\ id: {{id_2}}, \\ ctl:ruleEngine={{mode}}, \\ deny\" ``` The example contains two `SecRules` each having distinct regex expression to match the `Cookie` header value during the second input analysis phase. For more information about custom protection rules, see Custom Protection Rules. For more information about ModSecurity syntax, see Making Rules: The Basic Syntax. For more information about ModSecurity's open source WAF rules, see Mod Security's OWASP Core Rule Set documentation.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

display_name

(optional) The user-friendly name of the HTTP Redirect. The name can be changed and does not need to be unique.

target

(optional) The redirect target object including all the redirect data.

response_code

(optional) The response code returned for the redirect to the client. For more information, see RFC 7231.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

access_rules

(optional) The access rules applied to the Web Application Firewall. Used for defining custom access policies with the combination of `ALLOW`, `DETECT`, and `BLOCK` rules, based on different criteria.

address_rate_limiting

(optional) The IP address rate limiting settings used to limit the number of requests from an address.

captchas

(optional) A list of CAPTCHA challenge settings. These are used to challenge requests with a CAPTCHA to block bots.

device_fingerprint_challenge

(optional) The device fingerprint challenge settings. Used to detect unique devices based on the device fingerprint information collected in order to block bots.

good_bots

(optional) A list of bots allowed to access the web application.

human_interaction_challenge

(optional) The human interaction challenge settings. Used to look for natural human interactions such as mouse movements, time on site, and page scrolling to identify bots.

js_challenge

(optional) The JavaScript challenge settings. Used to challenge requests with a JavaScript challenge and take the action if a browser has no JavaScript support in order to block bots.

origin

(optional) The key in the map of origins referencing the origin used for the Web Application Firewall. The origin must already be included in `Origins`. Required when creating the `WafConfig` resource, but not on update.

caching_rules

(optional) A list of caching rules applied to the web application.

custom_protection_rules

(optional) A list of the custom protection rule OCIDs and their actions.

origin_groups

(optional) The map of origin groups and their keys used to associate origins to the `wafConfig`. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the `origins` field of a `UpdateWaasPolicy` request.

protection_rules

(optional) A list of the protection rules and their details.

protection_settings

(optional) The settings to apply to protection rules.

threat_feeds

(optional) A list of threat intelligence feeds and the actions to apply to known malicious traffic based on internet intelligence.

whitelists

(optional) A list of IP addresses that bypass the Web Application Firewall.

display_name

(optional) A user-friendly name for the WAAS policy. The name can be changed and does not need to be unique.

additional_domains

(optional) An array of additional domains protected by this WAAS policy.

origins

(optional) A map of host to origin for the web application. The key should be a customer friendly name for the host, ex. primary, secondary, etc.

origin_groups

(optional) The map of origin groups and their keys used to associate origins to the `wafConfig`. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests. To add additional origins to your WAAS policy, update the `origins` field of a `UpdateWaasPolicy` request.

policy_config

(optional)

waf_config

(optional)

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

id

(optional) The OCID of the WAAS policy.

compartment_id

(optional) The OCID of the WAAS policy's compartment.

display_name

(optional) The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.

domain

(optional) The web application domain that the WAAS policy protects.

additional_domains

(optional) An array of additional domains for this web application.

cname

(optional) The CNAME record to add to your DNS configuration to route traffic for the domain, and all additional domains, through the WAF.

lifecycle_state

(optional) The current lifecycle state of the WAAS policy.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the policy was created, expressed in RFC 3339 timestamp format.

origins

(optional) A map of host servers (origins) and their keys for the web application. Origin keys are used to associate origins to specific protection rules. The key should be a user-friendly name for the host. **Examples:** `primary` or `secondary`.

origin_groups

(optional) The map of origin groups and their keys used to associate origins to the `wafConfig`. Origin groups allow you to apply weights to groups of origins for load balancing purposes. Origins with higher weights will receive larger proportions of client requests.

policy_config

(optional)

waf_config

(optional)

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

id

(optional) The OCID of the custom protection rule.

display_name

(optional) The user-friendly name of the custom protection rule.

action

(optional) The action to take when the custom protection rule is triggered. `DETECT` - Logs the request when the criteria of the custom protection rule are met. `BLOCK` - Blocks the request when the criteria of the custom protection rule are met.

