diff --git a/.changelog/3413.txt b/.changelog/3413.txt
new file mode 100644
index 0000000000..e612aadd1a
--- /dev/null
+++ b/.changelog/3413.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_teo_security_policy_config: add new item for `security_policy`
+```
diff --git a/go.mod b/go.mod
index 1f9080c219..327807f73d 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.1107
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.1033
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.1148
- github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170
+ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1182
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.1153
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cwp v1.0.762
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.1161
@@ -90,7 +90,7 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdcpg v1.0.533
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq v1.0.955
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578
- github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1129
+ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1182
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.1133
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/trocket v1.0.947
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tse v1.0.857
diff --git a/go.sum b/go.sum
index e32991d78b..a5897e1890 100644
--- a/go.sum
+++ b/go.sum
@@ -985,6 +985,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164 h1:qEz
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1164/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170 h1:67TIDmxXDa73+7nFuyVVxtVswf83JPXiwBy1Xicv+xQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1182 h1:it8gutbUhh2l68CzKt0W3OAEytReLg4H9Wq1/ahkzmg=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1182/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993 h1:WlPgXldQCxt7qi5Xrc6j6zTrsXWzN5BcOGs7Irq7fwQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/controlcenter v1.0.993/go.mod h1:Z9U8zNtyuyKhjS0698wqsrG/kLx1TQ5CEixXBwVe7xY=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/csip v1.0.860 h1:F3esKBIT3HW9+7Gt8cVgf8X06VdGIczpgLBUECzSEzU=
@@ -1107,6 +1109,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578 h1:vBpQhUr
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578/go.mod h1:UlojGQh/9wb7/uXPNi7PvMral1CNAskVDNgqJEV83l0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1129 h1:9zrLWqS6sQ7YHjyrRGKexB5s7MkmlaAjME+Gsjw0FXo=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1129/go.mod h1:Upcwa9By8gGR8qNLEiAetIKGbe4LmZbtXw0muPWXYc8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1182 h1:usJ5oGRWXkOufePi9JRP+kz5s0lTKUazpLDJJzVaJrQ=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1182/go.mod h1:lR5rdTT9V5RO9c0hXlFqO0o/bHdxn+R1+JMnWILzne0=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/thpc v1.0.998 h1:f4/n0dVKQTD06xJ84B5asHViNJHrZmGojdAWEPIsITM=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/thpc v1.0.998/go.mod h1:fyi/HUwCwVe2NCCCjz8k/C5GwPu3QazCZO+OBJ3MhLk=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.1038 h1:tmK0aSj8zJrTx7aubJR8DBvtySj1uO8UdFANUDFtbmo=
diff --git a/tencentcloud/services/teo/resource_tc_teo_security_policy_config.go b/tencentcloud/services/teo/resource_tc_teo_security_policy_config.go
index 9cda4f609b..80e2030434 100644
--- a/tencentcloud/services/teo/resource_tc_teo_security_policy_config.go
+++ b/tencentcloud/services/teo/resource_tc_teo_security_policy_config.go
@@ -628,723 +628,3002 @@ func ResourceTencentCloudTeoSecurityPolicyConfig() *schema.Resource {
},
},
},
+ "http_ddos_protection": {
+ Type: schema.TypeList,
+ Optional: true,
+ Computed: true,
+ MaxItems: 1,
+ Description: "HTTP DDOS protection configuration.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "adaptive_frequency_control": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Specific configuration of adaptive frequency control.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "enabled": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Whether adaptive frequency control is enabled. The possible values are: on: enabled; off: disabled. .",
+ },
+ "sensitivity": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The restriction level of adaptive frequency control. When Enabled is on, this field is required. The values are: Loose: loose; Moderate: moderate; Strict: strict. .",
+ },
+ "action": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "The handling method of adaptive frequency control. When Enabled is on, this field is required. SecurityAction's Name value supports: Monitor: Observe; Deny: Intercept; Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge. .",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific action of security execution. The values are:\nDeny: intercept, block the request to access site resources;\nMonitor: observe, only record logs;\nRedirect: redirect to URL;\nDisabled: disabled, do not enable the specified rule;\nAllow: allow access, but delay processing requests;\nChallenge: challenge, respond to challenge content;\nBlockIP: to be abandoned, IP ban;\nReturnCustomPage: to be abandoned, use the specified page to intercept;\nJSChallenge: to be abandoned, JavaScript challenge;\nManagedChallenge: to be abandoned, managed challenge..",
+ },
+ "deny_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Deny.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "block_ip": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to extend the blocking of source IP. The possible values are:\non: on;\noff: off.\nWhen enabled, the client IP that triggers the rule will be blocked continuously. When this option is enabled, the BlockIpDuration parameter must be specified at the same time.\nNote: This option cannot be enabled at the same time as the ReturnCustomPage or Stall options.",
+ },
+ "block_ip_duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "When BlockIP is on, the IP blocking duration.",
+ },
+ "return_custom_page": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to use custom pages. The possible values are:\non: on;\noff: off.\nAfter enabling, use custom page content to intercept (respond to) requests. When enabling this option, you must specify the ResponseCode and ErrorPageId parameters at the same time.\nNote: This option cannot be enabled at the same time as the BlockIp or Stall options.",
+ },
+ "response_code": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Customize the status code of the page.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The PageId of the custom page.",
+ },
+ "stall": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to ignore the request source suspension. The value is:\non: Enable;\noff: Disable.\nAfter enabling, it will no longer respond to requests in the current connection session and will not actively disconnect. It is used to fight against crawlers and consume client connection resources.\nNote: This option cannot be enabled at the same time as the BlockIp or ReturnCustomPage options.",
+ },
+ },
+ },
+ },
+ "redirect_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Redirect.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "url": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The URL to redirect.",
+ },
+ },
+ },
+ },
+ "challenge_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Challenge.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "challenge_option": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific challenge action to be executed safely. The possible values are: InterstitialChallenge: interstitial challenge; InlineChallenge: embedded challenge; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge. .",
+ },
+ "interval": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The time interval for repeating the challenge. When Name is InterstitialChallenge/InlineChallenge, this field is required. The default value is 300s. Supported units are: s: seconds, value range 1 to 60; m: minutes, value range 1 to 60; h: hours, value range 1 to 24. .",
+ },
+ "attester_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client authentication method ID. This field is required when Name is InterstitialChallenge/InlineChallenge.",
+ },
+ },
+ },
+ },
+ "block_ip_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is BlockIP.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "duration": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The penalty duration for banning an IP. Supported units are: s: seconds, value range 1 to 120; m: minutes, value range 1 to 120; h: hours, value range 1 to 48. .",
+ },
+ },
+ },
+ },
+ "return_custom_page_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is ReturnCustomPage.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "response_code": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Response status code.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The custom page ID of the response.",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "client_filtering": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Specific configuration of intelligent client filtering.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "enabled": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Whether smart client filtering is enabled. The possible values are: on: enabled; off: disabled. .",
+ },
+ "action": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "The method of intelligent client filtering. When Enabled is on, this field is required. SecurityAction Name value supports: Monitor: Observe; Deny: Intercept; Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge. .",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific action of security execution. The values are:\nDeny: intercept, block the request to access site resources;\nMonitor: observe, only record logs;\nRedirect: redirect to URL;\nDisabled: disabled, do not enable the specified rule;\nAllow: allow access, but delay processing requests;\nChallenge: challenge, respond to challenge content;\nBlockIP: to be abandoned, IP ban;\nReturnCustomPage: to be abandoned, use the specified page to intercept;\nJSChallenge: to be abandoned, JavaScript challenge;\nManagedChallenge: to be abandoned, managed challenge..",
+ },
+ "deny_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Deny.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "block_ip": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to extend the blocking of source IP. The possible values are:\non: on;\noff: off.\nWhen enabled, the client IP that triggers the rule will be blocked continuously. When this option is enabled, the BlockIpDuration parameter must be specified at the same time.\nNote: This option cannot be enabled at the same time as the ReturnCustomPage or Stall options.",
+ },
+ "block_ip_duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "When BlockIP is on, the IP blocking duration.",
+ },
+ "return_custom_page": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to use custom pages. The possible values are:\non: on;\noff: off.\nAfter enabling, use custom page content to intercept (respond to) requests. When enabling this option, you must specify the ResponseCode and ErrorPageId parameters at the same time.\nNote: This option cannot be enabled at the same time as the BlockIp or Stall options.",
+ },
+ "response_code": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Customize the status code of the page.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The PageId of the custom page.",
+ },
+ "stall": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to ignore the request source suspension. The value is:\non: Enable;\noff: Disable.\nAfter enabling, it will no longer respond to requests in the current connection session and will not actively disconnect. It is used to fight against crawlers and consume client connection resources.\nNote: This option cannot be enabled at the same time as the BlockIp or ReturnCustomPage options.",
+ },
+ },
+ },
+ },
+ "redirect_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Redirect.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "url": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The URL to redirect.",
+ },
+ },
+ },
+ },
+ "challenge_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Challenge.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "challenge_option": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific challenge action to be executed safely. The possible values are: InterstitialChallenge: interstitial challenge; InlineChallenge: embedded challenge; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge. .",
+ },
+ "interval": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The time interval for repeating the challenge. When Name is InterstitialChallenge/InlineChallenge, this field is required. The default value is 300s. Supported units are: s: seconds, value range 1 to 60; m: minutes, value range 1 to 60; h: hours, value range 1 to 24. .",
+ },
+ "attester_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client authentication method ID. This field is required when Name is InterstitialChallenge/InlineChallenge.",
+ },
+ },
+ },
+ },
+ "block_ip_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is BlockIP.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "duration": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The penalty duration for banning an IP. Supported units are: s: seconds, value range 1 to 120; m: minutes, value range 1 to 120; h: hours, value range 1 to 48. .",
+ },
+ },
+ },
+ },
+ "return_custom_page_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is ReturnCustomPage.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "response_code": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Response status code.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The custom page ID of the response.",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "bandwidth_abuse_defense": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Specific configuration of traffic fraud prevention.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "enabled": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Whether the anti-theft feature (only applicable to mainland China) is enabled. The possible values are: on: enabled; off: disabled. .",
+ },
+ "action": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "The method for preventing traffic fraud (only applicable to mainland China). When Enabled is on, this field is required. SecurityAction Name value supports: Monitor: Observe; Deny: Intercept; Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge. .",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific action of security execution. The values are:\nDeny: intercept, block the request to access site resources;\nMonitor: observe, only record logs;\nRedirect: redirect to URL;\nDisabled: disabled, do not enable the specified rule;\nAllow: allow access, but delay processing requests;\nChallenge: challenge, respond to challenge content;\nBlockIP: to be abandoned, IP ban;\nReturnCustomPage: to be abandoned, use the specified page to intercept;\nJSChallenge: to be abandoned, JavaScript challenge;\nManagedChallenge: to be abandoned, managed challenge..",
+ },
+ "deny_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Deny.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "block_ip": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to extend the blocking of source IP. The possible values are:\non: on;\noff: off.\nWhen enabled, the client IP that triggers the rule will be blocked continuously. When this option is enabled, the BlockIpDuration parameter must be specified at the same time.\nNote: This option cannot be enabled at the same time as the ReturnCustomPage or Stall options.",
+ },
+ "block_ip_duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "When BlockIP is on, the IP blocking duration.",
+ },
+ "return_custom_page": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to use custom pages. The possible values are:\non: on;\noff: off.\nAfter enabling, use custom page content to intercept (respond to) requests. When enabling this option, you must specify the ResponseCode and ErrorPageId parameters at the same time.\nNote: This option cannot be enabled at the same time as the BlockIp or Stall options.",
+ },
+ "response_code": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Customize the status code of the page.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The PageId of the custom page.",
+ },
+ "stall": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to ignore the request source suspension. The value is:\non: Enable;\noff: Disable.\nAfter enabling, it will no longer respond to requests in the current connection session and will not actively disconnect. It is used to fight against crawlers and consume client connection resources.\nNote: This option cannot be enabled at the same time as the BlockIp or ReturnCustomPage options.",
+ },
+ },
+ },
+ },
+ "redirect_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Redirect.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "url": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The URL to redirect.",
+ },
+ },
+ },
+ },
+ "challenge_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Challenge.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "challenge_option": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific challenge action to be executed safely. The possible values are: InterstitialChallenge: interstitial challenge; InlineChallenge: embedded challenge; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge. .",
+ },
+ "interval": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The time interval for repeating the challenge. When Name is InterstitialChallenge/InlineChallenge, this field is required. The default value is 300s. Supported units are: s: seconds, value range 1 to 60; m: minutes, value range 1 to 60; h: hours, value range 1 to 24. .",
+ },
+ "attester_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client authentication method ID. This field is required when Name is InterstitialChallenge/InlineChallenge.",
+ },
+ },
+ },
+ },
+ "block_ip_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is BlockIP.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "duration": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The penalty duration for banning an IP. Supported units are: s: seconds, value range 1 to 120; m: minutes, value range 1 to 120; h: hours, value range 1 to 48. .",
+ },
+ },
+ },
+ },
+ "return_custom_page_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is ReturnCustomPage.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "response_code": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Response status code.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The custom page ID of the response.",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "slow_attack_defense": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Specific configuration of slow attack protection.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "enabled": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Whether slow attack protection is enabled. The possible values are: on: enabled; off: disabled. .",
+ },
+ "action": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "The handling method of slow attack protection. When Enabled is on, this field is required. SecurityAction Name value supports: Monitor: Observe; Deny: Intercept; .",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific action of security execution. The values are:\nDeny: intercept, block the request to access site resources;\nMonitor: observe, only record logs;\nRedirect: redirect to URL;\nDisabled: disabled, do not enable the specified rule;\nAllow: allow access, but delay processing requests;\nChallenge: challenge, respond to challenge content;\nBlockIP: to be abandoned, IP ban;\nReturnCustomPage: to be abandoned, use the specified page to intercept;\nJSChallenge: to be abandoned, JavaScript challenge;\nManagedChallenge: to be abandoned, managed challenge..",
+ },
+ "deny_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Deny.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "block_ip": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to extend the blocking of source IP. The possible values are:\non: on;\noff: off.\nWhen enabled, the client IP that triggers the rule will be blocked continuously. When this option is enabled, the BlockIpDuration parameter must be specified at the same time.\nNote: This option cannot be enabled at the same time as the ReturnCustomPage or Stall options.",
+ },
+ "block_ip_duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "When BlockIP is on, the IP blocking duration.",
+ },
+ "return_custom_page": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to use custom pages. The possible values are:\non: on;\noff: off.\nAfter enabling, use custom page content to intercept (respond to) requests. When enabling this option, you must specify the ResponseCode and ErrorPageId parameters at the same time.\nNote: This option cannot be enabled at the same time as the BlockIp or Stall options.",
+ },
+ "response_code": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Customize the status code of the page.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The PageId of the custom page.",
+ },
+ "stall": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to ignore the request source suspension. The value is:\non: Enable;\noff: Disable.\nAfter enabling, it will no longer respond to requests in the current connection session and will not actively disconnect. It is used to fight against crawlers and consume client connection resources.\nNote: This option cannot be enabled at the same time as the BlockIp or ReturnCustomPage options.",
+ },
+ },
+ },
+ },
+ "redirect_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Redirect.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "url": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The URL to redirect.",
+ },
+ },
+ },
+ },
+ "challenge_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Challenge.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "challenge_option": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific challenge action to be executed safely. The possible values are: InterstitialChallenge: interstitial challenge; InlineChallenge: embedded challenge; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge. .",
+ },
+ "interval": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The time interval for repeating the challenge. When Name is InterstitialChallenge/InlineChallenge, this field is required. The default value is 300s. Supported units are: s: seconds, value range 1 to 60; m: minutes, value range 1 to 60; h: hours, value range 1 to 24. .",
+ },
+ "attester_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client authentication method ID. This field is required when Name is InterstitialChallenge/InlineChallenge.",
+ },
+ },
+ },
+ },
+ "block_ip_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is BlockIP.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "duration": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The penalty duration for banning an IP. Supported units are: s: seconds, value range 1 to 120; m: minutes, value range 1 to 120; h: hours, value range 1 to 48. .",
+ },
+ },
+ },
+ },
+ "return_custom_page_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is ReturnCustomPage.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "response_code": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Response status code.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The custom page ID of the response.",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "minimal_request_body_transfer_rate": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Specific configuration of the minimum rate threshold for text transmission. This field is required when Enabled is on.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "minimal_avg_transfer_rate_threshold": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Minimum text transmission rate threshold. The unit only supports bps.",
+ },
+ "counting_period": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The minimum text transmission rate statistics time range, the possible values are: 10s: 10 seconds; 30s: 30 seconds; 60s: 60 seconds; 120s: 120 seconds. .",
+ },
+ "enabled": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Whether the text transmission minimum rate threshold is enabled. The possible values are: on: enabled; off: disabled. .",
+ },
+ },
+ },
+ },
+ "request_body_transfer_timeout": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Specific configuration of the text transmission timeout. When Enabled is on, this field is required.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "idle_timeout": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The text transmission timeout period is between 5 and 120, and the unit only supports seconds (s).",
+ },
+ "enabled": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Whether the text transmission timeout is enabled. The possible values are: on: enabled; off: disabled. .",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "rate_limiting_rules": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Rate limiting rule configuration.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "rules": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "A list of precise rate limiting definitions. When using ModifySecurityPolicy to modify the Web protection configuration:
If the Rules parameter is not specified, or the Rules parameter length is zero: clear all precise rate limiting configurations. . If the RateLimitingRules parameter value is not specified in the SecurityPolicy parameter: keep the existing custom rule configuration and do not modify it. .",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ Description: "The ID of the precise rate limit.
The rule ID can support different rule configuration operations:
Add a new rule: the ID is empty or the ID parameter is not specified; Modify an existing rule: specify the rule ID to be updated/modified; Delete an existing rule: in the RateLimitingRules parameter, the existing rules not included in the Rules list will be deleted. .",
+ },
+ "name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The name of the precise rate limit.",
+ },
+ "condition": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The specific content of the precise rate limit must conform to the expression syntax. For detailed specifications, see the product documentation.",
+ },
+ "count_by": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "The matching method of the rate threshold request feature. When Enabled is on, this field is required.
When there are multiple conditions, multiple conditions will be combined for statistical calculation. The number of conditions cannot exceed 5. The possible values are:
http.request.ip: client IP; http.request.xff_header_ip: client IP (matching XFF header first); http.request.uri.path: requested access path; http.request.cookies['session']: cookie named session, where session can be replaced by the parameter you specify; http.request.headers['user-agent']: HTTP header named user-agent, where user-agent can be replaced by the parameter you specify; http.request.ja3: requested JA3 fingerprint; http.request.uri.query['test']: URL query parameter named test, where test can be replaced by the parameter you specify. .",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "max_request_threshold": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "The cumulative number of interceptions within the time range of the precise rate limit, ranging from 1 to 100000.",
+ },
+ "counting_period": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The statistical time window, the possible values are: 1s: 1 second; 5s: 5 seconds; 10s: 10 seconds; 20s: 20 seconds; 30s: 30 seconds; 40s: 40 seconds; 50s: 50 seconds; 1m: 1 minute; 2m: 2 minutes; 5m: 5 minutes; 10m: 10 minutes; 1h: 1 hour. .",
+ },
+ "action_duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Action The duration of the action. The supported units are: s: seconds, with a value of 1 to 120; m: minutes, with a value of 1 to 120; h: hours, with a value of 1 to 48; d: days, with a value of 1 to 30. .",
+ },
+ "action": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "The precise rate limit handling method. The values are: Monitor: Observe; Deny: Intercept, where DenyActionParameters.Name supports Deny and ReturnCustomPage; Challenge: Challenge, where ChallengeActionParameters.Name supports JSChallenge and ManagedChallenge; Redirect: Redirect to URL; .",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "name": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific action of security execution. The values are:\nDeny: intercept, block the request to access site resources;\nMonitor: observe, only record logs;\nRedirect: redirect to URL;\nDisabled: disabled, do not enable the specified rule;\nAllow: allow access, but delay processing requests;\nChallenge: challenge, respond to challenge content;\nBlockIP: to be abandoned, IP ban;\nReturnCustomPage: to be abandoned, use the specified page to intercept;\nJSChallenge: to be abandoned, JavaScript challenge;\nManagedChallenge: to be abandoned, managed challenge..",
+ },
+ "deny_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Deny.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "block_ip": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to extend the blocking of source IP. The possible values are:\non: on;\noff: off.\nWhen enabled, the client IP that triggers the rule will be blocked continuously. When this option is enabled, the BlockIpDuration parameter must be specified at the same time.\nNote: This option cannot be enabled at the same time as the ReturnCustomPage or Stall options.",
+ },
+ "block_ip_duration": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "When BlockIP is on, the IP blocking duration.",
+ },
+ "return_custom_page": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to use custom pages. The possible values are:\non: on;\noff: off.\nAfter enabling, use custom page content to intercept (respond to) requests. When enabling this option, you must specify the ResponseCode and ErrorPageId parameters at the same time.\nNote: This option cannot be enabled at the same time as the BlockIp or Stall options.",
+ },
+ "response_code": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Customize the status code of the page.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The PageId of the custom page.",
+ },
+ "stall": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether to ignore the request source suspension. The value is:\non: Enable;\noff: Disable.\nAfter enabling, it will no longer respond to requests in the current connection session and will not actively disconnect. It is used to fight against crawlers and consume client connection resources.\nNote: This option cannot be enabled at the same time as the BlockIp or ReturnCustomPage options.",
+ },
+ },
+ },
+ },
+ "redirect_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Redirect.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "url": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The URL to redirect.",
+ },
+ },
+ },
+ },
+ "challenge_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Additional parameters when Name is Challenge.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "challenge_option": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The specific challenge action to be executed safely. The possible values are: InterstitialChallenge: interstitial challenge; InlineChallenge: embedded challenge; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge. .",
+ },
+ "interval": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The time interval for repeating the challenge. When Name is InterstitialChallenge/InlineChallenge, this field is required. The default value is 300s. Supported units are: s: seconds, value range 1 to 60; m: minutes, value range 1 to 60; h: hours, value range 1 to 24. .",
+ },
+ "attester_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Client authentication method ID. This field is required when Name is InterstitialChallenge/InlineChallenge.",
+ },
+ },
+ },
+ },
+ "block_ip_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is BlockIP.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "duration": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The penalty duration for banning an IP. Supported units are: s: seconds, value range 1 to 120; m: minutes, value range 1 to 120; h: hours, value range 1 to 48. .",
+ },
+ },
+ },
+ },
+ "return_custom_page_action_parameters": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "To be deprecated, additional parameter when Name is ReturnCustomPage.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "response_code": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Response status code.",
+ },
+ "error_page_id": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The custom page ID of the response.",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "priority": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: "The priority of precise rate limiting ranges from 0 to 100, and the default is 0.",
+ },
+ "enabled": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether the precise rate limit rule is enabled. The possible values are: on: enabled; off: disabled. .",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "exception_rules": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: "Exception rule configuration.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "rules": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Definition list of exception rules. When using ModifySecurityPolicy to modify the Web protection configuration: If the Rules parameter is not specified, or the length of the Rules parameter is zero: clear all exception rule configurations. .If the ExceptionRules parameter value is not specified in the SecurityPolicy parameter: keep the existing exception rule configurations and do not modify them. .",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "id": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ Description: "The ID of the exception rule.
