yandex_sws_waf_profile (Data Source)

Get information about WAF Profile. For more information, see the official documentation.
This data source is used to define WAF Profile that can be used by other resources.

Example usageExample usage

//
// Get information about existing SWS WAF Profile.
//
data "yandex_sws_waf_profile" "by-id" {
  waf_profile_id = yandex_sws_waf_profile.my-profile.id
}

data "yandex_sws_waf_profile" "by-name" {
  name = yandex_sws_waf_profile.my-profile.name
}

SchemaSchema

OptionalOptional

• cloud_id (String) The Cloud ID which resource belongs to. If it is not provided, the default provider cloud-id is used.
• folder_id (String) The folder identifier that resource belongs to. If it is not provided, the default provider folder-id is used.
• name (String) Name of waf profile.
• waf_profile_id (String) ID of the WAF profile.

Read-OnlyRead-Only

• analyze_request_body (List of Object) Analyze request body. (see below for nested schema)
• core_rule_set (List of Object) Core rule set. (see below for nested schema)
• created_at (String) The creation timestamp of the resource.
• description (String) The resource description.
• exclusion_rule (List of Object) (see below for nested schema)
• id (String) The ID of this resource.
• labels (Map of String) A set of key/value label pairs which assigned to resource.
• match_all_rule_sets (Boolean) Match all rule sets.
• rule (List of Object) List of rules. (see below for nested schema)
• rule_set (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for analyze_request_body

Read-Only:

• is_enabled (Boolean) Possible to turn analyzer on and turn if off.

• size_limit (Number) Maximum size of body to pass to analyzer. In kilobytes.

• size_limit_action (String) Action to perform if maximum size of body exceeded. Possible values: IGNORE and DENY.

Nested Schema for Nested Schema for core_rule_set

Read-Only:

• inbound_anomaly_score (Number) Anomaly score. Enter an integer within the range of 2 and 10000. The higher this value, the more likely it is that the request that satisfies the rule is an attack. See Rules for more details.

• paranoia_level (Number) Paranoia level. Enter an integer within the range of 1 and 4. Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection, but also the higher the probability of WAF false positives. See Rules for more details. NOTE: this option has no effect on enabling or disabling rules, it is used only as recommendation for user to enable all rules with paranoia_level <= this value.

• rule_set (Block List, Min: 1, Max: 1) Rule set settings. See Basic rule set for details. (see below for nested schema)

Nested Schema for Nested Schema for core_rule_set.rule_set

Read-Only:

• id (String) Id of the rule set.

• name (String) Name of the rule set.

• type (String) Type of the rule set.

• version (String) Version of the rule set.

Nested Schema for Nested Schema for exclusion_rule

Read-Only:

• condition (List of Object) (see below for nested schema)

• description (String) Description of the rule. 0-512 characters long.

• exclude_rules (Block List, Min: 1, Max: 1) Exclude rules. (see below for nested schema)

• log_excluded (Boolean) Records the fact that an exception rule is triggered.

• name (String) Name of exclusion rule.

Nested Schema for Nested Schema for exclusion_rule.condition

Read-Only:

• authority (List of Object) (see below for nested schema)
• headers (List of Object) (see below for nested schema)
• http_method (List of Object) (see below for nested schema)
• request_uri (List of Object) (see below for nested schema)
• source_ip (Block List, Max: 1) Source IP. (see below for nested schema)

Nested Schema for Nested Schema for exclusion_rule.condition.authority

Read-Only:

• authorities (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for exclusion_rule.condition.authority.authorities

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for exclusion_rule.condition.headers

Read-Only:

• name (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for exclusion_rule.condition.headers.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for exclusion_rule.condition.http_method

Read-Only:

• http_methods (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for exclusion_rule.condition.http_method.http_methods

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for exclusion_rule.condition.request_uri

Read-Only:

• path (List of Object) (see below for nested schema)
• queries (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for exclusion_rule.condition.request_uri.path

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for exclusion_rule.condition.request_uri.queries

Read-Only:

• key (String)
• value (List of Object) (see below for nested schema)

Nested Schema for Nested Schema for exclusion_rule.condition.request_uri.queries.value

Read-Only:

• exact_match (String)
• exact_not_match (String)
• pire_regex_match (String)
• pire_regex_not_match (String)
• prefix_match (String)
• prefix_not_match (String)