Allowed values are: 'DETECT', 'BLOCK'

mod_security_rule_ids

(optional) The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.

exclusions

(optional)

id

(optional) The OCID of the WAAS policy.

compartment_id

(optional) The OCID of the WAAS policy's compartment.

display_name

(optional) The user-friendly name of the WAAS policy. The name can be changed and does not need to be unique.

domain

(optional) The web application domain that the WAAS policy protects.

lifecycle_state

(optional) The current lifecycle state of the WAAS policy.

Allowed values are: 'CREATING', 'ACTIVE', 'FAILED', 'UPDATING', 'DELETING', 'DELETED'

time_created

(optional) The date and time the policy was created, expressed in RFC 3339 timestamp format.

freeform_tags

(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}`

defined_tags

(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}`

time_observed

(optional) The date and time the blocked requests were observed, expressed in RFC 3339 timestamp format.

time_range_in_seconds

(optional) The number of seconds the data covers.

waf_feature

(optional) The specific Web Application Firewall feature that blocked the requests, such as JavaScript Challenge or Access Control.

Allowed values are: 'PROTECTION_RULES', 'JS_CHALLENGE', 'ACCESS_RULES', 'THREAT_FEEDS', 'HUMAN_INTERACTION_CHALLENGE', 'DEVICE_FINGERPRINT_CHALLENGE', 'CAPTCHA', 'ADDRESS_RATE_LIMITING'

l_count

(optional) The count of blocked requests.

action

(optional) The action taken on the request, either `ALLOW`, `DETECT`, or `BLOCK`.

captcha_action

(optional) The CAPTCHA action taken on the request, `ALLOW` or `BLOCK`. For more information about CAPTCHAs, see `UpdateCaptchas`.

captcha_expected

(optional) The CAPTCHA challenge answer that was expected.

captcha_received

(optional) The CAPTCHA challenge answer that was received.

captcha_fail_count

(optional) The number of times the CAPTCHA challenge was failed.

client_address

(optional) The IPv4 address of the requesting client.

country_name

(optional) The name of the country where the request originated.

user_agent

(optional) The value of the request's `User-Agent` header field.

domain

(optional) The `Host` header data of the request.

protection_rule_detections

(optional) A map of protection rule keys to detection message details. Detections are requests that matched the criteria of a protection rule but the rule's action was set to `DETECT`.

http_method

(optional) The HTTP method of the request.

request_url

(optional) The path and query string of the request.

http_headers

(optional) The map of the request's header names to their respective values.

referrer

(optional) The `Referrer` header value of the request.

response_code

(optional) The status code of the response.

response_size

(optional) The size in bytes of the response.

incident_key

(optional) The incident key of a request. An incident key is generated for each request processed by the Web Application Firewall and is used to idenitfy blocked requests in applicable logs.

fingerprint

(optional) The hashed signature of the device's fingerprint. For more information, see `DeviceFingerPrintChallenge`.

device

(optional) The type of device that the request was made from.

country_code

(optional) ISO 3166-1 alpha-2 code of the country from which the request originated. For a list of codes, see ISO's website.

request_headers

(optional) A map of header names to values of the request sent to the origin, including any headers appended by the Web Application Firewall.

threat_feed_key

(optional) The `ThreatFeed` key that matched the request. For more information about threat feeds, see `UpdateThreatFeeds`.

access_rule_key

(optional) The `AccessRule` key that matched the request. For more information about access rules, see `UpdateAccessRules`.

address_rate_limiting_key

(optional) The `AddressRateLimiting` key that matched the request. For more information about address rate limiting, see `UpdateWafAddressRateLimiting`.

l_timestamp

(optional) The date and time the Web Application Firewall processed the request and logged it.

log_type

(optional) The type of log of the request. For more about log types, see Logs.

origin_address

(optional) The address of the origin server where the request was sent.

origin_response_time

(optional) The amount of time it took the origin server to respond to the request, in seconds.

time_observed

(optional) The date and time the traffic was observed, rounded down to the start of a range, and expressed in RFC 3339 timestamp format.

time_range_in_seconds

(optional) The number of seconds this data covers.

tenancy_id

(optional) The tenancy OCID of the data.

compartment_id

(optional) The compartment OCID of the data.

waas_policy_id

(optional) The policy OCID of the data.

is_oci_origin

(optional) True if origin (endpoint) is an OCI resource. False if external.

is_bot_enabled

(optional) True if bot manager is enabled.