The rule ID can support different rule configuration operations:
Add a new rule: the ID is empty or the ID parameter is not specified; Modify an existing rule: specify the rule ID to be updated/modified; Delete an existing rule: in the ExceptionRules parameter, the existing rules not included in the Rules list will be deleted. .",
+ },
+ "name": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The name of the exception rule.",
+ },
+ "condition": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The specific content of the exception rule must comply with the expression syntax. For detailed specifications, see the product documentation.",
+ },
+ "skip_scope": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Exception rule execution options, the values are: WebSecurityModules: Specifies the security protection module for the exception rule. .ManagedRules: Specifies the managed rules. .",
+ },
+ "skip_option": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "The specific type of the skipped request. The possible values are: SkipOnAllRequestFields: skip all requests; SkipOnSpecifiedRequestFields: skip specified request fields. . This option is only valid when SkipScope is ManagedRules.",
+ },
+ "web_security_modules_for_exception": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "Specifies the security protection module for the exception rule. It is valid only when SkipScope is WebSecurityModules. The possible values are: websec-mod-managed-rules: managed rules; websec-mod-rate-limiting: rate limiting; websec-mod-custom-rules: custom rules; websec-mod-adaptive-control: adaptive frequency control, intelligent client filtering, slow attack protection, traffic theft protection; websec-mod-bot: Bot management. .",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "managed_rules_for_exception": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "Specifies the specific managed rule for the exception rule. This is only valid when SkipScope is ManagedRules and ManagedRuleGroupsForException cannot be specified.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "managed_rule_groups_for_exception": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: "Specifies the managed rule group for the exception rule. This is only valid when SkipScope is ManagedRules and ManagedRulesForException cannot be specified.",
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "request_fields_for_exception": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: "Specifies the specific configuration of the exception rule to skip the specified request field. This is only valid when SkipScope is ManagedRules and SkipOption is SkipOnSpecifiedRequestFields.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "scope": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "Specific fields to skip. Supported values:
\nbody.json: JSON request content; in this case, Condition supports key and value, and TargetField supports key and value, for example, { \"Scope\": \"body.json\", \"Condition\": \"\", \"TargetField\": \"key\" }, which means that all parameters of JSON request content skip WAF scanning;\ncookie: Cookie; in this case, Condition supports key and value, and TargetField supports key and value, for example, { \"Scope\": \"cookie\", \"Condition\": \"${key} in ['account-id'] and ${value} like ['prefix-*']\", \"TargetField\": \"value\" }, which means that the Cookie parameter name is equal to account-id and the parameter value wildcard matches prefix-* to skip WAF scanning;\nheader: HTTP header parameter; Condition supports key and value, TargetField supports key and value, for example { \"Scope\": \"header\", \"Condition\": \"${key} like ['x-auth-*']\", \"TargetField\": \"value\" }, which means that the header parameter name wildcard matches x-auth-* and skips WAF scanning; \nuri.query: URL encoded content/query parameter; Condition supports key and value, TargetField supports key and value, for example { \"Scope\": \"uri.query\", \"Condition\": \"${key} in ['action'] and ${value} in ['upload', 'delete']\", \"TargetField\": \"value\" }, which means that the parameter name of the URL encoded content/query parameter is equal to action And the parameter value is equal to upload or delete to skip WAF scanning;\nuri: request path URI; in this case, Condition must be empty, TargetField supports query, path, fullpath, for example, { \"Scope\": \"uri\", \"Condition\": \"\", \"TargetField\": \"query\" }, indicating that the request path URI only query parameters skip WAF scanning;\nbody: request body content. In this case, Condition must be empty, TargetField supports fullbody and multipart, for example, { \"Scope\": \"body\", \"Condition\": \"\", \"TargetField\": \"fullbody\" }, indicating that the request body content is the complete request body and skips WAF scanning;.",
+ },
+ "condition": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "The expression of the specific field to be skipped must conform to the expression syntax.
\nCondition supports expression configuration syntax: Written according to the matching condition expression syntax of the rule, supporting references to key and value. . Supports in, like operators, and and logical combinations. .\nFor example: ${key} in ['x-trace-id']: parameter name is equal to x-trace-id. .${key} in ['x-trace-id'] and ${value} like ['Bearer *']: parameter name is equal to x-trace-id and the parameter value wildcard matches Bearer *. .",
+ },
+ "target_field": {
+ Type: schema.TypeString,
+ Required: true,
+ Description: "When the Scope parameter uses different values, the supported values in the TargetField expression are as follows:\n body.json: supports key and value\n cookie: supports key and value\n header: supports key and value\n uri.query: supports key and value\n uri: supports path, query and fullpath\n body: supports fullbody and multipart.",
+ },
+ },
+ },
+ },
+ "enabled": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Whether the exception rule is enabled. The values are: on: enabledoff: disabled.",
+ },
+ },
+ },
+ },
+ },
+ },
+ },
},
},
},
- "entity": {
- Type: schema.TypeString,
- Optional: true,
- ForceNew: true,
- ValidateFunc: tccommon.ValidateAllowedStringValue([]string{"ZoneDefaultPolicy", "Template", "Host"}),
- Description: "Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..",
- },
+ "entity": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ ValidateFunc: tccommon.ValidateAllowedStringValue([]string{"ZoneDefaultPolicy", "Template", "Host"}),
+ Description: "Security policy type. the following parameter values can be used: ZoneDefaultPolicy: used to specify a site-level policy; Template: used to specify a policy Template. you need to simultaneously specify the TemplateId parameter; Host: used to specify a domain-level policy (note: when using a domain name to specify a dns service policy, only dns services or policy templates that have applied a domain-level policy are supported)..",
+ },
+
+ "host": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ Description: "Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.",
+ },
+
+ "template_id": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ Description: "Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.",
+ },
+ },
+ }
+}
+
+func resourceTencentCloudTeoSecurityPolicyConfigCreate(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_teo_security_policy_config.create")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ var (
+ zoneId string
+ entity string
+ host string
+ templateId string
+ )
+
+ if v, ok := d.GetOk("zone_id"); ok {
+ zoneId = v.(string)
+ }
+
+ if v, ok := d.GetOk("entity"); ok {
+ entity = v.(string)
+ }
+
+ if v, ok := d.GetOk("host"); ok {
+ host = v.(string)
+ }
+
+ if v, ok := d.GetOk("template_id"); ok {
+ templateId = v.(string)
+ }
+
+ if entity == "ZoneDefaultPolicy" && host == "" && templateId == "" {
+ d.SetId(strings.Join([]string{zoneId, entity}, tccommon.FILED_SP))
+ } else if entity == "Host" && host != "" && templateId == "" {
+ d.SetId(strings.Join([]string{zoneId, entity, host}, tccommon.FILED_SP))
+ } else if entity == "Template" && host == "" && templateId != "" {
+ d.SetId(strings.Join([]string{zoneId, entity, templateId}, tccommon.FILED_SP))
+ } else {
+ return fmt.Errorf("If `entity` is `ZoneDefaultPolicy`, Please do not set `host` and `template_id`; If `entity` is `Host`, Only support set `host`; If `entity` is `Template`, Only support set `template_id`.")
+ }
+
+ return resourceTencentCloudTeoSecurityPolicyConfigUpdate(d, meta)
+}
+
+func resourceTencentCloudTeoSecurityPolicyConfigRead(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_teo_security_policy_config.read")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ var (
+ logId = tccommon.GetLogId(tccommon.ContextNil)
+ ctx = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+ service = TeoService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+ zoneId string
+ entity string
+ host string
+ templateId string
+ )
+
+ idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+ if !(len(idSplit) == 2 || len(idSplit) == 3) {
+ return fmt.Errorf("id is broken,%s", d.Id())
+ }
+
+ zoneId = idSplit[0]
+ entity = idSplit[1]
+ if entity == "ZoneDefaultPolicy" && len(idSplit) == 2 {
+
+ } else if entity == "Host" && len(idSplit) == 3 {
+ host = idSplit[2]
+ } else if entity == "Template" && len(idSplit) == 3 {
+ templateId = idSplit[2]
+ } else {
+ return fmt.Errorf("`entity` is illegal, %s.", entity)
+ }
+
+ respData, err := service.DescribeTeoSecurityPolicyConfigById(ctx, zoneId, entity, host, templateId)
+ if err != nil {
+ return err
+ }
+
+ if respData == nil {
+ d.SetId("")
+ log.Printf("[WARN]%s resource `teo_security_policy` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+ return nil
+ }
+
+ _ = d.Set("zone_id", zoneId)
+ _ = d.Set("entity", entity)
+ _ = d.Set("host", host)
+ _ = d.Set("template_id", templateId)
+
+ securityPolicyList := make([]map[string]interface{}, 0, 1)
+ securityPolicyMap := map[string]interface{}{}
+ if respData.CustomRules != nil {
+ customRulesMap := map[string]interface{}{}
+ preciseMatchRulesList := make([]map[string]interface{}, 0, len(respData.CustomRules.Rules))
+ basicAccessRulesList := make([]map[string]interface{}, 0, len(respData.CustomRules.Rules))
+ if respData.CustomRules.Rules != nil {
+ for _, rules := range respData.CustomRules.Rules {
+ rulesMap := map[string]interface{}{}
+ ruleType := ""
+ if rules.Name != nil {
+ rulesMap["name"] = rules.Name
+ }
+
+ if rules.Condition != nil {
+ rulesMap["condition"] = rules.Condition
+ }
+
+ actionMap := map[string]interface{}{}
+ if rules.Action != nil {
+ if rules.Action.Name != nil {
+ actionMap["name"] = rules.Action.Name
+ }
+
+ blockIPActionParametersMap := map[string]interface{}{}
+ if rules.Action.BlockIPActionParameters != nil {
+ if rules.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = rules.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+ if rules.Action.ReturnCustomPageActionParameters != nil {
+ if rules.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = rules.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if rules.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = rules.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ redirectActionParametersMap := map[string]interface{}{}
+ if rules.Action.RedirectActionParameters != nil {
+ if rules.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = rules.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ rulesMap["action"] = []interface{}{actionMap}
+ }
+
+ if rules.Enabled != nil {
+ rulesMap["enabled"] = rules.Enabled
+ }
+
+ if rules.Id != nil {
+ rulesMap["id"] = rules.Id
+ }
+
+ if rules.RuleType != nil {
+ rulesMap["rule_type"] = rules.RuleType
+ ruleType = *rules.RuleType
+ }
+
+ if rules.Priority != nil {
+ rulesMap["priority"] = rules.Priority
+ }
+
+ if ruleType == "PreciseMatchRule" {
+ preciseMatchRulesList = append(preciseMatchRulesList, rulesMap)
+ } else if ruleType == "BasicAccessRule" {
+ basicAccessRulesList = append(basicAccessRulesList, rulesMap)
+ } else {
+ continue
+ }
+ }
+
+ if len(preciseMatchRulesList) > 0 {
+ customRulesMap["precise_match_rules"] = preciseMatchRulesList
+ }
+
+ if len(basicAccessRulesList) > 0 {
+ customRulesMap["basic_access_rules"] = basicAccessRulesList
+ }
+
+ if len(preciseMatchRulesList) > 0 || len(basicAccessRulesList) > 0 {
+ securityPolicyMap["custom_rules"] = []interface{}{customRulesMap}
+ }
+ }
+ }
+
+ if respData.ManagedRules != nil {
+ managedRulesMap := map[string]interface{}{}
+ if respData.ManagedRules.Enabled != nil {
+ managedRulesMap["enabled"] = respData.ManagedRules.Enabled
+ }
+
+ if respData.ManagedRules.DetectionOnly != nil {
+ managedRulesMap["detection_only"] = respData.ManagedRules.DetectionOnly
+ }
+
+ if respData.ManagedRules.SemanticAnalysis != nil {
+ managedRulesMap["semantic_analysis"] = respData.ManagedRules.SemanticAnalysis
+ }
+
+ if respData.ManagedRules.AutoUpdate != nil {
+ autoUpdateMap := map[string]interface{}{}
+ if respData.ManagedRules.AutoUpdate.AutoUpdateToLatestVersion != nil {
+ autoUpdateMap["auto_update_to_latest_version"] = respData.ManagedRules.AutoUpdate.AutoUpdateToLatestVersion
+ }
+
+ if respData.ManagedRules.AutoUpdate.RulesetVersion != nil {
+ autoUpdateMap["ruleset_version"] = respData.ManagedRules.AutoUpdate.RulesetVersion
+ }
+
+ managedRulesMap["auto_update"] = []interface{}{autoUpdateMap}
+ }
+
+ if respData.ManagedRules.ManagedRuleGroups != nil {
+ managedRuleGroupsList := make([]map[string]interface{}, 0, len(respData.ManagedRules.ManagedRuleGroups))
+ for _, managedRuleGroups := range respData.ManagedRules.ManagedRuleGroups {
+ managedRuleGroupsMap := map[string]interface{}{}
+
+ if managedRuleGroups.GroupId != nil {
+ managedRuleGroupsMap["group_id"] = managedRuleGroups.GroupId
+ }
+
+ if managedRuleGroups.SensitivityLevel != nil {
+ managedRuleGroupsMap["sensitivity_level"] = managedRuleGroups.SensitivityLevel
+ }
+
+ if managedRuleGroups.Action != nil {
+ actionMap := map[string]interface{}{}
+ if managedRuleGroups.Action.Name != nil {
+ actionMap["name"] = managedRuleGroups.Action.Name
+ }
+
+ blockIPActionParametersMap := map[string]interface{}{}
+ if managedRuleGroups.Action.BlockIPActionParameters != nil {
+ if managedRuleGroups.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = managedRuleGroups.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ if managedRuleGroups.Action.ReturnCustomPageActionParameters != nil {
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+ if managedRuleGroups.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = managedRuleGroups.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if managedRuleGroups.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = managedRuleGroups.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ if managedRuleGroups.Action.RedirectActionParameters != nil {
+ redirectActionParametersMap := map[string]interface{}{}
+ if managedRuleGroups.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = managedRuleGroups.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ managedRuleGroupsMap["action"] = []interface{}{actionMap}
+ }
+
+ if managedRuleGroups.RuleActions != nil {
+ ruleActionsList := make([]map[string]interface{}, 0, len(managedRuleGroups.RuleActions))
+ for _, ruleActions := range managedRuleGroups.RuleActions {
+ ruleActionsMap := map[string]interface{}{}
+ if ruleActions.RuleId != nil {
+ ruleActionsMap["rule_id"] = ruleActions.RuleId
+ }
+
+ if ruleActions.Action != nil {
+ actionMap := map[string]interface{}{}
+ if ruleActions.Action.Name != nil {
+ actionMap["name"] = ruleActions.Action.Name
+ }
+
+ if ruleActions.Action.BlockIPActionParameters != nil {
+ blockIPActionParametersMap := map[string]interface{}{}
+ if ruleActions.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = ruleActions.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ if ruleActions.Action.ReturnCustomPageActionParameters != nil {
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+ if ruleActions.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = ruleActions.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if ruleActions.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = ruleActions.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ if ruleActions.Action.RedirectActionParameters != nil {
+ redirectActionParametersMap := map[string]interface{}{}
+ if ruleActions.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = ruleActions.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ ruleActionsMap["action"] = []interface{}{actionMap}
+ }
+
+ ruleActionsList = append(ruleActionsList, ruleActionsMap)
+ }
+
+ managedRuleGroupsMap["rule_actions"] = ruleActionsList
+ }
+
+ if managedRuleGroups.MetaData != nil {
+ metaDataMap := map[string]interface{}{}
+ if managedRuleGroups.MetaData.GroupDetail != nil {
+ metaDataMap["group_detail"] = managedRuleGroups.MetaData.GroupDetail
+ }
+
+ if managedRuleGroups.MetaData.GroupName != nil {
+ metaDataMap["group_name"] = managedRuleGroups.MetaData.GroupName
+ }
+
+ if managedRuleGroups.MetaData.RuleDetails != nil {
+ ruleDetailsList := make([]map[string]interface{}, 0, len(managedRuleGroups.MetaData.RuleDetails))
+ for _, ruleDetails := range managedRuleGroups.MetaData.RuleDetails {
+ ruleDetailsMap := map[string]interface{}{}
+ if ruleDetails.RuleId != nil {
+ ruleDetailsMap["rule_id"] = ruleDetails.RuleId
+ }
+
+ if ruleDetails.RiskLevel != nil {
+ ruleDetailsMap["risk_level"] = ruleDetails.RiskLevel
+ }
+
+ if ruleDetails.Description != nil {
+ ruleDetailsMap["description"] = ruleDetails.Description
+ }
+
+ if ruleDetails.Tags != nil {
+ ruleDetailsMap["tags"] = ruleDetails.Tags
+ }
+
+ if ruleDetails.RuleVersion != nil {
+ ruleDetailsMap["rule_version"] = ruleDetails.RuleVersion
+ }
+
+ ruleDetailsList = append(ruleDetailsList, ruleDetailsMap)
+ }
+
+ metaDataMap["rule_details"] = ruleDetailsList
+ }
+
+ managedRuleGroupsMap["meta_data"] = []interface{}{metaDataMap}
+ }
+
+ managedRuleGroupsList = append(managedRuleGroupsList, managedRuleGroupsMap)
+ }
+
+ managedRulesMap["managed_rule_groups"] = managedRuleGroupsList
+ }
+
+ securityPolicyMap["managed_rules"] = []interface{}{managedRulesMap}
+ }
+
+ if respData.HttpDDoSProtection != nil {
+ httpDDoSProtectionMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl != nil {
+ adaptiveFrequencyControlMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Enabled != nil {
+ adaptiveFrequencyControlMap["enabled"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Enabled
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Sensitivity != nil {
+ adaptiveFrequencyControlMap["sensitivity"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Sensitivity
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action != nil {
+ actionMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.Name != nil {
+ actionMap["name"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.Name
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters != nil {
+ denyActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.BlockIp != nil {
+ denyActionParametersMap["block_ip"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.BlockIp
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.BlockIpDuration != nil {
+ denyActionParametersMap["block_ip_duration"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.BlockIpDuration
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.ReturnCustomPage != nil {
+ denyActionParametersMap["return_custom_page"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.ReturnCustomPage
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.ResponseCode != nil {
+ denyActionParametersMap["response_code"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.ErrorPageId != nil {
+ denyActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.ErrorPageId
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.Stall != nil {
+ denyActionParametersMap["stall"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.DenyActionParameters.Stall
+ }
+
+ actionMap["deny_action_parameters"] = []interface{}{denyActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.RedirectActionParameters != nil {
+ redirectActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ChallengeActionParameters != nil {
+ challengeActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ChallengeActionParameters.ChallengeOption != nil {
+ challengeActionParametersMap["challenge_option"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ChallengeActionParameters.ChallengeOption
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ChallengeActionParameters.Interval != nil {
+ challengeActionParametersMap["interval"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ChallengeActionParameters.Interval
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ChallengeActionParameters.AttesterId != nil {
+ challengeActionParametersMap["attester_id"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ChallengeActionParameters.AttesterId
+ }
+
+ actionMap["challenge_action_parameters"] = []interface{}{challengeActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.BlockIPActionParameters != nil {
+ blockIPActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_i_p_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ReturnCustomPageActionParameters != nil {
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.AdaptiveFrequencyControl.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ adaptiveFrequencyControlMap["action"] = []interface{}{actionMap}
+ }
+
+ httpDDoSProtectionMap["adaptive_frequency_control"] = []interface{}{adaptiveFrequencyControlMap}
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering != nil {
+ clientFilteringMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.ClientFiltering.Enabled != nil {
+ clientFilteringMap["enabled"] = respData.HttpDDoSProtection.ClientFiltering.Enabled
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action != nil {
+ actionMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.Name != nil {
+ actionMap["name"] = respData.HttpDDoSProtection.ClientFiltering.Action.Name
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters != nil {
+ denyActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.BlockIp != nil {
+ denyActionParametersMap["block_ip"] = respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.BlockIp
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.BlockIpDuration != nil {
+ denyActionParametersMap["block_ip_duration"] = respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.BlockIpDuration
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.ReturnCustomPage != nil {
+ denyActionParametersMap["return_custom_page"] = respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.ReturnCustomPage
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.ResponseCode != nil {
+ denyActionParametersMap["response_code"] = respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.ErrorPageId != nil {
+ denyActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.ErrorPageId
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.Stall != nil {
+ denyActionParametersMap["stall"] = respData.HttpDDoSProtection.ClientFiltering.Action.DenyActionParameters.Stall
+ }
+
+ actionMap["deny_action_parameters"] = []interface{}{denyActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.RedirectActionParameters != nil {
+ redirectActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = respData.HttpDDoSProtection.ClientFiltering.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.ChallengeActionParameters != nil {
+ challengeActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.ChallengeActionParameters.ChallengeOption != nil {
+ challengeActionParametersMap["challenge_option"] = respData.HttpDDoSProtection.ClientFiltering.Action.ChallengeActionParameters.ChallengeOption
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.ChallengeActionParameters.Interval != nil {
+ challengeActionParametersMap["interval"] = respData.HttpDDoSProtection.ClientFiltering.Action.ChallengeActionParameters.Interval