Nested Schema for Nested Schema for exclusion_rule.condition.source_ip

Read-Only:

• geo_ip_match (Block List, Max: 1) Locations to include. (see below for nested schema)

• geo_ip_not_match (Block List, Max: 1) Locations to exclude. (see below for nested schema)

• ip_ranges_match (Block List, Max: 1) IP ranges to include. (see below for nested schema)

• ip_ranges_not_match (Block List, Max: 1) IP ranges to exclude. (see below for nested schema)

Nested Schema for Nested Schema for exclusion_rule.condition.source_ip.geo_ip_match

Read-Only:

• locations (List of String) Locations to include.

Nested Schema for Nested Schema for exclusion_rule.condition.source_ip.geo_ip_not_match

Read-Only:

• locations (List of String) Locations to exclude.

Nested Schema for Nested Schema for exclusion_rule.condition.source_ip.ip_ranges_match

Read-Only:

• ip_ranges (List of String) IP ranges to include.

Nested Schema for Nested Schema for exclusion_rule.condition.source_ip.ip_ranges_not_match

Read-Only:

• ip_ranges (List of String) IP ranges to exclude.

Nested Schema for Nested Schema for exclusion_rule.exclude_rules

Read-Only:

• exclude_all (Boolean) Set this option true to exclude all rules.

• rule_ids (List of String) List of rules to exclude.

Nested Schema for Nested Schema for rule

Read-Only:

• is_blocking (Boolean) Determines is it rule blocking or not.

• is_enabled (Boolean) Determines is it rule enabled or not.

• rule_id (String) Rule ID.

Nested Schema for Nested Schema for rule_set

Read-Only:

• action (String) Action of the rule set.

• core_rule_set (Block List, Max: 1) Core rule set. (see below for nested schema)

• is_enabled (Boolean) Determines is it rule set enabled or not.

• ml_rule_set (Block List, Max: 1) List of ML rule sets. (see below for nested schema)

• priority (Number) Priority of the rule set.

• ya_rule_set (Block List, Max: 1) Yandex rule set. (see below for nested schema)

Nested Schema for Nested Schema for rule_set.core_rule_set

Read-Only:

• inbound_anomaly_score (Number) Inbound anomaly score of the rule set.

• paranoia_level (Number) Paranoia level of the rule set.

• rule_set (Block List, Min: 1, Max: 1) Rule set. (see below for nested schema)

Nested Schema for Nested Schema for rule_set.core_rule_set.rule_set

Read-Only:

• id (String) ID of the rule set.

• name (String) Name of the rule set.

• type (String) Type of the rule set.

• version (String) Version of the rule set.

Nested Schema for Nested Schema for rule_set.ml_rule_set

Read-Only:

• rule_group (Block List) List of rule groups. (see below for nested schema)

• rule_set (Block List, Min: 1, Max: 1) Rule set of the ML rule set. (see below for nested schema)

Nested Schema for Nested Schema for rule_set.ml_rule_set.rule_group

Read-Only:

• action (String) Action of the rule group.

• id (String) ID of the rule group.

• inbound_anomaly_score (Number) Inbound anomaly score.

• is_enabled (Boolean) Is the rule group enabled.

Nested Schema for Nested Schema for rule_set.ml_rule_set.rule_set

Read-Only:

• id (String) ID of the rule set.

• name (String) Name of the rule set.

• type (String) Type of the rule set.

• version (String) Version of the rule set.

Nested Schema for Nested Schema for rule_set.ya_rule_set

Read-Only:

• rule_group (Block List) List of rule groups. (see below for nested schema)

• rule_set (Block List, Min: 1, Max: 1) Rule set of the Yandex rule set. (see below for nested schema)

Nested Schema for Nested Schema for rule_set.ya_rule_set.rule_group

Read-Only:

• action (String) Action of the rule group.

• id (String) ID of the rule group.

• inbound_anomaly_score (Number) Inbound anomaly score.

• is_enabled (Boolean) Is the rule group enabled.

Nested Schema for Nested Schema for rule_set.ya_rule_set.rule_set

Read-Only:

• id (String) ID of the rule set.

• name (String) Name of the rule set.

• type (String) Type of the rule set.

• version (String) Version of the rule set.