request_count

(optional) The number of incoming requests.

traffic_in_bytes

(optional) Traffic in bytes.

tag_slug

(optional) The tag slug for the specified `waasPolicyId`.

time_observed

(optional) The date and time the traffic was observed, rounded down to the start of a range, and expressed in RFC 3339 timestamp format.

time_range_in_seconds

(optional) The number of seconds this data covers.

l_count

(optional) The total number of requests received in this time period.

time_observed

(optional) The date and time the traffic was observed, rounded down to the start of the range, and expressed in RFC 3339 timestamp format.

time_range_in_seconds

(optional) The number of seconds this data covers.

tenancy_id

(optional) The tenancy OCID of the data.

compartment_id

(optional) The compartment OCID of the data.

waas_policy_id

(optional) The policy OCID of the data.

traffic_in_bytes

(optional) Traffic in bytes.

action_type

(optional) How the work request affects the resource.

Allowed values are: 'IN_PROGRESS', 'CREATED', 'UPDATED', 'DELETED', 'RELATED', 'PURGED'

entity_type

(optional) The resource type the work request affects.

identifier

(optional) The OCID of the resource that the work request affects.

entity_uri

(optional) The URI path used while performing a `GET` to access the resource metadata.

message

(optional) The log message.

l_timestamp

(optional) The date and time the work request log event happend, expressed in RFC 3339 timestamp format.

code

(optional) A machine-usable code for the error that occurred.

message

(optional) The error message.

l_timestamp

(optional) The date and time the work request error happened, expressed in RFC 3339 timestamp format.

id

(required) The OCID of the work request.

operation_type

(required) A description of the operation requested by the work request.

Allowed values are: 'CREATE_WAAS_POLICY', 'UPDATE_WAAS_POLICY', 'DELETE_WAAS_POLICY', 'CREATE_HTTP_REDIRECT', 'UPDATE_HTTP_REDIRECT', 'DELETE_HTTP_REDIRECT', 'PURGE_WAAS_POLICY_CACHE', 'CREATE_CUSTOM_PROTECTION_RULE', 'UPDATE_CUSTOM_PROTECTION_RULE', 'DELETE_CUSTOM_PROTECTION_RULE'

status

(required) The current status of the work request.

Allowed values are: 'ACCEPTED', 'IN_PROGRESS', 'FAILED', 'SUCCEEDED', 'CANCELING', 'CANCELED'

compartment_id

(required) The OCID of the compartment that contains the work request.

resources

(optional) The resources being used to complete the work request operation.

percent_complete

(optional) The percentage of work completed by the work request.

logs

(optional) The list of log entries from the work request workflow.

errors

(optional) The list of errors that occurred while fulfilling the work request.

time_accepted

(required) The date and time the work request was created, in the format defined by RFC3339.

time_started

(required) The date and time the work request moved from the `ACCEPTED` state to the `IN_PROGRESS` state, expressed in RFC 3339 timestamp format.

time_finished

(required) The date and time the work request was fulfilled or terminated, expressed in RFC 3339 timestamp format.

id

(required) The OCID of the work request.

operation_type

(required) A description of the operation requested by the work request.

Allowed values are: 'CREATE_WAAS_POLICY', 'UPDATE_WAAS_POLICY', 'DELETE_WAAS_POLICY', 'CREATE_HTTP_REDIRECT', 'UPDATE_HTTP_REDIRECT', 'DELETE_HTTP_REDIRECT', 'PURGE_WAAS_POLICY_CACHE', 'CREATE_CUSTOM_PROTECTION_RULE', 'UPDATE_CUSTOM_PROTECTION_RULE', 'DELETE_CUSTOM_PROTECTION_RULE'

status

(required) The current status of the work request.

Allowed values are: 'ACCEPTED', 'IN_PROGRESS', 'FAILED', 'SUCCEEDED', 'CANCELING', 'CANCELED'

compartment_id

(required) The OCID of the compartment that contains the work request.

resources

(optional) The resources being used to complete the work request operation.

percent_complete

(optional) The percentage of work completed by the work request.

time_accepted

(required) The date and time the work request was created, expressed in RFC 3339 timestamp format.

time_started

(required) The date and time the work request moved from the `ACCEPTED` state to the `IN_PROGRESS` state, expressed in RFC 3339 timestamp format.

time_finished

(required) The date and time the work request was fulfilled or terminated, in the format defined by RFC3339.