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.ChallengeActionParameters.AttesterId != nil {
+ challengeActionParametersMap["attester_id"] = respData.HttpDDoSProtection.ClientFiltering.Action.ChallengeActionParameters.AttesterId
+ }
+
+ actionMap["challenge_action_parameters"] = []interface{}{challengeActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.BlockIPActionParameters != nil {
+ blockIPActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = respData.HttpDDoSProtection.ClientFiltering.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.ReturnCustomPageActionParameters != nil {
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = respData.HttpDDoSProtection.ClientFiltering.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.ClientFiltering.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.ClientFiltering.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ clientFilteringMap["action"] = []interface{}{actionMap}
+ }
+
+ httpDDoSProtectionMap["client_filtering"] = []interface{}{clientFilteringMap}
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense != nil {
+ bandwidthAbuseDefenseMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Enabled != nil {
+ bandwidthAbuseDefenseMap["enabled"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Enabled
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action != nil {
+ actionMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.Name != nil {
+ actionMap["name"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.Name
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters != nil {
+ denyActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.BlockIp != nil {
+ denyActionParametersMap["block_ip"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.BlockIp
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.BlockIpDuration != nil {
+ denyActionParametersMap["block_ip_duration"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.BlockIpDuration
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.ReturnCustomPage != nil {
+ denyActionParametersMap["return_custom_page"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.ReturnCustomPage
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.ResponseCode != nil {
+ denyActionParametersMap["response_code"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.ErrorPageId != nil {
+ denyActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.ErrorPageId
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.Stall != nil {
+ denyActionParametersMap["stall"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.DenyActionParameters.Stall
+ }
+
+ actionMap["deny_action_parameters"] = []interface{}{denyActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.RedirectActionParameters != nil {
+ redirectActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ChallengeActionParameters != nil {
+ challengeActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ChallengeActionParameters.ChallengeOption != nil {
+ challengeActionParametersMap["challenge_option"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ChallengeActionParameters.ChallengeOption
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ChallengeActionParameters.Interval != nil {
+ challengeActionParametersMap["interval"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ChallengeActionParameters.Interval
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ChallengeActionParameters.AttesterId != nil {
+ challengeActionParametersMap["attester_id"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ChallengeActionParameters.AttesterId
+ }
+
+ actionMap["challenge_action_parameters"] = []interface{}{challengeActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.BlockIPActionParameters != nil {
+ blockIPActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ReturnCustomPageActionParameters != nil {
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.BandwidthAbuseDefense.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ bandwidthAbuseDefenseMap["action"] = []interface{}{actionMap}
+ }
+
+ httpDDoSProtectionMap["bandwidth_abuse_defense"] = []interface{}{bandwidthAbuseDefenseMap}
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense != nil {
+ slowAttackDefenseMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Enabled != nil {
+ slowAttackDefenseMap["enabled"] = respData.HttpDDoSProtection.SlowAttackDefense.Enabled
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action != nil {
+ actionMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.Name != nil {
+ actionMap["name"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.Name
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters != nil {
+ denyActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.BlockIp != nil {
+ denyActionParametersMap["block_ip"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.BlockIp
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.BlockIpDuration != nil {
+ denyActionParametersMap["block_ip_duration"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.BlockIpDuration
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.ReturnCustomPage != nil {
+ denyActionParametersMap["return_custom_page"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.ReturnCustomPage
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.ResponseCode != nil {
+ denyActionParametersMap["response_code"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.ErrorPageId != nil {
+ denyActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.ErrorPageId
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.Stall != nil {
+ denyActionParametersMap["stall"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.DenyActionParameters.Stall
+ }
+
+ actionMap["deny_action_parameters"] = []interface{}{denyActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.RedirectActionParameters != nil {
+ redirectActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.ChallengeActionParameters != nil {
+ challengeActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.ChallengeActionParameters.ChallengeOption != nil {
+ challengeActionParametersMap["challenge_option"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.ChallengeActionParameters.ChallengeOption
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.ChallengeActionParameters.Interval != nil {
+ challengeActionParametersMap["interval"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.ChallengeActionParameters.Interval
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.ChallengeActionParameters.AttesterId != nil {
+ challengeActionParametersMap["attester_id"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.ChallengeActionParameters.AttesterId
+ }
+
+ actionMap["challenge_action_parameters"] = []interface{}{challengeActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.BlockIPActionParameters != nil {
+ blockIPActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.ReturnCustomPageActionParameters != nil {
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = respData.HttpDDoSProtection.SlowAttackDefense.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ slowAttackDefenseMap["action"] = []interface{}{actionMap}
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.MinimalRequestBodyTransferRate != nil {
+ minimalRequestBodyTransferRateMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.MinimalRequestBodyTransferRate.MinimalAvgTransferRateThreshold != nil {
+ minimalRequestBodyTransferRateMap["minimal_avg_transfer_rate_threshold"] = respData.HttpDDoSProtection.SlowAttackDefense.MinimalRequestBodyTransferRate.MinimalAvgTransferRateThreshold
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.MinimalRequestBodyTransferRate.CountingPeriod != nil {
+ minimalRequestBodyTransferRateMap["counting_period"] = respData.HttpDDoSProtection.SlowAttackDefense.MinimalRequestBodyTransferRate.CountingPeriod
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.MinimalRequestBodyTransferRate.Enabled != nil {
+ minimalRequestBodyTransferRateMap["enabled"] = respData.HttpDDoSProtection.SlowAttackDefense.MinimalRequestBodyTransferRate.Enabled
+ }
+
+ slowAttackDefenseMap["minimal_request_body_transfer_rate"] = []interface{}{minimalRequestBodyTransferRateMap}
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.RequestBodyTransferTimeout != nil {
+ requestBodyTransferTimeoutMap := map[string]interface{}{}
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.RequestBodyTransferTimeout.IdleTimeout != nil {
+ requestBodyTransferTimeoutMap["idle_timeout"] = respData.HttpDDoSProtection.SlowAttackDefense.RequestBodyTransferTimeout.IdleTimeout
+ }
+
+ if respData.HttpDDoSProtection.SlowAttackDefense.RequestBodyTransferTimeout.Enabled != nil {
+ requestBodyTransferTimeoutMap["enabled"] = respData.HttpDDoSProtection.SlowAttackDefense.RequestBodyTransferTimeout.Enabled
+ }
+
+ slowAttackDefenseMap["request_body_transfer_timeout"] = []interface{}{requestBodyTransferTimeoutMap}
+ }
+
+ httpDDoSProtectionMap["slow_attack_defense"] = []interface{}{slowAttackDefenseMap}
+ }
+
+ securityPolicyMap["http_ddos_protection"] = []interface{}{httpDDoSProtectionMap}
+ }
+
+ if respData.RateLimitingRules != nil {
+ rateLimitingRulesMap := map[string]interface{}{}
+
+ if respData.RateLimitingRules.Rules != nil {
+ rulesList := []interface{}{}
+ for _, rules := range respData.RateLimitingRules.Rules {
+ rulesMap := map[string]interface{}{}
+
+ if rules.Id != nil {
+ rulesMap["id"] = rules.Id
+ }
+
+ if rules.Name != nil {
+ rulesMap["name"] = rules.Name
+ }
+
+ if rules.Condition != nil {
+ rulesMap["condition"] = rules.Condition
+ }
+
+ if rules.CountBy != nil {
+ rulesMap["count_by"] = rules.CountBy
+ }
+
+ if rules.MaxRequestThreshold != nil {
+ rulesMap["max_request_threshold"] = rules.MaxRequestThreshold
+ }
+
+ if rules.CountingPeriod != nil {
+ rulesMap["counting_period"] = rules.CountingPeriod
+ }
+
+ if rules.ActionDuration != nil {
+ rulesMap["action_duration"] = rules.ActionDuration
+ }
+
+ if rules.Action != nil {
+ actionMap := map[string]interface{}{}
+
+ if rules.Action.Name != nil {
+ actionMap["name"] = rules.Action.Name
+ }
+
+ if rules.Action.DenyActionParameters != nil {
+ denyActionParametersMap := map[string]interface{}{}
+
+ if rules.Action.DenyActionParameters.BlockIp != nil {
+ denyActionParametersMap["block_ip"] = rules.Action.DenyActionParameters.BlockIp
+ }
+
+ if rules.Action.DenyActionParameters.BlockIpDuration != nil {
+ denyActionParametersMap["block_ip_duration"] = rules.Action.DenyActionParameters.BlockIpDuration
+ }
+
+ if rules.Action.DenyActionParameters.ReturnCustomPage != nil {
+ denyActionParametersMap["return_custom_page"] = rules.Action.DenyActionParameters.ReturnCustomPage
+ }
+
+ if rules.Action.DenyActionParameters.ResponseCode != nil {
+ denyActionParametersMap["response_code"] = rules.Action.DenyActionParameters.ResponseCode
+ }
+
+ if rules.Action.DenyActionParameters.ErrorPageId != nil {
+ denyActionParametersMap["error_page_id"] = rules.Action.DenyActionParameters.ErrorPageId
+ }
+
+ if rules.Action.DenyActionParameters.Stall != nil {
+ denyActionParametersMap["stall"] = rules.Action.DenyActionParameters.Stall
+ }
+
+ actionMap["deny_action_parameters"] = []interface{}{denyActionParametersMap}
+ }
+
+ if rules.Action.RedirectActionParameters != nil {
+ redirectActionParametersMap := map[string]interface{}{}
+
+ if rules.Action.RedirectActionParameters.URL != nil {
+ redirectActionParametersMap["url"] = rules.Action.RedirectActionParameters.URL
+ }
+
+ actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ }
+
+ if rules.Action.ChallengeActionParameters != nil {
+ challengeActionParametersMap := map[string]interface{}{}
+
+ if rules.Action.ChallengeActionParameters.ChallengeOption != nil {
+ challengeActionParametersMap["challenge_option"] = rules.Action.ChallengeActionParameters.ChallengeOption
+ }
+
+ if rules.Action.ChallengeActionParameters.Interval != nil {
+ challengeActionParametersMap["interval"] = rules.Action.ChallengeActionParameters.Interval
+ }
+
+ if rules.Action.ChallengeActionParameters.AttesterId != nil {
+ challengeActionParametersMap["attester_id"] = rules.Action.ChallengeActionParameters.AttesterId
+ }
+
+ actionMap["challenge_action_parameters"] = []interface{}{challengeActionParametersMap}
+ }
+
+ if rules.Action.BlockIPActionParameters != nil {
+ blockIPActionParametersMap := map[string]interface{}{}
+
+ if rules.Action.BlockIPActionParameters.Duration != nil {
+ blockIPActionParametersMap["duration"] = rules.Action.BlockIPActionParameters.Duration
+ }
+
+ actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
+ }
+
+ if rules.Action.ReturnCustomPageActionParameters != nil {
+ returnCustomPageActionParametersMap := map[string]interface{}{}
+
+ if rules.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
+ returnCustomPageActionParametersMap["response_code"] = rules.Action.ReturnCustomPageActionParameters.ResponseCode
+ }
+
+ if rules.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
+ returnCustomPageActionParametersMap["error_page_id"] = rules.Action.ReturnCustomPageActionParameters.ErrorPageId
+ }
+
+ actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ }
+
+ rulesMap["action"] = []interface{}{actionMap}
+ }
+
+ if rules.Priority != nil {
+ rulesMap["priority"] = rules.Priority
+ }
+
+ if rules.Enabled != nil {
+ rulesMap["enabled"] = rules.Enabled
+ }
+
+ rulesList = append(rulesList, rulesMap)
+ }
+
+ if len(rulesList) > 0 {
+ rateLimitingRulesMap["rules"] = rulesList
+ securityPolicyMap["rate_limiting_rules"] = []interface{}{rateLimitingRulesMap}
+ }
+ }
+ }
+
+ if respData.ExceptionRules != nil {
+ exceptionRulesMap := map[string]interface{}{}
+
+ if respData.ExceptionRules.Rules != nil {
+ rulesList := []interface{}{}
+ for _, rules := range respData.ExceptionRules.Rules {
+ rulesMap := map[string]interface{}{}
+
+ if rules.Id != nil {
+ rulesMap["id"] = rules.Id
+ }
+
+ if rules.Name != nil {
+ rulesMap["name"] = rules.Name
+ }
+
+ if rules.Condition != nil {
+ rulesMap["condition"] = rules.Condition
+ }
+
+ if rules.SkipScope != nil {
+ rulesMap["skip_scope"] = rules.SkipScope
+ }
+
+ if rules.SkipOption != nil {
+ rulesMap["skip_option"] = rules.SkipOption
+ }
+
+ if rules.WebSecurityModulesForException != nil {
+ rulesMap["web_security_modules_for_exception"] = rules.WebSecurityModulesForException
+ }
+
+ if rules.ManagedRulesForException != nil {
+ rulesMap["managed_rules_for_exception"] = rules.ManagedRulesForException
+ }
+
+ if rules.ManagedRuleGroupsForException != nil {
+ rulesMap["managed_rule_groups_for_exception"] = rules.ManagedRuleGroupsForException
+ }
+
+ if rules.RequestFieldsForException != nil {
+ requestFieldsForExceptionList := []interface{}{}
+ for _, requestFieldsForException := range rules.RequestFieldsForException {
+ requestFieldsForExceptionMap := map[string]interface{}{}
+
+ if requestFieldsForException.Scope != nil {
+ requestFieldsForExceptionMap["scope"] = requestFieldsForException.Scope
+ }
+
+ if requestFieldsForException.Condition != nil {
+ requestFieldsForExceptionMap["condition"] = requestFieldsForException.Condition
+ }
+
+ if requestFieldsForException.TargetField != nil {
+ requestFieldsForExceptionMap["target_field"] = requestFieldsForException.TargetField
+ }
+
+ requestFieldsForExceptionList = append(requestFieldsForExceptionList, requestFieldsForExceptionMap)
+ }
+
+ rulesMap["request_fields_for_exception"] = requestFieldsForExceptionList
+ }
+
+ if rules.Enabled != nil {
+ rulesMap["enabled"] = rules.Enabled
+ }
+
+ rulesList = append(rulesList, rulesMap)
+ }
+
+ if len(rulesList) > 0 {
+ exceptionRulesMap["rules"] = rulesList
+ securityPolicyMap["exception_rules"] = []interface{}{exceptionRulesMap}
+ }
+ }
+ }
+
+ securityPolicyList = append(securityPolicyList, securityPolicyMap)
+ _ = d.Set("security_policy", securityPolicyList)
+ return nil
+}
+
+func resourceTencentCloudTeoSecurityPolicyConfigUpdate(d *schema.ResourceData, meta interface{}) error {
+ defer tccommon.LogElapsed("resource.tencentcloud_teo_security_policy_config.update")()
+ defer tccommon.InconsistentCheck(d, meta)()
+
+ var (
+ logId = tccommon.GetLogId(tccommon.ContextNil)
+ ctx = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
+ request = teov20220901.NewModifySecurityPolicyRequest()
+ zoneId string
+ entity string
+ host string
+ templateId string
+ )
+
+ idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+ if !(len(idSplit) == 2 || len(idSplit) == 3) {
+ return fmt.Errorf("id is broken,%s", d.Id())
+ }
+
+ zoneId = idSplit[0]
+ entity = idSplit[1]
+ if entity == "ZoneDefaultPolicy" && len(idSplit) == 2 {
+
+ } else if entity == "Host" && len(idSplit) == 3 {
+ host = idSplit[2]
+ } else if entity == "Template" && len(idSplit) == 3 {
+ templateId = idSplit[2]
+ } else {
+ return fmt.Errorf("`entity` is illegal, %s.", entity)
+ }
+
+ request.ZoneId = &zoneId
+ request.Entity = &entity
+ request.TemplateId = &templateId
+ request.Host = &host
+ request.SecurityConfig = &teov20220901.SecurityConfig{
+ RateLimitConfig: &teov20220901.RateLimitConfig{
+ RateLimitUserRules: []*teov20220901.RateLimitUserRule{},
+ Switch: helper.String("on"),
+ },
+ }
+
+ if securityPolicyMap, ok := helper.InterfacesHeadMap(d, "security_policy"); ok {
+ securityPolicy := teov20220901.SecurityPolicy{}
+ if customRulesMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["custom_rules"]); ok {
+ customRules := teov20220901.CustomRules{}
+ if v, ok := customRulesMap["rules"]; ok {
+ if len(v.([]interface{})) > 0 {
+ return fmt.Errorf("`rules` has been deprecated from version 1.81.184. Please use `precise_match_rules` or `basic_access_rules` instead.")
+ }
+ }
+
+ if v, ok := customRulesMap["precise_match_rules"]; ok {
+ for _, item := range v.([]interface{}) {
+ rulesMap := item.(map[string]interface{})
+ customRule := teov20220901.CustomRule{}
+ if v, ok := rulesMap["name"].(string); ok && v != "" {
+ customRule.Name = helper.String(v)
+ }
+
+ if v, ok := rulesMap["condition"].(string); ok && v != "" {
+ customRule.Condition = helper.String(v)
+ }
+
+ if actionMap, ok := helper.ConvertInterfacesHeadToMap(rulesMap["action"]); ok {
+ securityAction := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"].(string); ok && v != "" {
+ securityAction.Name = helper.String(v)
+ }
+
+ if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
+ blockIPActionParameters := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
+ blockIPActionParameters.Duration = helper.String(v)
+ }
+
+ securityAction.BlockIPActionParameters = &blockIPActionParameters
+ }
+
+ if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
+ returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
+ returnCustomPageActionParameters.ResponseCode = helper.String(v)
+ }
+
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
+ returnCustomPageActionParameters.ErrorPageId = helper.String(v)
+ }
+
+ securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
+ }
+
+ if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
+ redirectActionParameters := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
+ redirectActionParameters.URL = helper.String(v)
+ }
+
+ securityAction.RedirectActionParameters = &redirectActionParameters
+ }
+
+ customRule.Action = &securityAction
+ }
+
+ if v, ok := rulesMap["enabled"].(string); ok && v != "" {
+ customRule.Enabled = helper.String(v)
+ }
+
+ if v, ok := rulesMap["id"].(string); ok && v != "" {
+ customRule.Id = helper.String(v)
+ }
+
+ customRule.RuleType = helper.String("PreciseMatchRule")
+
+ if v, ok := rulesMap["priority"].(int); ok {
+ customRule.Priority = helper.IntInt64(v)
+ }
+
+ customRules.Rules = append(customRules.Rules, &customRule)
+ }
+ }
+
+ if v, ok := customRulesMap["basic_access_rules"]; ok {
+ for _, item := range v.([]interface{}) {
+ rulesMap := item.(map[string]interface{})
+ customRule := teov20220901.CustomRule{}
+ if v, ok := rulesMap["name"].(string); ok && v != "" {
+ customRule.Name = helper.String(v)
+ }
+
+ if v, ok := rulesMap["condition"].(string); ok && v != "" {
+ customRule.Condition = helper.String(v)
+ }
+
+ if actionMap, ok := helper.ConvertInterfacesHeadToMap(rulesMap["action"]); ok {
+ securityAction := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"].(string); ok && v != "" {
+ securityAction.Name = helper.String(v)
+ }
+
+ if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
+ blockIPActionParameters := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
+ blockIPActionParameters.Duration = helper.String(v)
+ }
+
+ securityAction.BlockIPActionParameters = &blockIPActionParameters
+ }
+
+ if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
+ returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
+ returnCustomPageActionParameters.ResponseCode = helper.String(v)
+ }
+
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
+ returnCustomPageActionParameters.ErrorPageId = helper.String(v)
+ }
+
+ securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
+ }
+
+ if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
+ redirectActionParameters := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
+ redirectActionParameters.URL = helper.String(v)
+ }
+
+ securityAction.RedirectActionParameters = &redirectActionParameters
+ }
+
+ customRule.Action = &securityAction
+ }
+
+ if v, ok := rulesMap["enabled"].(string); ok && v != "" {
+ customRule.Enabled = helper.String(v)
+ }
- "host": {
- Type: schema.TypeString,
- Optional: true,
- ForceNew: true,
- Description: "Specifies the specified domain. when the Entity parameter value is Host, use the domain-level policy specified by this parameter. for example: use www.example.com to configure the domain-level policy of the domain.",
- },
+ if v, ok := rulesMap["id"].(string); ok && v != "" {
+ customRule.Id = helper.String(v)
+ }
- "template_id": {
- Type: schema.TypeString,
- Optional: true,
- ForceNew: true,
- Description: "Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.",
- },
- },
- }
-}
+ customRule.RuleType = helper.String("BasicAccessRule")
-func resourceTencentCloudTeoSecurityPolicyConfigCreate(d *schema.ResourceData, meta interface{}) error {
- defer tccommon.LogElapsed("resource.tencentcloud_teo_security_policy_config.create")()
- defer tccommon.InconsistentCheck(d, meta)()
+ if v, ok := rulesMap["priority"].(int); ok {
+ customRule.Priority = helper.IntInt64(v)
+ }
- var (
- zoneId string
- entity string
- host string
- templateId string
- )
+ customRules.Rules = append(customRules.Rules, &customRule)
+ }
+ }
- if v, ok := d.GetOk("zone_id"); ok {
- zoneId = v.(string)
- }
+ securityPolicy.CustomRules = &customRules
+ } else {
+ securityPolicy.CustomRules = &teov20220901.CustomRules{
+ Rules: []*teov20220901.CustomRule{},
+ }
+ }
- if v, ok := d.GetOk("entity"); ok {
- entity = v.(string)
- }
+ if managedRulesMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["managed_rules"]); ok {
+ managedRules := teov20220901.ManagedRules{}
+ if v, ok := managedRulesMap["enabled"].(string); ok && v != "" {
+ managedRules.Enabled = helper.String(v)
+ }
- if v, ok := d.GetOk("host"); ok {
- host = v.(string)
- }
+ if v, ok := managedRulesMap["detection_only"].(string); ok && v != "" {
+ managedRules.DetectionOnly = helper.String(v)
+ }
- if v, ok := d.GetOk("template_id"); ok {
- templateId = v.(string)
- }
+ if v, ok := managedRulesMap["semantic_analysis"].(string); ok && v != "" {
+ managedRules.SemanticAnalysis = helper.String(v)
+ }
- if entity == "ZoneDefaultPolicy" && host == "" && templateId == "" {
- d.SetId(strings.Join([]string{zoneId, entity}, tccommon.FILED_SP))
- } else if entity == "Host" && host != "" && templateId == "" {
- d.SetId(strings.Join([]string{zoneId, entity, host}, tccommon.FILED_SP))
- } else if entity == "Template" && host == "" && templateId != "" {
- d.SetId(strings.Join([]string{zoneId, entity, templateId}, tccommon.FILED_SP))
- } else {
- return fmt.Errorf("If `entity` is `ZoneDefaultPolicy`, Please do not set `host` and `template_id`; If `entity` is `Host`, Only support set `host`; If `entity` is `Template`, Only support set `template_id`.")
- }
+ if autoUpdateMap, ok := helper.ConvertInterfacesHeadToMap(managedRulesMap["auto_update"]); ok {
+ managedRuleAutoUpdate := teov20220901.ManagedRuleAutoUpdate{}
+ if v, ok := autoUpdateMap["auto_update_to_latest_version"].(string); ok && v != "" {
+ managedRuleAutoUpdate.AutoUpdateToLatestVersion = helper.String(v)
+ }
- return resourceTencentCloudTeoSecurityPolicyConfigUpdate(d, meta)
-}
+ managedRules.AutoUpdate = &managedRuleAutoUpdate
+ }
-func resourceTencentCloudTeoSecurityPolicyConfigRead(d *schema.ResourceData, meta interface{}) error {
- defer tccommon.LogElapsed("resource.tencentcloud_teo_security_policy_config.read")()
- defer tccommon.InconsistentCheck(d, meta)()
+ if v, ok := managedRulesMap["managed_rule_groups"]; ok {
+ for _, item := range v.(*schema.Set).List() {
+ managedRuleGroupsMap := item.(map[string]interface{})
+ managedRuleGroup := teov20220901.ManagedRuleGroup{}
+ if v, ok := managedRuleGroupsMap["group_id"].(string); ok && v != "" {
+ managedRuleGroup.GroupId = helper.String(v)
+ }
- var (
- logId = tccommon.GetLogId(tccommon.ContextNil)
- ctx = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
- service = TeoService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
- zoneId string
- entity string
- host string
- templateId string
- )
+ if v, ok := managedRuleGroupsMap["sensitivity_level"].(string); ok && v != "" {
+ managedRuleGroup.SensitivityLevel = helper.String(v)
+ }
- idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
- if !(len(idSplit) == 2 || len(idSplit) == 3) {
- return fmt.Errorf("id is broken,%s", d.Id())
- }
+ if actionMap, ok := helper.ConvertInterfacesHeadToMap(managedRuleGroupsMap["action"]); ok {
+ securityAction2 := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"].(string); ok && v != "" {
+ securityAction2.Name = helper.String(v)
+ }
- zoneId = idSplit[0]
- entity = idSplit[1]
- if entity == "ZoneDefaultPolicy" && len(idSplit) == 2 {
+ if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
+ blockIPActionParameters2 := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
+ blockIPActionParameters2.Duration = helper.String(v)
+ }
- } else if entity == "Host" && len(idSplit) == 3 {
- host = idSplit[2]
- } else if entity == "Template" && len(idSplit) == 3 {
- templateId = idSplit[2]
- } else {
- return fmt.Errorf("`entity` is illegal, %s.", entity)
- }
+ securityAction2.BlockIPActionParameters = &blockIPActionParameters2
+ }
- respData, err := service.DescribeTeoSecurityPolicyConfigById(ctx, zoneId, entity, host, templateId)
- if err != nil {
- return err
- }
+ if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
+ returnCustomPageActionParameters2 := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
+ returnCustomPageActionParameters2.ResponseCode = helper.String(v)
+ }
- if respData == nil {
- d.SetId("")
- log.Printf("[WARN]%s resource `teo_security_policy` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
- return nil
- }
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
+ returnCustomPageActionParameters2.ErrorPageId = helper.String(v)
+ }
- _ = d.Set("zone_id", zoneId)
- _ = d.Set("entity", entity)
- _ = d.Set("host", host)
- _ = d.Set("template_id", templateId)
+ securityAction2.ReturnCustomPageActionParameters = &returnCustomPageActionParameters2
+ }
- securityPolicyList := make([]map[string]interface{}, 0, 1)
- securityPolicyMap := map[string]interface{}{}
- if respData.CustomRules != nil {
- customRulesMap := map[string]interface{}{}
- preciseMatchRulesList := make([]map[string]interface{}, 0, len(respData.CustomRules.Rules))
- basicAccessRulesList := make([]map[string]interface{}, 0, len(respData.CustomRules.Rules))
- if respData.CustomRules.Rules != nil {
- for _, rules := range respData.CustomRules.Rules {
- rulesMap := map[string]interface{}{}
- ruleType := ""
- if rules.Name != nil {
- rulesMap["name"] = rules.Name
+ if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
+ redirectActionParameters2 := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
+ redirectActionParameters2.URL = helper.String(v)
+ }
+
+ securityAction2.RedirectActionParameters = &redirectActionParameters2
+ }
+
+ managedRuleGroup.Action = &securityAction2
+ }
+
+ if v, ok := managedRuleGroupsMap["rule_actions"]; ok {
+ for _, item := range v.([]interface{}) {
+ ruleActionsMap := item.(map[string]interface{})
+ managedRuleAction := teov20220901.ManagedRuleAction{}
+ if v, ok := ruleActionsMap["rule_id"].(string); ok && v != "" {
+ managedRuleAction.RuleId = helper.String(v)
+ }
+
+ if actionMap, ok := helper.ConvertInterfacesHeadToMap(ruleActionsMap["action"]); ok {
+ securityAction3 := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"].(string); ok && v != "" {
+ securityAction3.Name = helper.String(v)
+ }
+
+ if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
+ blockIPActionParameters3 := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
+ blockIPActionParameters3.Duration = helper.String(v)
+ }
+
+ securityAction3.BlockIPActionParameters = &blockIPActionParameters3
+ }
+
+ if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
+ returnCustomPageActionParameters3 := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
+ returnCustomPageActionParameters3.ResponseCode = helper.String(v)
+ }
+
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
+ returnCustomPageActionParameters3.ErrorPageId = helper.String(v)
+ }
+
+ securityAction3.ReturnCustomPageActionParameters = &returnCustomPageActionParameters3
+ }
+
+ if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
+ redirectActionParameters3 := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
+ redirectActionParameters3.URL = helper.String(v)
+ }
+
+ securityAction3.RedirectActionParameters = &redirectActionParameters3
+ }
+
+ managedRuleAction.Action = &securityAction3
+ }
+
+ managedRuleGroup.RuleActions = append(managedRuleGroup.RuleActions, &managedRuleAction)
+ }
+ }
+
+ managedRules.ManagedRuleGroups = append(managedRules.ManagedRuleGroups, &managedRuleGroup)
}
+ }
- if rules.Condition != nil {
- rulesMap["condition"] = rules.Condition
+ securityPolicy.ManagedRules = &managedRules
+ }
+
+ if httpDDoSProtectionMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["http_ddos_protection"]); ok {
+ httpDDoSProtection := teov20220901.HttpDDoSProtection{}
+ if adaptiveFrequencyControlMap, ok := helper.InterfaceToMap(httpDDoSProtectionMap, "adaptive_frequency_control"); ok {
+ adaptiveFrequencyControl := teov20220901.AdaptiveFrequencyControl{}
+ if v, ok := adaptiveFrequencyControlMap["enabled"]; ok {
+ adaptiveFrequencyControl.Enabled = helper.String(v.(string))
}
- actionMap := map[string]interface{}{}
- if rules.Action != nil {
- if rules.Action.Name != nil {
- actionMap["name"] = rules.Action.Name
+ if v, ok := adaptiveFrequencyControlMap["sensitivity"]; ok {
+ adaptiveFrequencyControl.Sensitivity = helper.String(v.(string))
+ }
+
+ if actionMap, ok := helper.InterfaceToMap(adaptiveFrequencyControlMap, "action"); ok {
+ securityAction := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"]; ok {
+ securityAction.Name = helper.String(v.(string))
}
- blockIPActionParametersMap := map[string]interface{}{}
- if rules.Action.BlockIPActionParameters != nil {
- if rules.Action.BlockIPActionParameters.Duration != nil {
- blockIPActionParametersMap["duration"] = rules.Action.BlockIPActionParameters.Duration
+ if denyActionParametersMap, ok := helper.InterfaceToMap(actionMap, "deny_action_parameters"); ok {
+ denyActionParameters := teov20220901.DenyActionParameters{}
+ if v, ok := denyActionParametersMap["block_ip"]; ok {
+ denyActionParameters.BlockIp = helper.String(v.(string))
+ }
+
+ if v, ok := denyActionParametersMap["block_ip_duration"]; ok {
+ denyActionParameters.BlockIpDuration = helper.String(v.(string))
}
- actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
- }
+ if v, ok := denyActionParametersMap["return_custom_page"]; ok {
+ denyActionParameters.ReturnCustomPage = helper.String(v.(string))
+ }
- returnCustomPageActionParametersMap := map[string]interface{}{}
- if rules.Action.ReturnCustomPageActionParameters != nil {
- if rules.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
- returnCustomPageActionParametersMap["response_code"] = rules.Action.ReturnCustomPageActionParameters.ResponseCode
+ if v, ok := denyActionParametersMap["response_code"]; ok {
+ denyActionParameters.ResponseCode = helper.String(v.(string))
}
- if rules.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
- returnCustomPageActionParametersMap["error_page_id"] = rules.Action.ReturnCustomPageActionParameters.ErrorPageId
+ if v, ok := denyActionParametersMap["error_page_id"]; ok {
+ denyActionParameters.ErrorPageId = helper.String(v.(string))
}
- actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
+ if v, ok := denyActionParametersMap["stall"]; ok {
+ denyActionParameters.Stall = helper.String(v.(string))
+ }
+
+ securityAction.DenyActionParameters = &denyActionParameters
}
- redirectActionParametersMap := map[string]interface{}{}
- if rules.Action.RedirectActionParameters != nil {
- if rules.Action.RedirectActionParameters.URL != nil {
- redirectActionParametersMap["url"] = rules.Action.RedirectActionParameters.URL
+ if redirectActionParametersMap, ok := helper.InterfaceToMap(actionMap, "redirect_action_parameters"); ok {
+ redirectActionParameters := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"]; ok {
+ redirectActionParameters.URL = helper.String(v.(string))
}
- actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ securityAction.RedirectActionParameters = &redirectActionParameters
}
- rulesMap["action"] = []interface{}{actionMap}
- }
-
- if rules.Enabled != nil {
- rulesMap["enabled"] = rules.Enabled
- }
+ if challengeActionParametersMap, ok := helper.InterfaceToMap(actionMap, "challenge_action_parameters"); ok {
+ challengeActionParameters := teov20220901.ChallengeActionParameters{}
+ if v, ok := challengeActionParametersMap["challenge_option"]; ok {
+ challengeActionParameters.ChallengeOption = helper.String(v.(string))
+ }
- if rules.Id != nil {
- rulesMap["id"] = rules.Id
- }
+ if v, ok := challengeActionParametersMap["interval"]; ok {
+ challengeActionParameters.Interval = helper.String(v.(string))
+ }
- if rules.RuleType != nil {
- rulesMap["rule_type"] = rules.RuleType
- ruleType = *rules.RuleType
- }
+ if v, ok := challengeActionParametersMap["attester_id"]; ok {
+ challengeActionParameters.AttesterId = helper.String(v.(string))
+ }
- if rules.Priority != nil {
- rulesMap["priority"] = rules.Priority
- }
+ securityAction.ChallengeActionParameters = &challengeActionParameters
+ }
- if ruleType == "PreciseMatchRule" {
- preciseMatchRulesList = append(preciseMatchRulesList, rulesMap)
- } else if ruleType == "BasicAccessRule" {
- basicAccessRulesList = append(basicAccessRulesList, rulesMap)
- } else {
- continue
- }
- }
- }
+ if blockIPActionParametersMap, ok := helper.InterfaceToMap(actionMap, "block_ip_action_parameters"); ok {
+ blockIPActionParameters := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"]; ok {
+ blockIPActionParameters.Duration = helper.String(v.(string))
+ }
- customRulesMap["precise_match_rules"] = preciseMatchRulesList
- customRulesMap["basic_access_rules"] = basicAccessRulesList
- securityPolicyMap["custom_rules"] = []interface{}{customRulesMap}
- }
+ securityAction.BlockIPActionParameters = &blockIPActionParameters
+ }
- if respData.ManagedRules != nil {
- managedRulesMap := map[string]interface{}{}
- if respData.ManagedRules.Enabled != nil {
- managedRulesMap["enabled"] = respData.ManagedRules.Enabled
- }
+ if returnCustomPageActionParametersMap, ok := helper.InterfaceToMap(actionMap, "return_custom_page_action_parameters"); ok {
+ returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"]; ok {
+ returnCustomPageActionParameters.ResponseCode = helper.String(v.(string))
+ }
- if respData.ManagedRules.DetectionOnly != nil {
- managedRulesMap["detection_only"] = respData.ManagedRules.DetectionOnly
- }
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"]; ok {
+ returnCustomPageActionParameters.ErrorPageId = helper.String(v.(string))
+ }
- if respData.ManagedRules.SemanticAnalysis != nil {
- managedRulesMap["semantic_analysis"] = respData.ManagedRules.SemanticAnalysis
- }
+ securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
+ }
- autoUpdateMap := map[string]interface{}{}
- if respData.ManagedRules.AutoUpdate != nil {
- if respData.ManagedRules.AutoUpdate.AutoUpdateToLatestVersion != nil {
- autoUpdateMap["auto_update_to_latest_version"] = respData.ManagedRules.AutoUpdate.AutoUpdateToLatestVersion
- }
+ adaptiveFrequencyControl.Action = &securityAction
+ }
- if respData.ManagedRules.AutoUpdate.RulesetVersion != nil {
- autoUpdateMap["ruleset_version"] = respData.ManagedRules.AutoUpdate.RulesetVersion
+ httpDDoSProtection.AdaptiveFrequencyControl = &adaptiveFrequencyControl
}
- managedRulesMap["auto_update"] = []interface{}{autoUpdateMap}
- }
-
- managedRuleGroupsList := make([]map[string]interface{}, 0, len(respData.ManagedRules.ManagedRuleGroups))
- if respData.ManagedRules.ManagedRuleGroups != nil {
- for _, managedRuleGroups := range respData.ManagedRules.ManagedRuleGroups {
- managedRuleGroupsMap := map[string]interface{}{}
-
- if managedRuleGroups.GroupId != nil {
- managedRuleGroupsMap["group_id"] = managedRuleGroups.GroupId
- }
-
- if managedRuleGroups.SensitivityLevel != nil {
- managedRuleGroupsMap["sensitivity_level"] = managedRuleGroups.SensitivityLevel
+ if clientFilteringMap, ok := helper.InterfaceToMap(httpDDoSProtectionMap, "client_filtering"); ok {
+ clientFiltering := teov20220901.ClientFiltering{}
+ if v, ok := clientFilteringMap["enabled"]; ok {
+ clientFiltering.Enabled = helper.String(v.(string))
}
- actionMap := map[string]interface{}{}
- if managedRuleGroups.Action != nil {
- if managedRuleGroups.Action.Name != nil {
- actionMap["name"] = managedRuleGroups.Action.Name
+ if actionMap, ok := helper.InterfaceToMap(clientFilteringMap, "action"); ok {
+ securityAction := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"]; ok {
+ securityAction.Name = helper.String(v.(string))
}
- blockIPActionParametersMap := map[string]interface{}{}
- if managedRuleGroups.Action.BlockIPActionParameters != nil {
- if managedRuleGroups.Action.BlockIPActionParameters.Duration != nil {
- blockIPActionParametersMap["duration"] = managedRuleGroups.Action.BlockIPActionParameters.Duration
+ if denyActionParametersMap, ok := helper.InterfaceToMap(actionMap, "deny_action_parameters"); ok {
+ denyActionParameters := teov20220901.DenyActionParameters{}
+ if v, ok := denyActionParametersMap["block_ip"]; ok {
+ denyActionParameters.BlockIp = helper.String(v.(string))
}
- actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
- }
+ if v, ok := denyActionParametersMap["block_ip_duration"]; ok {
+ denyActionParameters.BlockIpDuration = helper.String(v.(string))
+ }
- returnCustomPageActionParametersMap := map[string]interface{}{}
- if managedRuleGroups.Action.ReturnCustomPageActionParameters != nil {
- if managedRuleGroups.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
- returnCustomPageActionParametersMap["response_code"] = managedRuleGroups.Action.ReturnCustomPageActionParameters.ResponseCode
+ if v, ok := denyActionParametersMap["return_custom_page"]; ok {
+ denyActionParameters.ReturnCustomPage = helper.String(v.(string))
}
- if managedRuleGroups.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
- returnCustomPageActionParametersMap["error_page_id"] = managedRuleGroups.Action.ReturnCustomPageActionParameters.ErrorPageId
+ if v, ok := denyActionParametersMap["response_code"]; ok {
+ denyActionParameters.ResponseCode = helper.String(v.(string))
}
- actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
- }
+ if v, ok := denyActionParametersMap["error_page_id"]; ok {
+ denyActionParameters.ErrorPageId = helper.String(v.(string))
+ }
- redirectActionParametersMap := map[string]interface{}{}
- if managedRuleGroups.Action.RedirectActionParameters != nil {
- if managedRuleGroups.Action.RedirectActionParameters.URL != nil {
- redirectActionParametersMap["url"] = managedRuleGroups.Action.RedirectActionParameters.URL
+ if v, ok := denyActionParametersMap["stall"]; ok {
+ denyActionParameters.Stall = helper.String(v.(string))
}
- actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
+ securityAction.DenyActionParameters = &denyActionParameters
}
- managedRuleGroupsMap["action"] = []interface{}{actionMap}
- }
-
- ruleActionsList := make([]map[string]interface{}, 0, len(managedRuleGroups.RuleActions))
- if managedRuleGroups.RuleActions != nil {
- for _, ruleActions := range managedRuleGroups.RuleActions {
- ruleActionsMap := map[string]interface{}{}
- if ruleActions.RuleId != nil {
- ruleActionsMap["rule_id"] = ruleActions.RuleId
+ if redirectActionParametersMap, ok := helper.InterfaceToMap(actionMap, "redirect_action_parameters"); ok {
+ redirectActionParameters := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"]; ok {
+ redirectActionParameters.URL = helper.String(v.(string))
}
- actionMap := map[string]interface{}{}
- if ruleActions.Action != nil {
- if ruleActions.Action.Name != nil {
- actionMap["name"] = ruleActions.Action.Name
- }
+ securityAction.RedirectActionParameters = &redirectActionParameters
+ }
- blockIPActionParametersMap := map[string]interface{}{}
- if ruleActions.Action.BlockIPActionParameters != nil {
- if ruleActions.Action.BlockIPActionParameters.Duration != nil {
- blockIPActionParametersMap["duration"] = ruleActions.Action.BlockIPActionParameters.Duration
- }
+ if challengeActionParametersMap, ok := helper.InterfaceToMap(actionMap, "challenge_action_parameters"); ok {
+ challengeActionParameters := teov20220901.ChallengeActionParameters{}
+ if v, ok := challengeActionParametersMap["challenge_option"]; ok {
+ challengeActionParameters.ChallengeOption = helper.String(v.(string))
+ }
- actionMap["block_ip_action_parameters"] = []interface{}{blockIPActionParametersMap}
- }
+ if v, ok := challengeActionParametersMap["interval"]; ok {
+ challengeActionParameters.Interval = helper.String(v.(string))
+ }
- returnCustomPageActionParametersMap := map[string]interface{}{}
- if ruleActions.Action.ReturnCustomPageActionParameters != nil {
- if ruleActions.Action.ReturnCustomPageActionParameters.ResponseCode != nil {
- returnCustomPageActionParametersMap["response_code"] = ruleActions.Action.ReturnCustomPageActionParameters.ResponseCode
- }
+ if v, ok := challengeActionParametersMap["attester_id"]; ok {
+ challengeActionParameters.AttesterId = helper.String(v.(string))
+ }
- if ruleActions.Action.ReturnCustomPageActionParameters.ErrorPageId != nil {
- returnCustomPageActionParametersMap["error_page_id"] = ruleActions.Action.ReturnCustomPageActionParameters.ErrorPageId
- }
+ securityAction.ChallengeActionParameters = &challengeActionParameters
+ }
- actionMap["return_custom_page_action_parameters"] = []interface{}{returnCustomPageActionParametersMap}
- }
+ if blockIPActionParametersMap, ok := helper.InterfaceToMap(actionMap, "block_ip_action_parameters"); ok {
+ blockIPActionParameters := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"]; ok {
+ blockIPActionParameters.Duration = helper.String(v.(string))
+ }
- redirectActionParametersMap := map[string]interface{}{}
- if ruleActions.Action.RedirectActionParameters != nil {
- if ruleActions.Action.RedirectActionParameters.URL != nil {
- redirectActionParametersMap["url"] = ruleActions.Action.RedirectActionParameters.URL
- }
+ securityAction.BlockIPActionParameters = &blockIPActionParameters
+ }
- actionMap["redirect_action_parameters"] = []interface{}{redirectActionParametersMap}
- }
+ if returnCustomPageActionParametersMap, ok := helper.InterfaceToMap(actionMap, "return_custom_page_action_parameters"); ok {
+ returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"]; ok {
+ returnCustomPageActionParameters.ResponseCode = helper.String(v.(string))
+ }
- ruleActionsMap["action"] = []interface{}{actionMap}
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"]; ok {
+ returnCustomPageActionParameters.ErrorPageId = helper.String(v.(string))
}
- ruleActionsList = append(ruleActionsList, ruleActionsMap)
+ securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
}
- managedRuleGroupsMap["rule_actions"] = ruleActionsList
+ clientFiltering.Action = &securityAction
}
- metaDataMap := map[string]interface{}{}
- if managedRuleGroups.MetaData != nil {
- if managedRuleGroups.MetaData.GroupDetail != nil {
- metaDataMap["group_detail"] = managedRuleGroups.MetaData.GroupDetail
- }
+ httpDDoSProtection.ClientFiltering = &clientFiltering
+ }
- if managedRuleGroups.MetaData.GroupName != nil {
- metaDataMap["group_name"] = managedRuleGroups.MetaData.GroupName
+ if bandwidthAbuseDefenseMap, ok := helper.InterfaceToMap(httpDDoSProtectionMap, "bandwidth_abuse_defense"); ok {
+ bandwidthAbuseDefense := teov20220901.BandwidthAbuseDefense{}
+ if v, ok := bandwidthAbuseDefenseMap["enabled"]; ok {
+ bandwidthAbuseDefense.Enabled = helper.String(v.(string))
+ }
+
+ if actionMap, ok := helper.InterfaceToMap(bandwidthAbuseDefenseMap, "action"); ok {
+ securityAction := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"]; ok {
+ securityAction.Name = helper.String(v.(string))
}
- ruleDetailsList := make([]map[string]interface{}, 0, len(managedRuleGroups.MetaData.RuleDetails))
- if managedRuleGroups.MetaData.RuleDetails != nil {
- for _, ruleDetails := range managedRuleGroups.MetaData.RuleDetails {
- ruleDetailsMap := map[string]interface{}{}
- if ruleDetails.RuleId != nil {
- ruleDetailsMap["rule_id"] = ruleDetails.RuleId
- }
+ if denyActionParametersMap, ok := helper.InterfaceToMap(actionMap, "deny_action_parameters"); ok {
+ denyActionParameters := teov20220901.DenyActionParameters{}
+ if v, ok := denyActionParametersMap["block_ip"]; ok {
+ denyActionParameters.BlockIp = helper.String(v.(string))
+ }
- if ruleDetails.RiskLevel != nil {
- ruleDetailsMap["risk_level"] = ruleDetails.RiskLevel
- }
+ if v, ok := denyActionParametersMap["block_ip_duration"]; ok {
+ denyActionParameters.BlockIpDuration = helper.String(v.(string))
+ }
- if ruleDetails.Description != nil {
- ruleDetailsMap["description"] = ruleDetails.Description
- }
+ if v, ok := denyActionParametersMap["return_custom_page"]; ok {
+ denyActionParameters.ReturnCustomPage = helper.String(v.(string))
+ }
- if ruleDetails.Tags != nil {
- ruleDetailsMap["tags"] = ruleDetails.Tags
- }
+ if v, ok := denyActionParametersMap["response_code"]; ok {
+ denyActionParameters.ResponseCode = helper.String(v.(string))
+ }
- if ruleDetails.RuleVersion != nil {
- ruleDetailsMap["rule_version"] = ruleDetails.RuleVersion
- }
+ if v, ok := denyActionParametersMap["error_page_id"]; ok {
+ denyActionParameters.ErrorPageId = helper.String(v.(string))
+ }
- ruleDetailsList = append(ruleDetailsList, ruleDetailsMap)
+ if v, ok := denyActionParametersMap["stall"]; ok {
+ denyActionParameters.Stall = helper.String(v.(string))
}
- metaDataMap["rule_details"] = ruleDetailsList
+ securityAction.DenyActionParameters = &denyActionParameters
}
- managedRuleGroupsMap["meta_data"] = []interface{}{metaDataMap}
- }
- managedRuleGroupsList = append(managedRuleGroupsList, managedRuleGroupsMap)
- }
+ if redirectActionParametersMap, ok := helper.InterfaceToMap(actionMap, "redirect_action_parameters"); ok {
+ redirectActionParameters := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"]; ok {
+ redirectActionParameters.URL = helper.String(v.(string))
+ }
- managedRulesMap["managed_rule_groups"] = managedRuleGroupsList
- }
+ securityAction.RedirectActionParameters = &redirectActionParameters
+ }
- securityPolicyMap["managed_rules"] = []interface{}{managedRulesMap}
- }
+ if challengeActionParametersMap, ok := helper.InterfaceToMap(actionMap, "challenge_action_parameters"); ok {
+ challengeActionParameters := teov20220901.ChallengeActionParameters{}
+ if v, ok := challengeActionParametersMap["challenge_option"]; ok {
+ challengeActionParameters.ChallengeOption = helper.String(v.(string))
+ }
- securityPolicyList = append(securityPolicyList, securityPolicyMap)
- _ = d.Set("security_policy", securityPolicyList)
- return nil
-}
+ if v, ok := challengeActionParametersMap["interval"]; ok {
+ challengeActionParameters.Interval = helper.String(v.(string))
+ }
-func resourceTencentCloudTeoSecurityPolicyConfigUpdate(d *schema.ResourceData, meta interface{}) error {
- defer tccommon.LogElapsed("resource.tencentcloud_teo_security_policy_config.update")()
- defer tccommon.InconsistentCheck(d, meta)()
+ if v, ok := challengeActionParametersMap["attester_id"]; ok {
+ challengeActionParameters.AttesterId = helper.String(v.(string))
+ }
- var (
- logId = tccommon.GetLogId(tccommon.ContextNil)
- ctx = tccommon.NewResourceLifeCycleHandleFuncContext(context.Background(), logId, d, meta)
- request = teov20220901.NewModifySecurityPolicyRequest()
- zoneId string
- entity string
- host string
- templateId string
- )
+ securityAction.ChallengeActionParameters = &challengeActionParameters
+ }
- idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
- if !(len(idSplit) == 2 || len(idSplit) == 3) {
- return fmt.Errorf("id is broken,%s", d.Id())
- }
+ if blockIPActionParametersMap, ok := helper.InterfaceToMap(actionMap, "block_ip_action_parameters"); ok {
+ blockIPActionParameters := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"]; ok {
+ blockIPActionParameters.Duration = helper.String(v.(string))
+ }
- zoneId = idSplit[0]
- entity = idSplit[1]
- if entity == "ZoneDefaultPolicy" && len(idSplit) == 2 {
+ securityAction.BlockIPActionParameters = &blockIPActionParameters
+ }
- } else if entity == "Host" && len(idSplit) == 3 {
- host = idSplit[2]
- } else if entity == "Template" && len(idSplit) == 3 {
- templateId = idSplit[2]
- } else {
- return fmt.Errorf("`entity` is illegal, %s.", entity)
- }
+ if returnCustomPageActionParametersMap, ok := helper.InterfaceToMap(actionMap, "return_custom_page_action_parameters"); ok {
+ returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"]; ok {
+ returnCustomPageActionParameters.ResponseCode = helper.String(v.(string))
+ }
- request.ZoneId = &zoneId
- request.Entity = &entity
- request.TemplateId = &templateId
- request.Host = &host
- request.SecurityConfig = &teov20220901.SecurityConfig{}
- if securityPolicyMap, ok := helper.InterfacesHeadMap(d, "security_policy"); ok {
- securityPolicy := teov20220901.SecurityPolicy{}
- if customRulesMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["custom_rules"]); ok {
- customRules := teov20220901.CustomRules{}
- if v, ok := customRulesMap["rules"]; ok {
- if len(v.([]interface{})) > 0 {
- return fmt.Errorf("`rules` has been deprecated from version 1.81.184. Please use `precise_match_rules` or `basic_access_rules` instead.")
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"]; ok {
+ returnCustomPageActionParameters.ErrorPageId = helper.String(v.(string))
+ }
+
+ securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
+ }
+ bandwidthAbuseDefense.Action = &securityAction
}
+
+ httpDDoSProtection.BandwidthAbuseDefense = &bandwidthAbuseDefense
}
- if v, ok := customRulesMap["precise_match_rules"]; ok {
- for _, item := range v.([]interface{}) {
- rulesMap := item.(map[string]interface{})
- customRule := teov20220901.CustomRule{}
- if v, ok := rulesMap["name"].(string); ok && v != "" {
- customRule.Name = helper.String(v)
+ if slowAttackDefenseMap, ok := helper.InterfaceToMap(httpDDoSProtectionMap, "slow_attack_defense"); ok {
+ slowAttackDefense := teov20220901.SlowAttackDefense{}
+ if v, ok := slowAttackDefenseMap["enabled"]; ok {
+ slowAttackDefense.Enabled = helper.String(v.(string))
+ }
+
+ if actionMap, ok := helper.InterfaceToMap(slowAttackDefenseMap, "action"); ok {
+ securityAction := teov20220901.SecurityAction{}
+ if v, ok := actionMap["name"]; ok {
+ securityAction.Name = helper.String(v.(string))
}
- if v, ok := rulesMap["condition"].(string); ok && v != "" {
- customRule.Condition = helper.String(v)
+ if denyActionParametersMap, ok := helper.InterfaceToMap(actionMap, "deny_action_parameters"); ok {
+ denyActionParameters := teov20220901.DenyActionParameters{}
+ if v, ok := denyActionParametersMap["block_ip"]; ok {
+ denyActionParameters.BlockIp = helper.String(v.(string))
+ }
+
+ if v, ok := denyActionParametersMap["block_ip_duration"]; ok {
+ denyActionParameters.BlockIpDuration = helper.String(v.(string))
+ }
+
+ if v, ok := denyActionParametersMap["return_custom_page"]; ok {
+ denyActionParameters.ReturnCustomPage = helper.String(v.(string))
+ }
+
+ if v, ok := denyActionParametersMap["response_code"]; ok {
+ denyActionParameters.ResponseCode = helper.String(v.(string))
+ }
+
+ if v, ok := denyActionParametersMap["error_page_id"]; ok {
+ denyActionParameters.ErrorPageId = helper.String(v.(string))
+ }
+
+ if v, ok := denyActionParametersMap["stall"]; ok {
+ denyActionParameters.Stall = helper.String(v.(string))
+ }
+
+ securityAction.DenyActionParameters = &denyActionParameters
}
- if actionMap, ok := helper.ConvertInterfacesHeadToMap(rulesMap["action"]); ok {
- securityAction := teov20220901.SecurityAction{}
- if v, ok := actionMap["name"].(string); ok && v != "" {
- securityAction.Name = helper.String(v)
+ if redirectActionParametersMap, ok := helper.InterfaceToMap(actionMap, "redirect_action_parameters"); ok {
+ redirectActionParameters := teov20220901.RedirectActionParameters{}
+ if v, ok := redirectActionParametersMap["url"]; ok {
+ redirectActionParameters.URL = helper.String(v.(string))
}
- if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
- blockIPActionParameters := teov20220901.BlockIPActionParameters{}
- if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
- blockIPActionParameters.Duration = helper.String(v)
- }
+ securityAction.RedirectActionParameters = &redirectActionParameters
+ }
- securityAction.BlockIPActionParameters = &blockIPActionParameters
+ if challengeActionParametersMap, ok := helper.InterfaceToMap(actionMap, "challenge_action_parameters"); ok {
+ challengeActionParameters := teov20220901.ChallengeActionParameters{}
+ if v, ok := challengeActionParametersMap["challenge_option"]; ok {
+ challengeActionParameters.ChallengeOption = helper.String(v.(string))
}
- if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
- returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
- if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
- returnCustomPageActionParameters.ResponseCode = helper.String(v)
- }
+ if v, ok := challengeActionParametersMap["interval"]; ok {
+ challengeActionParameters.Interval = helper.String(v.(string))
+ }
- if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
- returnCustomPageActionParameters.ErrorPageId = helper.String(v)
- }
+ if v, ok := challengeActionParametersMap["attester_id"]; ok {
+ challengeActionParameters.AttesterId = helper.String(v.(string))
+ }
- securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
+ securityAction.ChallengeActionParameters = &challengeActionParameters
+ }
+
+ if blockIPActionParametersMap, ok := helper.InterfaceToMap(actionMap, "block_ip_action_parameters"); ok {
+ blockIPActionParameters := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"]; ok {
+ blockIPActionParameters.Duration = helper.String(v.(string))
}
- if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
- redirectActionParameters := teov20220901.RedirectActionParameters{}
- if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
- redirectActionParameters.URL = helper.String(v)
- }
+ securityAction.BlockIPActionParameters = &blockIPActionParameters
+ }
- securityAction.RedirectActionParameters = &redirectActionParameters
+ if returnCustomPageActionParametersMap, ok := helper.InterfaceToMap(actionMap, "return_custom_page_action_parameters"); ok {
+ returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"]; ok {
+ returnCustomPageActionParameters.ResponseCode = helper.String(v.(string))
}
- customRule.Action = &securityAction
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"]; ok {
+ returnCustomPageActionParameters.ErrorPageId = helper.String(v.(string))
+ }
+
+ securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
}
- if v, ok := rulesMap["enabled"].(string); ok && v != "" {
- customRule.Enabled = helper.String(v)
+ slowAttackDefense.Action = &securityAction
+ }
+
+ if minimalRequestBodyTransferRateMap, ok := helper.InterfaceToMap(slowAttackDefenseMap, "minimal_request_body_transfer_rate"); ok {
+ minimalRequestBodyTransferRate := teov20220901.MinimalRequestBodyTransferRate{}
+ if v, ok := minimalRequestBodyTransferRateMap["minimal_avg_transfer_rate_threshold"]; ok {
+ minimalRequestBodyTransferRate.MinimalAvgTransferRateThreshold = helper.String(v.(string))
}
- if v, ok := rulesMap["id"].(string); ok && v != "" {
- customRule.Id = helper.String(v)
+ if v, ok := minimalRequestBodyTransferRateMap["counting_period"]; ok {
+ minimalRequestBodyTransferRate.CountingPeriod = helper.String(v.(string))
}
- customRule.RuleType = helper.String("PreciseMatchRule")
+ if v, ok := minimalRequestBodyTransferRateMap["enabled"]; ok {
+ minimalRequestBodyTransferRate.Enabled = helper.String(v.(string))
+ }
- if v, ok := rulesMap["priority"].(int); ok {
- customRule.Priority = helper.IntInt64(v)
+ slowAttackDefense.MinimalRequestBodyTransferRate = &minimalRequestBodyTransferRate
+ }
+
+ if requestBodyTransferTimeoutMap, ok := helper.InterfaceToMap(slowAttackDefenseMap, "request_body_transfer_timeout"); ok {
+ requestBodyTransferTimeout := teov20220901.RequestBodyTransferTimeout{}
+ if v, ok := requestBodyTransferTimeoutMap["idle_timeout"]; ok {
+ requestBodyTransferTimeout.IdleTimeout = helper.String(v.(string))
}
- customRules.Rules = append(customRules.Rules, &customRule)
+ if v, ok := requestBodyTransferTimeoutMap["enabled"]; ok {
+ requestBodyTransferTimeout.Enabled = helper.String(v.(string))
+ }
+
+ slowAttackDefense.RequestBodyTransferTimeout = &requestBodyTransferTimeout
}
+
+ httpDDoSProtection.SlowAttackDefense = &slowAttackDefense
}
- if v, ok := customRulesMap["basic_access_rules"]; ok {
+ securityPolicy.HttpDDoSProtection = &httpDDoSProtection
+ }
+
+ if rateLimitingRulesMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["rate_limiting_rules"]); ok {
+ rateLimitingRules := teov20220901.RateLimitingRules{}
+ if v, ok := rateLimitingRulesMap["rules"]; ok {
for _, item := range v.([]interface{}) {
rulesMap := item.(map[string]interface{})
- customRule := teov20220901.CustomRule{}
- if v, ok := rulesMap["name"].(string); ok && v != "" {
- customRule.Name = helper.String(v)
+ rateLimitingRule := teov20220901.RateLimitingRule{}
+ if v, ok := rulesMap["id"]; ok {
+ rateLimitingRule.Id = helper.String(v.(string))
}
- if v, ok := rulesMap["condition"].(string); ok && v != "" {
- customRule.Condition = helper.String(v)
+ if v, ok := rulesMap["name"]; ok {
+ rateLimitingRule.Name = helper.String(v.(string))
}
- if actionMap, ok := helper.ConvertInterfacesHeadToMap(rulesMap["action"]); ok {
+ if v, ok := rulesMap["condition"]; ok {
+ rateLimitingRule.Condition = helper.String(v.(string))
+ }
+
+ if v, ok := rulesMap["count_by"]; ok {
+ countBySet := v.(*schema.Set).List()
+ for i := range countBySet {
+ if countBySet[i] != nil {
+ countBy := countBySet[i].(string)
+ rateLimitingRule.CountBy = append(rateLimitingRule.CountBy, &countBy)
+ }
+ }
+ }
+
+ if v, ok := rulesMap["max_request_threshold"]; ok {
+ rateLimitingRule.MaxRequestThreshold = helper.IntInt64(v.(int))
+ }
+
+ if v, ok := rulesMap["counting_period"]; ok {
+ rateLimitingRule.CountingPeriod = helper.String(v.(string))
+ }
+
+ if v, ok := rulesMap["action_duration"]; ok {
+ rateLimitingRule.ActionDuration = helper.String(v.(string))
+ }
+
+ if actionMap, ok := helper.InterfaceToMap(rulesMap, "action"); ok {
securityAction := teov20220901.SecurityAction{}
- if v, ok := actionMap["name"].(string); ok && v != "" {
- securityAction.Name = helper.String(v)
+ if v, ok := actionMap["name"]; ok {
+ securityAction.Name = helper.String(v.(string))
}
- if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
- blockIPActionParameters := teov20220901.BlockIPActionParameters{}
- if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
- blockIPActionParameters.Duration = helper.String(v)
+ if denyActionParametersMap, ok := helper.InterfaceToMap(actionMap, "deny_action_parameters"); ok {
+ denyActionParameters := teov20220901.DenyActionParameters{}
+ if v, ok := denyActionParametersMap["block_ip"]; ok {
+ denyActionParameters.BlockIp = helper.String(v.(string))
}
- securityAction.BlockIPActionParameters = &blockIPActionParameters
- }
+ if v, ok := denyActionParametersMap["block_ip_duration"]; ok {
+ denyActionParameters.BlockIpDuration = helper.String(v.(string))
+ }
- if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
- returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
- if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
- returnCustomPageActionParameters.ResponseCode = helper.String(v)
+ if v, ok := denyActionParametersMap["return_custom_page"]; ok {
+ denyActionParameters.ReturnCustomPage = helper.String(v.(string))
}
- if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
- returnCustomPageActionParameters.ErrorPageId = helper.String(v)
+ if v, ok := denyActionParametersMap["response_code"]; ok {
+ denyActionParameters.ResponseCode = helper.String(v.(string))
}
- securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
+ if v, ok := denyActionParametersMap["error_page_id"]; ok {
+ denyActionParameters.ErrorPageId = helper.String(v.(string))
+ }
+
+ if v, ok := denyActionParametersMap["stall"]; ok {
+ denyActionParameters.Stall = helper.String(v.(string))
+ }
+
+ securityAction.DenyActionParameters = &denyActionParameters
}
- if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
+ if redirectActionParametersMap, ok := helper.InterfaceToMap(actionMap, "redirect_action_parameters"); ok {
redirectActionParameters := teov20220901.RedirectActionParameters{}
- if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
- redirectActionParameters.URL = helper.String(v)
+ if v, ok := redirectActionParametersMap["url"]; ok {
+ redirectActionParameters.URL = helper.String(v.(string))
}
securityAction.RedirectActionParameters = &redirectActionParameters
}
- customRule.Action = &securityAction
- }
+ if challengeActionParametersMap, ok := helper.InterfaceToMap(actionMap, "challenge_action_parameters"); ok {
+ challengeActionParameters := teov20220901.ChallengeActionParameters{}
+ if v, ok := challengeActionParametersMap["challenge_option"]; ok {
+ challengeActionParameters.ChallengeOption = helper.String(v.(string))
+ }
- if v, ok := rulesMap["enabled"].(string); ok && v != "" {
- customRule.Enabled = helper.String(v)
- }
+ if v, ok := challengeActionParametersMap["interval"]; ok {
+ challengeActionParameters.Interval = helper.String(v.(string))
+ }
- if v, ok := rulesMap["id"].(string); ok && v != "" {
- customRule.Id = helper.String(v)
- }
+ if v, ok := challengeActionParametersMap["attester_id"]; ok {
+ challengeActionParameters.AttesterId = helper.String(v.(string))
+ }
- customRule.RuleType = helper.String("BasicAccessRule")
+ securityAction.ChallengeActionParameters = &challengeActionParameters
+ }
- if v, ok := rulesMap["priority"].(int); ok {
- customRule.Priority = helper.IntInt64(v)
- }
+ if blockIPActionParametersMap, ok := helper.InterfaceToMap(actionMap, "block_ip_action_parameters"); ok {
+ blockIPActionParameters := teov20220901.BlockIPActionParameters{}
+ if v, ok := blockIPActionParametersMap["duration"]; ok {
+ blockIPActionParameters.Duration = helper.String(v.(string))
+ }
- customRules.Rules = append(customRules.Rules, &customRule)
- }
- }
+ securityAction.BlockIPActionParameters = &blockIPActionParameters
+ }
- securityPolicy.CustomRules = &customRules
- }
+ if returnCustomPageActionParametersMap, ok := helper.InterfaceToMap(actionMap, "return_custom_page_action_parameters"); ok {
+ returnCustomPageActionParameters := teov20220901.ReturnCustomPageActionParameters{}
+ if v, ok := returnCustomPageActionParametersMap["response_code"]; ok {
+ returnCustomPageActionParameters.ResponseCode = helper.String(v.(string))
+ }
- if managedRulesMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["managed_rules"]); ok {
- managedRules := teov20220901.ManagedRules{}
- if v, ok := managedRulesMap["enabled"].(string); ok && v != "" {
- managedRules.Enabled = helper.String(v)
- }
+ if v, ok := returnCustomPageActionParametersMap["error_page_id"]; ok {
+ returnCustomPageActionParameters.ErrorPageId = helper.String(v.(string))
+ }
- if v, ok := managedRulesMap["detection_only"].(string); ok && v != "" {
- managedRules.DetectionOnly = helper.String(v)
- }
+ securityAction.ReturnCustomPageActionParameters = &returnCustomPageActionParameters
+ }
- if v, ok := managedRulesMap["semantic_analysis"].(string); ok && v != "" {
- managedRules.SemanticAnalysis = helper.String(v)
- }
+ rateLimitingRule.Action = &securityAction
+ }
- if autoUpdateMap, ok := helper.ConvertInterfacesHeadToMap(managedRulesMap["auto_update"]); ok {
- managedRuleAutoUpdate := teov20220901.ManagedRuleAutoUpdate{}
- if v, ok := autoUpdateMap["auto_update_to_latest_version"].(string); ok && v != "" {
- managedRuleAutoUpdate.AutoUpdateToLatestVersion = helper.String(v)
+ if v, ok := rulesMap["priority"]; ok {
+ rateLimitingRule.Priority = helper.IntInt64(v.(int))
+ }
+
+ if v, ok := rulesMap["enabled"]; ok {
+ rateLimitingRule.Enabled = helper.String(v.(string))
+ }
+
+ rateLimitingRules.Rules = append(rateLimitingRules.Rules, &rateLimitingRule)
}
- managedRules.AutoUpdate = &managedRuleAutoUpdate
+ securityPolicy.RateLimitingRules = &rateLimitingRules
}
+ }
- if v, ok := managedRulesMap["managed_rule_groups"]; ok {
- for _, item := range v.(*schema.Set).List() {
- managedRuleGroupsMap := item.(map[string]interface{})
- managedRuleGroup := teov20220901.ManagedRuleGroup{}
- if v, ok := managedRuleGroupsMap["group_id"].(string); ok && v != "" {
- managedRuleGroup.GroupId = helper.String(v)
+ if exceptionRulesMap, ok := helper.ConvertInterfacesHeadToMap(securityPolicyMap["exception_rules"]); ok {
+ exceptionRules := teov20220901.ExceptionRules{}
+ if v, ok := exceptionRulesMap["rules"]; ok {
+ for _, item := range v.([]interface{}) {
+ rulesMap := item.(map[string]interface{})
+ exceptionRule := teov20220901.ExceptionRule{}
+ if v, ok := rulesMap["id"]; ok {
+ exceptionRule.Id = helper.String(v.(string))
}
- if v, ok := managedRuleGroupsMap["sensitivity_level"].(string); ok && v != "" {
- managedRuleGroup.SensitivityLevel = helper.String(v)
+ if v, ok := rulesMap["name"]; ok {
+ exceptionRule.Name = helper.String(v.(string))
}
- if actionMap, ok := helper.ConvertInterfacesHeadToMap(managedRuleGroupsMap["action"]); ok {
- securityAction2 := teov20220901.SecurityAction{}
- if v, ok := actionMap["name"].(string); ok && v != "" {
- securityAction2.Name = helper.String(v)
- }
+ if v, ok := rulesMap["condition"]; ok {
+ exceptionRule.Condition = helper.String(v.(string))
+ }
- if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
- blockIPActionParameters2 := teov20220901.BlockIPActionParameters{}
- if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
- blockIPActionParameters2.Duration = helper.String(v)
- }
+ if v, ok := rulesMap["skip_scope"]; ok {
+ exceptionRule.SkipScope = helper.String(v.(string))
+ }
- securityAction2.BlockIPActionParameters = &blockIPActionParameters2
- }
+ if v, ok := rulesMap["skip_option"]; ok {
+ exceptionRule.SkipOption = helper.String(v.(string))
+ }
- if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
- returnCustomPageActionParameters2 := teov20220901.ReturnCustomPageActionParameters{}
- if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
- returnCustomPageActionParameters2.ResponseCode = helper.String(v)
+ if v, ok := rulesMap["web_security_modules_for_exception"]; ok {
+ webSecurityModulesForExceptionSet := v.(*schema.Set).List()
+ for i := range webSecurityModulesForExceptionSet {
+ if webSecurityModulesForExceptionSet[i] != nil {
+ webSecurityModulesForException := webSecurityModulesForExceptionSet[i].(string)
+ exceptionRule.WebSecurityModulesForException = append(exceptionRule.WebSecurityModulesForException, &webSecurityModulesForException)
}
+ }
+ }
- if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
- returnCustomPageActionParameters2.ErrorPageId = helper.String(v)
+ if v, ok := rulesMap["managed_rules_for_exception"]; ok {
+ managedRulesForExceptionSet := v.(*schema.Set).List()
+ for i := range managedRulesForExceptionSet {
+ if managedRulesForExceptionSet[i] != nil {
+ managedRulesForException := managedRulesForExceptionSet[i].(string)
+ exceptionRule.ManagedRulesForException = append(exceptionRule.ManagedRulesForException, &managedRulesForException)
}
-
- securityAction2.ReturnCustomPageActionParameters = &returnCustomPageActionParameters2
}
+ }
- if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
- redirectActionParameters2 := teov20220901.RedirectActionParameters{}
- if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
- redirectActionParameters2.URL = helper.String(v)
+ if v, ok := rulesMap["managed_rule_groups_for_exception"]; ok {
+ managedRuleGroupsForExceptionSet := v.(*schema.Set).List()
+ for i := range managedRuleGroupsForExceptionSet {
+ if managedRuleGroupsForExceptionSet[i] != nil {
+ managedRuleGroupsForException := managedRuleGroupsForExceptionSet[i].(string)
+ exceptionRule.ManagedRuleGroupsForException = append(exceptionRule.ManagedRuleGroupsForException, &managedRuleGroupsForException)
}
-
- securityAction2.RedirectActionParameters = &redirectActionParameters2
}
-
- managedRuleGroup.Action = &securityAction2
}
- if v, ok := managedRuleGroupsMap["rule_actions"]; ok {
+ if v, ok := rulesMap["request_fields_for_exception"]; ok {
for _, item := range v.([]interface{}) {
- ruleActionsMap := item.(map[string]interface{})
- managedRuleAction := teov20220901.ManagedRuleAction{}
- if v, ok := ruleActionsMap["rule_id"].(string); ok && v != "" {
- managedRuleAction.RuleId = helper.String(v)
+ requestFieldsForExceptionMap := item.(map[string]interface{})
+ requestFieldsForException := teov20220901.RequestFieldsForException{}
+ if v, ok := requestFieldsForExceptionMap["scope"]; ok {
+ requestFieldsForException.Scope = helper.String(v.(string))
}
- if actionMap, ok := helper.ConvertInterfacesHeadToMap(ruleActionsMap["action"]); ok {
- securityAction3 := teov20220901.SecurityAction{}
- if v, ok := actionMap["name"].(string); ok && v != "" {
- securityAction3.Name = helper.String(v)
- }
-
- if blockIPActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["block_ip_action_parameters"]); ok {
- blockIPActionParameters3 := teov20220901.BlockIPActionParameters{}
- if v, ok := blockIPActionParametersMap["duration"].(string); ok && v != "" {
- blockIPActionParameters3.Duration = helper.String(v)
- }
-
- securityAction3.BlockIPActionParameters = &blockIPActionParameters3
- }
-
- if returnCustomPageActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["return_custom_page_action_parameters"]); ok {
- returnCustomPageActionParameters3 := teov20220901.ReturnCustomPageActionParameters{}
- if v, ok := returnCustomPageActionParametersMap["response_code"].(string); ok && v != "" {
- returnCustomPageActionParameters3.ResponseCode = helper.String(v)
- }
-
- if v, ok := returnCustomPageActionParametersMap["error_page_id"].(string); ok && v != "" {
- returnCustomPageActionParameters3.ErrorPageId = helper.String(v)
- }
-
- securityAction3.ReturnCustomPageActionParameters = &returnCustomPageActionParameters3
- }
-
- if redirectActionParametersMap, ok := helper.ConvertInterfacesHeadToMap(actionMap["redirect_action_parameters"]); ok {
- redirectActionParameters3 := teov20220901.RedirectActionParameters{}
- if v, ok := redirectActionParametersMap["url"].(string); ok && v != "" {
- redirectActionParameters3.URL = helper.String(v)
- }
-
- securityAction3.RedirectActionParameters = &redirectActionParameters3
- }
+ if v, ok := requestFieldsForExceptionMap["condition"]; ok {
+ requestFieldsForException.Condition = helper.String(v.(string))
+ }
- managedRuleAction.Action = &securityAction3
+ if v, ok := requestFieldsForExceptionMap["target_field"]; ok {
+ requestFieldsForException.TargetField = helper.String(v.(string))
}
- managedRuleGroup.RuleActions = append(managedRuleGroup.RuleActions, &managedRuleAction)
+ exceptionRule.RequestFieldsForException = append(exceptionRule.RequestFieldsForException, &requestFieldsForException)
}
}
- managedRules.ManagedRuleGroups = append(managedRules.ManagedRuleGroups, &managedRuleGroup)
+ if v, ok := rulesMap["enabled"]; ok {
+ exceptionRule.Enabled = helper.String(v.(string))
+ }
+
+ exceptionRules.Rules = append(exceptionRules.Rules, &exceptionRule)
}
- }
- securityPolicy.ManagedRules = &managedRules
+ securityPolicy.ExceptionRules = &exceptionRules
+ }
+ } else {
+ securityPolicy.ExceptionRules = &teov20220901.ExceptionRules{
+ Rules: []*teov20220901.ExceptionRule{},
+ }
}
request.SecurityPolicy = &securityPolicy
diff --git a/tencentcloud/services/teo/resource_tc_teo_security_policy_config.md b/tencentcloud/services/teo/resource_tc_teo_security_policy_config.md
index a1f9e3b4bd..3d45c9933c 100644
--- a/tencentcloud/services/teo/resource_tc_teo_security_policy_config.md
+++ b/tencentcloud/services/teo/resource_tc_teo_security_policy_config.md
@@ -14,7 +14,7 @@ resource "tencentcloud_teo_security_policy_config" "example" {
custom_rules {
precise_match_rules {
name = "rule1"
- condition = "$${http.request.host} contain ['abc']"
+ condition = "$${http.request.host} contain ['test']"
enabled = "on"
priority = 50
action {
@@ -179,6 +179,84 @@ resource "tencentcloud_teo_security_policy_config" "example" {
}
}
}
+
+ http_ddos_protection {
+ adaptive_frequency_control {
+ enabled = "on"
+ sensitivity = "Loose"
+ action {
+ name = "Challenge"
+ challenge_action_parameters {
+ challenge_option = "JSChallenge"
+ }
+ }
+ }
+
+ client_filtering {
+ enabled = "on"
+ action {
+ name = "Challenge"
+ challenge_action_parameters {
+ challenge_option = "JSChallenge"
+ }
+ }
+ }
+
+ bandwidth_abuse_defense {
+ enabled = "on"
+ action {
+ name = "Deny"
+ }
+ }
+
+ slow_attack_defense {
+ enabled = "on"
+ action {
+ name = "Deny"
+ }
+
+ minimal_request_body_transfer_rate {
+ minimal_avg_transfer_rate_threshold = "80bps"
+ counting_period = "60s"
+ enabled = "on"
+ }
+
+ request_body_transfer_timeout {
+ idle_timeout = "5s"
+ enabled = "on"
+ }
+ }
+ }
+
+ rate_limiting_rules {
+ rules {
+ name = "Single IP request rate limit"
+ condition = "$${http.request.uri.path} contain ['/checkout/submit']"
+ count_by = ["http.request.ip"]
+ max_request_threshold = 300
+ counting_period = "60s"
+ action_duration = "30m"
+ action {
+ name = "Challenge"
+ challenge_action_parameters {
+ challenge_option = "JSChallenge"
+ }
+ }
+ priority = 50
+ enabled = "on"
+ }
+ }
+
+ exception_rules {
+ rules {
+ name = "High-frequency API bypasses rate limits"
+ condition = "$${http.request.method} in ['POST'] and $${http.request.uri.path} in ['/api/EventLogUpload']"
+ skip_scope = "WebSecurityModules"
+ skip_option = "SkipOnAllRequestFields"
+ web_security_modules_for_exception = ["websec-mod-adaptive-control"]
+ enabled = "off"
+ }
+ }
}
}
```
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go
index 23650f1dba..e5ee237932 100644
--- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go
+++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/http/request.go
@@ -265,7 +265,7 @@ func CompleteCommonParams(request Request, region string, requestClient string)
params["Action"] = request.GetAction()
params["Timestamp"] = strconv.FormatInt(time.Now().Unix(), 10)
params["Nonce"] = strconv.Itoa(rand.Int())
- params["RequestClient"] = "SDK_GO_1.0.1170"
+ params["RequestClient"] = "SDK_GO_1.0.1182"
if requestClient != "" {
params["RequestClient"] += ": " + requestClient
}
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/client.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/client.go
index 63334c7874..7fb3eee886 100644
--- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/client.go
+++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/client.go
@@ -452,6 +452,8 @@ func NewCreateAliasDomainResponse() (response *CreateAliasDomainResponse) {
// CreateAliasDomain
// 创建别称域名。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// FAILEDOPERATION = "FailedOperation"
// FAILEDOPERATION_CERTIFICATENOTFOUND = "FailedOperation.CertificateNotFound"
@@ -472,6 +474,7 @@ func NewCreateAliasDomainResponse() (response *CreateAliasDomainResponse) {
// OPERATIONDENIED_DOMAINNOICP = "OperationDenied.DomainNoICP"
// OPERATIONDENIED_VERSIONCONTROLLOCKED = "OperationDenied.VersionControlLocked"
// RESOURCEINUSE_ALIASNAME = "ResourceInUse.AliasName"
+// RESOURCEINUSE_ALREADYEXISTSASANACCELERATIONDOMAIN = "ResourceInUse.AlreadyExistsAsAnAccelerationDomain"
// RESOURCEINUSE_DUPLICATENAME = "ResourceInUse.DuplicateName"
// RESOURCEINUSE_ZONE = "ResourceInUse.Zone"
// RESOURCENOTFOUND = "ResourceNotFound"
@@ -486,6 +489,8 @@ func (c *Client) CreateAliasDomain(request *CreateAliasDomainRequest) (response
// CreateAliasDomain
// 创建别称域名。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// FAILEDOPERATION = "FailedOperation"
// FAILEDOPERATION_CERTIFICATENOTFOUND = "FailedOperation.CertificateNotFound"
@@ -506,6 +511,7 @@ func (c *Client) CreateAliasDomain(request *CreateAliasDomainRequest) (response
// OPERATIONDENIED_DOMAINNOICP = "OperationDenied.DomainNoICP"
// OPERATIONDENIED_VERSIONCONTROLLOCKED = "OperationDenied.VersionControlLocked"
// RESOURCEINUSE_ALIASNAME = "ResourceInUse.AliasName"
+// RESOURCEINUSE_ALREADYEXISTSASANACCELERATIONDOMAIN = "ResourceInUse.AlreadyExistsAsAnAccelerationDomain"
// RESOURCEINUSE_DUPLICATENAME = "ResourceInUse.DuplicateName"
// RESOURCEINUSE_ZONE = "ResourceInUse.Zone"
// RESOURCENOTFOUND = "ResourceNotFound"
@@ -761,11 +767,15 @@ func NewCreateConfigGroupVersionResponse() (response *CreateConfigGroupVersionRe
// FAILEDOPERATION_CONFIGCONDITIONSYNTAXERROR = "FailedOperation.ConfigConditionSyntaxError"
// FAILEDOPERATION_CONFIGCONDITIONUNKNOWNTARGET = "FailedOperation.ConfigConditionUnknownTarget"
// FAILEDOPERATION_CONFIGCONDITIONVALUEEMPTYERROR = "FailedOperation.ConfigConditionValueEmptyError"
+// FAILEDOPERATION_CONFIGDUPLICATEKEYERROR = "FailedOperation.ConfigDuplicateKeyError"
// FAILEDOPERATION_CONFIGFIELDTYPEERROR = "FailedOperation.ConfigFieldTypeError"
// FAILEDOPERATION_CONFIGFORMATERROR = "FailedOperation.ConfigFormatError"
+// FAILEDOPERATION_CONFIGJSONFORMATERROR = "FailedOperation.ConfigJSONFormatError"
// FAILEDOPERATION_CONFIGMALFORMEDCONTENT = "FailedOperation.ConfigMalformedContent"
// FAILEDOPERATION_CONFIGPARAMVALIDATEERRORS = "FailedOperation.ConfigParamValidateErrors"
+// FAILEDOPERATION_CONFIGTIMEPARSINGERROR = "FailedOperation.ConfigTimeParsingError"
// FAILEDOPERATION_CONFIGUNKNOWNFIELD = "FailedOperation.ConfigUnknownField"
+// FAILEDOPERATION_CONFIGUNSUPPORTEDACTION = "FailedOperation.ConfigUnsupportedAction"
// FAILEDOPERATION_CONFIGUNSUPPORTEDFORMATVERSION = "FailedOperation.ConfigUnsupportedFormatVersion"
// FAILEDOPERATION_MISSINGCONFIGCHUNK = "FailedOperation.MissingConfigChunk"
// FAILEDOPERATION_UNKNOWNCONFIGGROUPTYPE = "FailedOperation.UnknownConfigGroupType"
@@ -805,11 +815,15 @@ func (c *Client) CreateConfigGroupVersion(request *CreateConfigGroupVersionReque
// FAILEDOPERATION_CONFIGCONDITIONSYNTAXERROR = "FailedOperation.ConfigConditionSyntaxError"
// FAILEDOPERATION_CONFIGCONDITIONUNKNOWNTARGET = "FailedOperation.ConfigConditionUnknownTarget"
// FAILEDOPERATION_CONFIGCONDITIONVALUEEMPTYERROR = "FailedOperation.ConfigConditionValueEmptyError"
+// FAILEDOPERATION_CONFIGDUPLICATEKEYERROR = "FailedOperation.ConfigDuplicateKeyError"
// FAILEDOPERATION_CONFIGFIELDTYPEERROR = "FailedOperation.ConfigFieldTypeError"
// FAILEDOPERATION_CONFIGFORMATERROR = "FailedOperation.ConfigFormatError"
+// FAILEDOPERATION_CONFIGJSONFORMATERROR = "FailedOperation.ConfigJSONFormatError"
// FAILEDOPERATION_CONFIGMALFORMEDCONTENT = "FailedOperation.ConfigMalformedContent"
// FAILEDOPERATION_CONFIGPARAMVALIDATEERRORS = "FailedOperation.ConfigParamValidateErrors"
+// FAILEDOPERATION_CONFIGTIMEPARSINGERROR = "FailedOperation.ConfigTimeParsingError"
// FAILEDOPERATION_CONFIGUNKNOWNFIELD = "FailedOperation.ConfigUnknownField"
+// FAILEDOPERATION_CONFIGUNSUPPORTEDACTION = "FailedOperation.ConfigUnsupportedAction"
// FAILEDOPERATION_CONFIGUNSUPPORTEDFORMATVERSION = "FailedOperation.ConfigUnsupportedFormatVersion"
// FAILEDOPERATION_MISSINGCONFIGCHUNK = "FailedOperation.MissingConfigChunk"
// FAILEDOPERATION_UNKNOWNCONFIGGROUPTYPE = "FailedOperation.UnknownConfigGroupType"
@@ -880,11 +894,15 @@ func NewCreateContentIdentifierResponse() (response *CreateContentIdentifierResp
// FAILEDOPERATION_CONFIGCONDITIONSYNTAXERROR = "FailedOperation.ConfigConditionSyntaxError"
// FAILEDOPERATION_CONFIGCONDITIONUNKNOWNTARGET = "FailedOperation.ConfigConditionUnknownTarget"
// FAILEDOPERATION_CONFIGCONDITIONVALUEEMPTYERROR = "FailedOperation.ConfigConditionValueEmptyError"
+// FAILEDOPERATION_CONFIGDUPLICATEKEYERROR = "FailedOperation.ConfigDuplicateKeyError"
// FAILEDOPERATION_CONFIGFIELDTYPEERROR = "FailedOperation.ConfigFieldTypeError"
// FAILEDOPERATION_CONFIGFORMATERROR = "FailedOperation.ConfigFormatError"
+// FAILEDOPERATION_CONFIGJSONFORMATERROR = "FailedOperation.ConfigJSONFormatError"
// FAILEDOPERATION_CONFIGMALFORMEDCONTENT = "FailedOperation.ConfigMalformedContent"
// FAILEDOPERATION_CONFIGPARAMVALIDATEERRORS = "FailedOperation.ConfigParamValidateErrors"
+// FAILEDOPERATION_CONFIGTIMEPARSINGERROR = "FailedOperation.ConfigTimeParsingError"
// FAILEDOPERATION_CONFIGUNKNOWNFIELD = "FailedOperation.ConfigUnknownField"
+// FAILEDOPERATION_CONFIGUNSUPPORTEDACTION = "FailedOperation.ConfigUnsupportedAction"
// FAILEDOPERATION_CONFIGUNSUPPORTEDFORMATVERSION = "FailedOperation.ConfigUnsupportedFormatVersion"
// FAILEDOPERATION_MISSINGCONFIGCHUNK = "FailedOperation.MissingConfigChunk"
// FAILEDOPERATION_UNKNOWNCONFIGGROUPTYPE = "FailedOperation.UnknownConfigGroupType"
@@ -924,11 +942,15 @@ func (c *Client) CreateContentIdentifier(request *CreateContentIdentifierRequest
// FAILEDOPERATION_CONFIGCONDITIONSYNTAXERROR = "FailedOperation.ConfigConditionSyntaxError"
// FAILEDOPERATION_CONFIGCONDITIONUNKNOWNTARGET = "FailedOperation.ConfigConditionUnknownTarget"
// FAILEDOPERATION_CONFIGCONDITIONVALUEEMPTYERROR = "FailedOperation.ConfigConditionValueEmptyError"
+// FAILEDOPERATION_CONFIGDUPLICATEKEYERROR = "FailedOperation.ConfigDuplicateKeyError"
// FAILEDOPERATION_CONFIGFIELDTYPEERROR = "FailedOperation.ConfigFieldTypeError"
// FAILEDOPERATION_CONFIGFORMATERROR = "FailedOperation.ConfigFormatError"
+// FAILEDOPERATION_CONFIGJSONFORMATERROR = "FailedOperation.ConfigJSONFormatError"
// FAILEDOPERATION_CONFIGMALFORMEDCONTENT = "FailedOperation.ConfigMalformedContent"
// FAILEDOPERATION_CONFIGPARAMVALIDATEERRORS = "FailedOperation.ConfigParamValidateErrors"
+// FAILEDOPERATION_CONFIGTIMEPARSINGERROR = "FailedOperation.ConfigTimeParsingError"
// FAILEDOPERATION_CONFIGUNKNOWNFIELD = "FailedOperation.ConfigUnknownField"
+// FAILEDOPERATION_CONFIGUNSUPPORTEDACTION = "FailedOperation.ConfigUnsupportedAction"
// FAILEDOPERATION_CONFIGUNSUPPORTEDFORMATVERSION = "FailedOperation.ConfigUnsupportedFormatVersion"
// FAILEDOPERATION_MISSINGCONFIGCHUNK = "FailedOperation.MissingConfigChunk"
// FAILEDOPERATION_UNKNOWNCONFIGGROUPTYPE = "FailedOperation.UnknownConfigGroupType"
@@ -1596,6 +1618,7 @@ func NewCreateLoadBalancerResponse() (response *CreateLoadBalancerResponse) {
// 创建负载均衡实例。详情请参考 [快速创建负载均衡实例](https://cloud.tencent.com/document/product/1552/104223)。负载均衡功能内测中,如您需要使用请 [联系我们](https://cloud.tencent.com/online-service)。
//
// 可能返回的错误码:
+// INVALIDPARAMETER_LOADBALANCERBINDORIGINGROUPINVALID = "InvalidParameter.LoadBalancerBindOriginGroupInvalid"
// INVALIDPARAMETER_LOADBALANCERNAMEREPEATED = "InvalidParameter.LoadBalancerNameRepeated"
// INVALIDPARAMETER_ORIGINGROUPTYPECANNOTMATCHLBTYPE = "InvalidParameter.OriginGroupTypeCanNotMatchLBType"
// INVALIDPARAMETER_SOMEORIGINGROUPNOTEXIST = "InvalidParameter.SomeOriginGroupNotExist"
@@ -1608,6 +1631,7 @@ func (c *Client) CreateLoadBalancer(request *CreateLoadBalancerRequest) (respons
// 创建负载均衡实例。详情请参考 [快速创建负载均衡实例](https://cloud.tencent.com/document/product/1552/104223)。负载均衡功能内测中,如您需要使用请 [联系我们](https://cloud.tencent.com/online-service)。
//
// 可能返回的错误码:
+// INVALIDPARAMETER_LOADBALANCERBINDORIGINGROUPINVALID = "InvalidParameter.LoadBalancerBindOriginGroupInvalid"
// INVALIDPARAMETER_LOADBALANCERNAMEREPEATED = "InvalidParameter.LoadBalancerNameRepeated"
// INVALIDPARAMETER_ORIGINGROUPTYPECANNOTMATCHLBTYPE = "InvalidParameter.OriginGroupTypeCanNotMatchLBType"
// INVALIDPARAMETER_SOMEORIGINGROUPNOTEXIST = "InvalidParameter.SomeOriginGroupNotExist"
@@ -2647,6 +2671,8 @@ func NewDeleteAliasDomainResponse() (response *DeleteAliasDomainResponse) {
// DeleteAliasDomain
// 删除别称域名。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// INTERNALERROR = "InternalError"
// OPERATIONDENIED = "OperationDenied"
@@ -2659,6 +2685,8 @@ func (c *Client) DeleteAliasDomain(request *DeleteAliasDomainRequest) (response
// DeleteAliasDomain
// 删除别称域名。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// INTERNALERROR = "InternalError"
// OPERATIONDENIED = "OperationDenied"
@@ -3841,6 +3869,8 @@ func NewDescribeAliasDomainsResponse() (response *DescribeAliasDomainsResponse)
// DescribeAliasDomains
// 查询别称域名信息列表。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// INTERNALERROR = "InternalError"
// INTERNALERROR_PROXYSERVER = "InternalError.ProxyServer"
@@ -3854,6 +3884,8 @@ func (c *Client) DescribeAliasDomains(request *DescribeAliasDomainsRequest) (res
// DescribeAliasDomains
// 查询别称域名信息列表。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// INTERNALERROR = "InternalError"
// INTERNALERROR_PROXYSERVER = "InternalError.ProxyServer"
@@ -5526,6 +5558,57 @@ func (c *Client) DescribeOverviewL7DataWithContext(ctx context.Context, request
return
}
+func NewDescribePlansRequest() (request *DescribePlansRequest) {
+ request = &DescribePlansRequest{
+ BaseRequest: &tchttp.BaseRequest{},
+ }
+
+ request.Init().WithApiInfo("teo", APIVersion, "DescribePlans")
+
+
+ return
+}
+
+func NewDescribePlansResponse() (response *DescribePlansResponse) {
+ response = &DescribePlansResponse{
+ BaseResponse: &tchttp.BaseResponse{},
+ }
+ return
+
+}
+
+// DescribePlans
+// 查询套餐信息列表,支持分页。
+//
+// 可能返回的错误码:
+// UNAUTHORIZEDOPERATION_CAMUNAUTHORIZED = "UnauthorizedOperation.CamUnauthorized"
+// UNAUTHORIZEDOPERATION_NOPERMISSION = "UnauthorizedOperation.NoPermission"
+func (c *Client) DescribePlans(request *DescribePlansRequest) (response *DescribePlansResponse, err error) {
+ return c.DescribePlansWithContext(context.Background(), request)
+}
+
+// DescribePlans
+// 查询套餐信息列表,支持分页。
+//
+// 可能返回的错误码:
+// UNAUTHORIZEDOPERATION_CAMUNAUTHORIZED = "UnauthorizedOperation.CamUnauthorized"
+// UNAUTHORIZEDOPERATION_NOPERMISSION = "UnauthorizedOperation.NoPermission"
+func (c *Client) DescribePlansWithContext(ctx context.Context, request *DescribePlansRequest) (response *DescribePlansResponse, err error) {
+ if request == nil {
+ request = NewDescribePlansRequest()
+ }
+
+ if c.GetCredential() == nil {
+ return nil, errors.New("DescribePlans require credential")
+ }
+
+ request.SetContext(ctx)
+
+ response = NewDescribePlansResponse()
+ err = c.Send(request, response)
+ return
+}
+
func NewDescribePrefetchTasksRequest() (request *DescribePrefetchTasksRequest) {
request = &DescribePrefetchTasksRequest{
BaseRequest: &tchttp.BaseRequest{},
@@ -7177,6 +7260,8 @@ func NewModifyAliasDomainResponse() (response *ModifyAliasDomainResponse) {
// ModifyAliasDomain
// 修改别称域名。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// FAILEDOPERATION = "FailedOperation"
// INTERNALERROR = "InternalError"
@@ -7189,6 +7274,8 @@ func (c *Client) ModifyAliasDomain(request *ModifyAliasDomainRequest) (response
// ModifyAliasDomain
// 修改别称域名。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// FAILEDOPERATION = "FailedOperation"
// INTERNALERROR = "InternalError"
@@ -7232,6 +7319,8 @@ func NewModifyAliasDomainStatusResponse() (response *ModifyAliasDomainStatusResp
// ModifyAliasDomainStatus
// 修改别称域名状态。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// INTERNALERROR = "InternalError"
// OPERATIONDENIED = "OperationDenied"
@@ -7243,6 +7332,8 @@ func (c *Client) ModifyAliasDomainStatus(request *ModifyAliasDomainStatusRequest
// ModifyAliasDomainStatus
// 修改别称域名状态。
//
+// 该功能仅企业版套餐支持,并且该功能当前仍在内测中,如需使用,请[联系我们](https://cloud.tencent.com/online-service?from=connect-us)。
+//
// 可能返回的错误码:
// INTERNALERROR = "InternalError"
// OPERATIONDENIED = "OperationDenied"
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/errors.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/errors.go
index 31091ba795..9529e789b4 100644
--- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/errors.go
+++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/errors.go
@@ -38,21 +38,33 @@ const (
// 配置文件Condition表达式值的项不能为空。
FAILEDOPERATION_CONFIGCONDITIONVALUEEMPTYERROR = "FailedOperation.ConfigConditionValueEmptyError"
+ // 配置文件不允许重复的关键字。
+ FAILEDOPERATION_CONFIGDUPLICATEKEYERROR = "FailedOperation.ConfigDuplicateKeyError"
+
// 配置文件存在类型不匹配的字段。
FAILEDOPERATION_CONFIGFIELDTYPEERROR = "FailedOperation.ConfigFieldTypeError"
// 配置文件存在语法错误。
FAILEDOPERATION_CONFIGFORMATERROR = "FailedOperation.ConfigFormatError"
+ // 版本管理配置文件JSON格式错误
+ FAILEDOPERATION_CONFIGJSONFORMATERROR = "FailedOperation.ConfigJSONFormatError"
+
// 配置文件内容格式错误,无法解析。
FAILEDOPERATION_CONFIGMALFORMEDCONTENT = "FailedOperation.ConfigMalformedContent"
// 配置文件参数校验错误。
FAILEDOPERATION_CONFIGPARAMVALIDATEERRORS = "FailedOperation.ConfigParamValidateErrors"
+ // 时间格式解析错误
+ FAILEDOPERATION_CONFIGTIMEPARSINGERROR = "FailedOperation.ConfigTimeParsingError"
+
// 配置文件无法识别的字段:存在拼写错误,或者该字段所在的层级出错。
FAILEDOPERATION_CONFIGUNKNOWNFIELD = "FailedOperation.ConfigUnknownField"
+ // 不支持的配置项Action
+ FAILEDOPERATION_CONFIGUNSUPPORTEDACTION = "FailedOperation.ConfigUnsupportedAction"
+
// 当前不支持该配置文件版本。
FAILEDOPERATION_CONFIGUNSUPPORTEDFORMATVERSION = "FailedOperation.ConfigUnsupportedFormatVersion"
@@ -584,6 +596,9 @@ const (
// 引用负载均衡的7层域名服务正在部署中,请稍后再编辑。
INVALIDPARAMETER_LOADBALANCERBINDL7NOTINSTABLESTATUS = "InvalidParameter.LoadBalancerBindL7NotInStableStatus"
+ // 负载均衡器绑定的源站组无效。
+ INVALIDPARAMETER_LOADBALANCERBINDORIGINGROUPINVALID = "InvalidParameter.LoadBalancerBindOriginGroupInvalid"
+
// 同一站点下的负载均衡名称不可以重复。
INVALIDPARAMETER_LOADBALANCERNAMEREPEATED = "InvalidParameter.LoadBalancerNameRepeated"
@@ -1166,6 +1181,9 @@ const (
// 当前已存在相同的别称域名,不支持重复添加
RESOURCEINUSE_ALIASNAME = "ResourceInUse.AliasName"
+ // 该域名已作为加速域名存在,不支持重复接入。
+ RESOURCEINUSE_ALREADYEXISTSASANACCELERATIONDOMAIN = "ResourceInUse.AlreadyExistsAsAnAccelerationDomain"
+
// 资源被本账号Cname接入占用。
RESOURCEINUSE_CNAME = "ResourceInUse.Cname"
diff --git a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/models.go b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/models.go
index 27e32ee4b6..e05d97be2c 100644
--- a/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/models.go
+++ b/vendor/github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901/models.go
@@ -207,7 +207,6 @@ type AclConfig struct {
AclUserRules []*AclUserRule `json:"AclUserRules,omitnil,omitempty" name:"AclUserRules"`
// 托管定制规则
- // 注意:此字段可能返回 null,表示取不到有效值。
Customizes []*AclUserRule `json:"Customizes,omitnil,omitempty" name:"Customizes"`
}
@@ -313,6 +312,17 @@ type Action struct {
CodeAction *CodeAction `json:"CodeAction,omitnil,omitempty" name:"CodeAction"`
}
+type AdaptiveFrequencyControl struct {
+ // 自适应频控是否开启。取值有:on:开启;off:关闭。
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+
+ // 自适应频控的限制等级,当 Enabled 为 on 时,此字段必填。取值有:Loose:宽松;Moderate:适中;Strict:严格。
+ Sensitivity *string `json:"Sensitivity,omitnil,omitempty" name:"Sensitivity"`
+
+ // 自适应频控的处置方式,当 Enabled 为 on 时,此字段必填。SecurityAction 的 Name 取值支持:Monitor:观察;Deny:拦截;Challenge:挑战,其中ChallengeActionParameters.Name仅支持JSChallenge。
+ Action *SecurityAction `json:"Action,omitnil,omitempty" name:"Action"`
+}
+
type AdvancedFilter struct {
// 需要过滤的字段。
Name *string `json:"Name,omitnil,omitempty" name:"Name"`
@@ -391,7 +401,6 @@ type AlgDetectRule struct {
AlgConditions []*AclCondition `json:"AlgConditions,omitnil,omitempty" name:"AlgConditions"`
// Cookie校验和会话行为分析。
- // 注意:此字段可能返回 null,表示取不到有效值。
AlgDetectSession *AlgDetectSession `json:"AlgDetectSession,omitnil,omitempty" name:"AlgDetectSession"`
// 客户端行为校验。
@@ -584,7 +593,6 @@ type ApplicationProxyRule struct {
SessionPersist *bool `json:"SessionPersist,omitnil,omitempty" name:"SessionPersist"`
// 会话保持的时间,只有当SessionPersist为true时,该值才会生效。
- // 注意:此字段可能返回 null,表示取不到有效值。
SessionPersistTime *uint64 `json:"SessionPersistTime,omitnil,omitempty" name:"SessionPersistTime"`
// 源站端口,支持格式:
@@ -593,7 +601,6 @@ type ApplicationProxyRule struct {
OriginPort *string `json:"OriginPort,omitnil,omitempty" name:"OriginPort"`
// 规则标签。
- // 注意:此字段可能返回 null,表示取不到有效值。
RuleTag *string `json:"RuleTag,omitnil,omitempty" name:"RuleTag"`
}
@@ -641,6 +648,14 @@ type AuthenticationParameters struct {
TimeFormat *string `json:"TimeFormat,omitnil,omitempty" name:"TimeFormat"`
}
+type BandwidthAbuseDefense struct {
+ // 流量防盗刷(仅适用中国大陆地区)是否开启。取值有:on:开启;off:关闭。
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+
+ // 流量防盗刷(仅适用中国大陆地区)的处置方式,当 Enabled 为 on 时,此字段必填。SecurityAction 的 Name 取值支持:Monitor:观察;Deny:拦截;Challenge:挑战,其中ChallengeActionParameters.Name仅支持JSChallenge。
+ Action *SecurityAction `json:"Action,omitnil,omitempty" name:"Action"`
+}
+
type BillingData struct {
// 时间。
Time *string `json:"Time,omitnil,omitempty" name:"Time"`
@@ -912,7 +927,6 @@ type BotConfig struct {
BotPortraitRule *BotPortraitRule `json:"BotPortraitRule,omitnil,omitempty" name:"BotPortraitRule"`
// Bot智能分析。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
IntelligenceRule *IntelligenceRule `json:"IntelligenceRule,omitnil,omitempty" name:"IntelligenceRule"`
// Bot自定义规则。如果为null,默认使用历史配置。
@@ -922,7 +936,6 @@ type BotConfig struct {
AlgDetectRule []*AlgDetectRule `json:"AlgDetectRule,omitnil,omitempty" name:"AlgDetectRule"`
// Bot托管定制策略,入参可不填,仅出参使用。
- // 注意:此字段可能返回 null,表示取不到有效值。
Customizes []*BotUserRule `json:"Customizes,omitnil,omitempty" name:"Customizes"`
}
@@ -938,7 +951,6 @@ type BotExtendAction struct {
Action *string `json:"Action,omitnil,omitempty" name:"Action"`
// 处置方式的触发概率,范围0-100。
- // 注意:此字段可能返回 null,表示取不到有效值。
Percent *uint64 `json:"Percent,omitnil,omitempty" name:"Percent"`
}
@@ -954,23 +966,18 @@ type BotManagedRule struct {
RuleID *int64 `json:"RuleID,omitnil,omitempty" name:"RuleID"`
// 放行的规则ID。默认所有规则不配置放行。
- // 注意:此字段可能返回 null,表示取不到有效值。
TransManagedIds []*int64 `json:"TransManagedIds,omitnil,omitempty" name:"TransManagedIds"`
// JS挑战的规则ID。默认所有规则不配置JS挑战。
- // 注意:此字段可能返回 null,表示取不到有效值。
AlgManagedIds []*int64 `json:"AlgManagedIds,omitnil,omitempty" name:"AlgManagedIds"`
// 数字验证码的规则ID。默认所有规则不配置数字验证码。
- // 注意:此字段可能返回 null,表示取不到有效值。
CapManagedIds []*int64 `json:"CapManagedIds,omitnil,omitempty" name:"CapManagedIds"`
// 观察的规则ID。默认所有规则不配置观察。
- // 注意:此字段可能返回 null,表示取不到有效值。
MonManagedIds []*int64 `json:"MonManagedIds,omitnil,omitempty" name:"MonManagedIds"`
// 拦截的规则ID。默认所有规则不配置拦截。
- // 注意:此字段可能返回 null,表示取不到有效值。
DropManagedIds []*int64 `json:"DropManagedIds,omitnil,omitempty" name:"DropManagedIds"`
}
@@ -984,19 +991,15 @@ type BotPortraitRule struct {
RuleID *int64 `json:"RuleID,omitnil,omitempty" name:"RuleID"`
// JS挑战的规则ID。默认所有规则不配置JS挑战。
- // 注意:此字段可能返回 null,表示取不到有效值。
AlgManagedIds []*int64 `json:"AlgManagedIds,omitnil,omitempty" name:"AlgManagedIds"`
// 数字验证码的规则ID。默认所有规则不配置数字验证码。
- // 注意:此字段可能返回 null,表示取不到有效值。
CapManagedIds []*int64 `json:"CapManagedIds,omitnil,omitempty" name:"CapManagedIds"`
// 观察的规则ID。默认所有规则不配置观察。
- // 注意:此字段可能返回 null,表示取不到有效值。
MonManagedIds []*int64 `json:"MonManagedIds,omitnil,omitempty" name:"MonManagedIds"`
// 拦截的规则ID。默认所有规则不配置拦截。
- // 注意:此字段可能返回 null,表示取不到有效值。
DropManagedIds []*int64 `json:"DropManagedIds,omitnil,omitempty" name:"DropManagedIds"`
}
@@ -1091,7 +1094,6 @@ type Cache struct {
// 缓存过期时间设置。
// 单位为秒,最大可设置为 365 天。
- // 注意:此字段可能返回 null,表示取不到有效值。
CacheTime *int64 `json:"CacheTime,omitnil,omitempty" name:"CacheTime"`
// 是否开启强制缓存,取值有:
@@ -1145,13 +1147,11 @@ type CacheKey struct {
// 是否开启全路径缓存,取值有:
// on:开启全路径缓存(即关闭参数忽略);
// off:关闭全路径缓存(即开启参数忽略)。
- // 注意:此字段可能返回 null,表示取不到有效值。
FullUrlCache *string `json:"FullUrlCache,omitnil,omitempty" name:"FullUrlCache"`
// 是否忽略大小写缓存,取值有:
// on:忽略;
// off:不忽略。
- // 注意:此字段可能返回 null,表示取不到有效值。
IgnoreCase *string `json:"IgnoreCase,omitnil,omitempty" name:"IgnoreCase"`
// CacheKey 中包含请求参数。
@@ -1266,7 +1266,6 @@ type CachePrefresh struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 缓存预刷新百分比,取值范围:1-99。
- // 注意:此字段可能返回 null,表示取不到有效值。
Percent *int64 `json:"Percent,omitnil,omitempty" name:"Percent"`
}
@@ -1316,6 +1315,17 @@ type CertificateInfo struct {
Status *string `json:"Status,omitnil,omitempty" name:"Status"`
}
+type ChallengeActionParameters struct {
+ // 安全执行的具体挑战动作。取值有: InterstitialChallenge:插页式挑战; InlineChallenge:内嵌式挑战; JSChallenge:JavaScript 挑战; ManagedChallenge:托管挑战。
+ ChallengeOption *string `json:"ChallengeOption,omitnil,omitempty" name:"ChallengeOption"`
+
+ // 重复挑战的时间间隔,当 Name 为 InterstitialChallenge/InlineChallenge 时,该字段必填。默认值为 300s。支持的单位有:s:秒,取值范围1~60;m:分,取值范围1~60;h:小时,取值范围1~24。
+ Interval *string `json:"Interval,omitnil,omitempty" name:"Interval"`
+
+ // 客户端认证方式 ID 。当 Name 为 InterstitialChallenge/InlineChallenge 时,该字段必填。
+ AttesterId *string `json:"AttesterId,omitnil,omitempty" name:"AttesterId"`
+}
+
// Predefined struct for user
type CheckCnameStatusRequestParams struct {
// 站点 ID。
@@ -1394,6 +1404,14 @@ type CheckRegionHealthStatus struct {
OriginHealthStatus []*OriginHealthStatus `json:"OriginHealthStatus,omitnil,omitempty" name:"OriginHealthStatus"`
}
+type ClientFiltering struct {
+ // 智能客户端过滤是否开启。取值有:on:开启;off:关闭。
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+
+ // 智能客户端过滤的处置方式,当 Enabled 为 on 时,此字段必填。SecurityAction 的 Name 取值支持:Monitor:观察;Deny:拦截;Challenge:挑战,其中ChallengeActionParameters.Name仅支持JSChallenge。
+ Action *SecurityAction `json:"Action,omitnil,omitempty" name:"Action"`
+}
+
type ClientIPCountryParameters struct {
// 配置开关,取值有:
// on:开启;
@@ -1432,7 +1450,6 @@ type ClientIpHeader struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 回源时,存放客户端 IP 的请求头名称。当 Switch 为 on 时,该参数必填。该参数不允许填写 X-Forwarded-For。
- // 注意:此字段可能返回 null,表示取不到有效值。
HeaderName *string `json:"HeaderName,omitnil,omitempty" name:"HeaderName"`
}
@@ -1444,10 +1461,9 @@ type CnameStatus struct {
// 注意:此字段可能返回 null,表示取不到有效值。
Cname *string `json:"Cname,omitnil,omitempty" name:"Cname"`
- // Cname状态信息,取值有:
+ // CNAME 状态信息,取值有:
// active:生效;
- // moved:不生效。
- // 注意:此字段可能返回 null,表示取不到有效值。
+ // moved:不生效;
Status *string `json:"Status,omitnil,omitempty" name:"Status"`
}
@@ -1468,7 +1484,6 @@ type Compression struct {
// 支持的压缩算法列表,取值有:
// brotli:brotli算法;
// gzip:gzip算法。
- // 注意:此字段可能返回 null,表示取不到有效值。
Algorithms []*string `json:"Algorithms,omitnil,omitempty" name:"Algorithms"`
}
@@ -3259,6 +3274,19 @@ type CreatePrefetchTaskRequestParams struct {
// 附带的http头部信息。
Headers []*Header `json:"Headers,omitnil,omitempty" name:"Headers"`
+
+ // 媒体分片预热控制,取值有:
+ // on:开启分片预热,预热描述文件,并递归解析描述文件分片进行预热;
+ // off:仅预热提交的描述文件;不填写时,默认值为 off。
+ //
+ // 注意事项:
+ // 1. 支持的描述文件为 M3U8,对应分片为 TS;
+ // 2. 要求描述文件能正常请求,并按行业标准描述分片路径;
+ // 3. 递归解析深度不超过 3 层;
+ // 4. 解析获取的分片会正常累加每日预热用量,当用量超出配额时,会静默处理,不再执行预热。
+ //
+ // 该参数为白名单功能,如有需要,请联系腾讯云工程师处理。
+ PrefetchMediaSegments *string `json:"PrefetchMediaSegments,omitnil,omitempty" name:"PrefetchMediaSegments"`
}
type CreatePrefetchTaskRequest struct {
@@ -3278,6 +3306,19 @@ type CreatePrefetchTaskRequest struct {
// 附带的http头部信息。
Headers []*Header `json:"Headers,omitnil,omitempty" name:"Headers"`
+
+ // 媒体分片预热控制,取值有:
+ // on:开启分片预热,预热描述文件,并递归解析描述文件分片进行预热;
+ // off:仅预热提交的描述文件;不填写时,默认值为 off。
+ //
+ // 注意事项:
+ // 1. 支持的描述文件为 M3U8,对应分片为 TS;
+ // 2. 要求描述文件能正常请求,并按行业标准描述分片路径;
+ // 3. 递归解析深度不超过 3 层;
+ // 4. 解析获取的分片会正常累加每日预热用量,当用量超出配额时,会静默处理,不再执行预热。
+ //
+ // 该参数为白名单功能,如有需要,请联系腾讯云工程师处理。
+ PrefetchMediaSegments *string `json:"PrefetchMediaSegments,omitnil,omitempty" name:"PrefetchMediaSegments"`
}
func (r *CreatePrefetchTaskRequest) ToJsonString() string {
@@ -3296,6 +3337,7 @@ func (r *CreatePrefetchTaskRequest) FromJsonString(s string) error {
delete(f, "Targets")
delete(f, "EncodeUrl")
delete(f, "Headers")
+ delete(f, "PrefetchMediaSegments")
if len(f) > 0 {
return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "CreatePrefetchTaskRequest has unknown keys!", "")
}
@@ -3345,10 +3387,10 @@ type CreatePurgeTaskRequestParams struct {
// purge_cache_tag:cache-tag 刷新。缓存清除类型详情请查看[清除缓存](https://cloud.tencent.com/document/product/1552/70759)。
Type *string `json:"Type,omitnil,omitempty" name:"Type"`
- // 节点缓存清除方法,针对目录刷新、Hostname刷新以及刷新全部缓存类型有效,取值有: invalidate:仅刷新目录下产生了更新的资源; delete:无论目录下资源是否更新都刷新节点资源。默认值: invalidate。
+ // 节点缓存清除方法,针对目录刷新、Hostname 刷新以及刷新全部缓存类型有效,取值有: invalidate:仅刷新目录下产生了更新的资源; delete:无论目录下资源是否更新都刷新节点资源。默认值: invalidate。
Method *string `json:"Method,omitnil,omitempty" name:"Method"`
- // 要清除缓存的资源列表。每个元素格式依据清除缓存类型而定,可参考接口示例。单次提交的任务数受计费套餐配额限制,请查看 [EO计费套餐](https://cloud.tencent.com/document/product/1552/77380)。
+ // 需清除缓存的资源列表,如 https://www.example.com/example.jpg,必须携带协议信息。更多元素格式依据清除缓存类型而定,可参考下方接口调用示例。单次提交的任务数受计费套餐配额限制,请查看 [EO 计费套餐](https://cloud.tencent.com/document/product/1552/77380)。
Targets []*string `json:"Targets,omitnil,omitempty" name:"Targets"`
// 若有编码转换,仅清除编码转换后匹配的资源。
@@ -3376,10 +3418,10 @@ type CreatePurgeTaskRequest struct {
// purge_cache_tag:cache-tag 刷新。缓存清除类型详情请查看[清除缓存](https://cloud.tencent.com/document/product/1552/70759)。
Type *string `json:"Type,omitnil,omitempty" name:"Type"`
- // 节点缓存清除方法,针对目录刷新、Hostname刷新以及刷新全部缓存类型有效,取值有: invalidate:仅刷新目录下产生了更新的资源; delete:无论目录下资源是否更新都刷新节点资源。默认值: invalidate。
+ // 节点缓存清除方法,针对目录刷新、Hostname 刷新以及刷新全部缓存类型有效,取值有: invalidate:仅刷新目录下产生了更新的资源; delete:无论目录下资源是否更新都刷新节点资源。默认值: invalidate。
Method *string `json:"Method,omitnil,omitempty" name:"Method"`
- // 要清除缓存的资源列表。每个元素格式依据清除缓存类型而定,可参考接口示例。单次提交的任务数受计费套餐配额限制,请查看 [EO计费套餐](https://cloud.tencent.com/document/product/1552/77380)。
+ // 需清除缓存的资源列表,如 https://www.example.com/example.jpg,必须携带协议信息。更多元素格式依据清除缓存类型而定,可参考下方接口调用示例。单次提交的任务数受计费套餐配额限制,请查看 [EO 计费套餐](https://cloud.tencent.com/document/product/1552/77380)。
Targets []*string `json:"Targets,omitnil,omitempty" name:"Targets"`
// 若有编码转换,仅清除编码转换后匹配的资源。
@@ -4042,17 +4084,14 @@ type CustomField struct {
// RspHeader:从 HTTP 响应头中提取指定字段值;
// Cookie: 从 Cookie 中提取指定字段值;
// ReqBody: 从 HTTP 请求正文中通过 Google RE2 正则表达式提取指定内容。
- // 注意:此字段可能返回 null,表示取不到有效值。
Name *string `json:"Name,omitnil,omitempty" name:"Name"`
// 根据字段类型(Name)填入字段值的定义。需要区分大小写。
// 当字段类型为 ReqHeader、RspHeader、Cookie 时,填入需要提取值的参数名称,例如:Accept-Language。可输入 1-100 个字符,允许的字符开头为字母,中间为字母、数字、-,结尾为字母、数字;
// 当字段类型为 ReqBody 时,填入 Google RE2 正则表达式,正则表达式长度上限为 4KB。
- // 注意:此字段可能返回 null,表示取不到有效值。
Value *string `json:"Value,omitnil,omitempty" name:"Value"`
// 是否投递该字段,不填表示不投递此字段。
- // 注意:此字段可能返回 null,表示取不到有效值。
Enabled *bool `json:"Enabled,omitnil,omitempty" name:"Enabled"`
}
@@ -4101,11 +4140,9 @@ type CustomTime struct {
type CustomizedHeader struct {
// 自定义头部 Key。
- // 注意:此字段可能返回 null,表示取不到有效值。
Key *string `json:"Key,omitnil,omitempty" name:"Key"`
// 自定义头部 Value。
- // 注意:此字段可能返回 null,表示取不到有效值。
Value *string `json:"Value,omitnil,omitempty" name:"Value"`
}
@@ -4191,49 +4228,39 @@ type DDosProtectionConfig struct {
type DefaultServerCertInfo struct {
// 服务器证书 ID。
- // 注意:此字段可能返回 null,表示取不到有效值。
CertId *string `json:"CertId,omitnil,omitempty" name:"CertId"`
// 证书备注名。
- // 注意:此字段可能返回 null,表示取不到有效值。
Alias *string `json:"Alias,omitnil,omitempty" name:"Alias"`
// 证书类型,取值有:
// default: 默认证书;
// upload:用户上传;
// managed:腾讯云托管。
- // 注意:此字段可能返回 null,表示取不到有效值。
Type *string `json:"Type,omitnil,omitempty" name:"Type"`
// 证书过期时间。
- // 注意:此字段可能返回 null,表示取不到有效值。
ExpireTime *string `json:"ExpireTime,omitnil,omitempty" name:"ExpireTime"`
// 证书生效时间。
- // 注意:此字段可能返回 null,表示取不到有效值。
EffectiveTime *string `json:"EffectiveTime,omitnil,omitempty" name:"EffectiveTime"`
// 证书公用名。
- // 注意:此字段可能返回 null,表示取不到有效值。
CommonName *string `json:"CommonName,omitnil,omitempty" name:"CommonName"`
// 证书SAN域名。
- // 注意:此字段可能返回 null,表示取不到有效值。
SubjectAltName []*string `json:"SubjectAltName,omitnil,omitempty" name:"SubjectAltName"`
// 部署状态,取值有:
// processing: 部署中;
// deployed: 已部署;
// failed: 部署失败。
- // 注意:此字段可能返回 null,表示取不到有效值。
Status *string `json:"Status,omitnil,omitempty" name:"Status"`
// Status为失败时,此字段返回失败原因。
- // 注意:此字段可能返回 null,表示取不到有效值。
Message *string `json:"Message,omitnil,omitempty" name:"Message"`
// 证书算法。
- // 注意:此字段可能返回 null,表示取不到有效值。
SignAlgo *string `json:"SignAlgo,omitnil,omitempty" name:"SignAlgo"`
}
@@ -5416,6 +5443,38 @@ type DeliveryCondition struct {
Conditions []*QueryCondition `json:"Conditions,omitnil,omitempty" name:"Conditions"`
}
+type DenyActionParameters struct {
+ // 是否对来源 IP 延长封禁。取值有:
+ // on:开启;
+ // off:关闭。
+ // 启用后,对触发规则的客户端 IP 持续拦截。当启用该选项时,必须同时指定 BlockIpDuration 参数。
+ // 注意:该选项不可与 ReturnCustomPage 或 Stall 选项同时启用。
+ BlockIp *string `json:"BlockIp,omitnil,omitempty" name:"BlockIp"`
+
+ // 当 BlockIP 为 on 时IP 的封禁时长。
+ BlockIpDuration *string `json:"BlockIpDuration,omitnil,omitempty" name:"BlockIpDuration"`
+
+ // 是否使用自定义页面。取值有:
+ // on:开启;
+ // off:关闭。
+ // 启用后,使用自定义页面内容拦截(响应)请求,当启用该选项时,必须同时指定 ResponseCode 和 ErrorPageId 参数。
+ // 注意:该选项不可与 BlockIp 或 Stall 选项同时启用。
+ ReturnCustomPage *string `json:"ReturnCustomPage,omitnil,omitempty" name:"ReturnCustomPage"`
+
+ // 自定义页面的状态码。
+ ResponseCode *string `json:"ResponseCode,omitnil,omitempty" name:"ResponseCode"`
+
+ // 自定义页面的PageId。
+ ErrorPageId *string `json:"ErrorPageId,omitnil,omitempty" name:"ErrorPageId"`
+
+ // 是否对请求来源挂起不予处理。取值有:
+ // on:开启;
+ // off:关闭。
+ // 启用后,不再响应当前连接会话内请求,且不会主动断开连接。用于爬虫对抗时,消耗客户端连接资源。
+ // 注意:该选项不可与 BlockIp 或 ReturnCustomPage 选项同时启用。
+ Stall *string `json:"Stall,omitnil,omitempty" name:"Stall"`
+}
+
// Predefined struct for user
type DeployConfigGroupVersionRequestParams struct {
// 站点 ID。
@@ -5511,7 +5570,6 @@ type DeployRecord struct {
Message *string `json:"Message,omitnil,omitempty" name:"Message"`
// 发布记录 ID。
- // 注意:此字段可能返回 null,表示取不到有效值。
RecordId *string `json:"RecordId,omitnil,omitempty" name:"RecordId"`
// 变更说明。
@@ -8061,7 +8119,7 @@ type DescribeOriginGroupRequestParams struct {
Limit *uint64 `json:"Limit,omitnil,omitempty" name:"Limit"`
// 过滤条件,Filters.Values的上限为20。详细的过滤条件如下:
- // origin-group-id
按照【源站组ID】进行过滤。源站组ID形如:origin-2ccgtb24-7dc5-46s2-9r3e-95825d53dwe3a
模糊查询:不支持origin-group-name
按照【源站组名称】进行过滤
模糊查询:支持。使用模糊查询时,仅支持填写一个源站组名称
+ // origin-group-id:按照源站组 ID 进行过滤,不支持模糊查询。源站组 ID 形如:origin-2ccgtb24-7dc5-46s2-9r3e-95825d53dwe3a;origin-group-name: 按照源站组名称进行过滤,使用模糊查询时,仅支持填写一个源站组名称。
Filters []*AdvancedFilter `json:"Filters,omitnil,omitempty" name:"Filters"`
}
@@ -8078,7 +8136,7 @@ type DescribeOriginGroupRequest struct {
Limit *uint64 `json:"Limit,omitnil,omitempty" name:"Limit"`
// 过滤条件,Filters.Values的上限为20。详细的过滤条件如下:
- // origin-group-id
按照【源站组ID】进行过滤。源站组ID形如:origin-2ccgtb24-7dc5-46s2-9r3e-95825d53dwe3a
模糊查询:不支持origin-group-name
按照【源站组名称】进行过滤
模糊查询:支持。使用模糊查询时,仅支持填写一个源站组名称
+ // origin-group-id:按照源站组 ID 进行过滤,不支持模糊查询。源站组 ID 形如:origin-2ccgtb24-7dc5-46s2-9r3e-95825d53dwe3a;origin-group-name: 按照源站组名称进行过滤,使用模糊查询时,仅支持填写一个源站组名称。
Filters []*AdvancedFilter `json:"Filters,omitnil,omitempty" name:"Filters"`
}
@@ -8378,6 +8436,102 @@ func (r *DescribeOverviewL7DataResponse) FromJsonString(s string) error {
return json.Unmarshal([]byte(s), &r)
}
+// Predefined struct for user
+type DescribePlansRequestParams struct {
+ // 过滤条件,Filters.Values 的上限为 20。详细的过滤条件如下:plan-type
按照【套餐类型】进行过滤。
可选的类型有:
plan-trial:试用版套餐;
plan-personal:个人版套餐;
plan-basic:基础版套餐;
plan-standard:标准版套餐;
plan-enterprise:企业版套餐。 plan-id
按照【套餐 ID】进行过滤。套餐 ID 形如:edgeone-268z103ob0sx。area
按照【套餐加速地域】进行过滤。 服务区域,可选的类型有:
mainland: 中国大陆;
overseas: 全球(不包括中国大陆);
global: 全球(包括中国大陆)。
status
按照【套餐状态】进行过滤。
可选的状态有:
normal:正常状态;
expiring-soon:即将过期;
expired:已到期;
isolated:已隔离。
+ Filters []*Filter `json:"Filters,omitnil,omitempty" name:"Filters"`
+
+ // 排序字段,取值有:
+ // enable-time:生效时间;
+ // expire-time:过期时间。不填写使用默认值 enable-time。
+ Order *string `json:"Order,omitnil,omitempty" name:"Order"`
+
+ // 排序方向,取值有:
+ // asc:从小到大排序;
+ // desc:从大到小排序。不填写使用默认值 desc。
+ Direction *string `json:"Direction,omitnil,omitempty" name:"Direction"`
+
+ // 分页查询限制数目。默认值:20,最大值:200。
+ Limit *int64 `json:"Limit,omitnil,omitempty" name:"Limit"`
+
+ // 分页查询偏移量。默认值:0。
+ Offset *int64 `json:"Offset,omitnil,omitempty" name:"Offset"`
+}
+
+type DescribePlansRequest struct {
+ *tchttp.BaseRequest
+
+ // 过滤条件,Filters.Values 的上限为 20。详细的过滤条件如下:plan-type
按照【套餐类型】进行过滤。
可选的类型有:
plan-trial:试用版套餐;
plan-personal:个人版套餐;
plan-basic:基础版套餐;
plan-standard:标准版套餐;
plan-enterprise:企业版套餐。 plan-id
按照【套餐 ID】进行过滤。套餐 ID 形如:edgeone-268z103ob0sx。area
按照【套餐加速地域】进行过滤。 服务区域,可选的类型有:
mainland: 中国大陆;
overseas: 全球(不包括中国大陆);
global: 全球(包括中国大陆)。
status
按照【套餐状态】进行过滤。
可选的状态有:
normal:正常状态;
expiring-soon:即将过期;
expired:已到期;
isolated:已隔离。
+ Filters []*Filter `json:"Filters,omitnil,omitempty" name:"Filters"`
+
+ // 排序字段,取值有:
+ // enable-time:生效时间;
+ // expire-time:过期时间。不填写使用默认值 enable-time。
+ Order *string `json:"Order,omitnil,omitempty" name:"Order"`
+
+ // 排序方向,取值有:
+ // asc:从小到大排序;
+ // desc:从大到小排序。不填写使用默认值 desc。
+ Direction *string `json:"Direction,omitnil,omitempty" name:"Direction"`
+
+ // 分页查询限制数目。默认值:20,最大值:200。
+ Limit *int64 `json:"Limit,omitnil,omitempty" name:"Limit"`
+
+ // 分页查询偏移量。默认值:0。
+ Offset *int64 `json:"Offset,omitnil,omitempty" name:"Offset"`
+}
+
+func (r *DescribePlansRequest) ToJsonString() string {
+ b, _ := json.Marshal(r)
+ return string(b)
+}
+
+// FromJsonString It is highly **NOT** recommended to use this function
+// because it has no param check, nor strict type check
+func (r *DescribePlansRequest) FromJsonString(s string) error {
+ f := make(map[string]interface{})
+ if err := json.Unmarshal([]byte(s), &f); err != nil {
+ return err
+ }
+ delete(f, "Filters")
+ delete(f, "Order")
+ delete(f, "Direction")
+ delete(f, "Limit")
+ delete(f, "Offset")
+ if len(f) > 0 {
+ return tcerr.NewTencentCloudSDKError("ClientError.BuildRequestError", "DescribePlansRequest has unknown keys!", "")
+ }
+ return json.Unmarshal([]byte(s), &r)
+}
+
+// Predefined struct for user
+type DescribePlansResponseParams struct {
+ // 符合条件的套餐个数。
+ TotalCount *int64 `json:"TotalCount,omitnil,omitempty" name:"TotalCount"`
+
+ // 套餐信息列表。
+ Plans []*Plan `json:"Plans,omitnil,omitempty" name:"Plans"`
+
+ // 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。
+ RequestId *string `json:"RequestId,omitnil,omitempty" name:"RequestId"`
+}
+
+type DescribePlansResponse struct {
+ *tchttp.BaseResponse
+ Response *DescribePlansResponseParams `json:"Response"`
+}
+
+func (r *DescribePlansResponse) ToJsonString() string {
+ b, _ := json.Marshal(r)
+ return string(b)
+}
+
+// FromJsonString It is highly **NOT** recommended to use this function
+// because it has no param check, nor strict type check
+func (r *DescribePlansResponse) FromJsonString(s string) error {
+ return json.Unmarshal([]byte(s), &r)
+}
+
// Predefined struct for user
type DescribePrefetchTasksRequestParams struct {
// 站点ID。该参数必填。
@@ -8905,7 +9059,7 @@ func (r *DescribeSecurityIPGroupRequest) FromJsonString(s string) error {
// Predefined struct for user
type DescribeSecurityIPGroupResponseParams struct {
- // 安全 IP 组的详细配置信息。包含每个安全 IP 组的 ID 、名称和 IP / 网段列表信息。
+ // 安全 IP 组的详细配置信息。包含每个安全 IP 组的 ID 、名称、 IP / 网段列表信息和过期时间信息。
IPGroups []*IPGroup `json:"IPGroups,omitnil,omitempty" name:"IPGroups"`
// 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。
@@ -10552,11 +10706,9 @@ type DropPageConfig struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// Waf(托管规则)模块的拦截页面配置。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
WafDropPageDetail *DropPageDetail `json:"WafDropPageDetail,omitnil,omitempty" name:"WafDropPageDetail"`
// 自定义页面的拦截页面配置。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
AclDropPageDetail *DropPageDetail `json:"AclDropPageDetail,omitnil,omitempty" name:"AclDropPageDetail"`
}
@@ -10648,7 +10800,6 @@ type ExceptConfig struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 例外规则详情。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
ExceptUserRules []*ExceptUserRule `json:"ExceptUserRules,omitnil,omitempty" name:"ExceptUserRules"`
}
@@ -10668,15 +10819,12 @@ type ExceptUserRule struct {
RuleID *int64 `json:"RuleID,omitnil,omitempty" name:"RuleID"`
// 更新时间,如果为null,默认由底层按当前时间生成。
- // 注意:此字段可能返回 null,表示取不到有效值。
UpdateTime *string `json:"UpdateTime,omitnil,omitempty" name:"UpdateTime"`
// 匹配条件。
- // 注意:此字段可能返回 null,表示取不到有效值。
ExceptUserRuleConditions []*ExceptUserRuleCondition `json:"ExceptUserRuleConditions,omitnil,omitempty" name:"ExceptUserRuleConditions"`
// 规则生效的范围。
- // 注意:此字段可能返回 null,表示取不到有效值。
ExceptUserRuleScope *ExceptUserRuleScope `json:"ExceptUserRuleScope,omitnil,omitempty" name:"ExceptUserRuleScope"`
// 优先级,取值范围0-100。如果为null,默认由底层设置为0。
@@ -10736,18 +10884,52 @@ type ExceptUserRuleScope struct {
// acl:自定义规则;
// cc:cc攻击防护;
// bot:Bot防护。
- // 注意:此字段可能返回 null,表示取不到有效值。
Modules []*string `json:"Modules,omitnil,omitempty" name:"Modules"`
// 跳过部分规则ID的例外规则详情。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
PartialModules []*PartialModule `json:"PartialModules,omitnil,omitempty" name:"PartialModules"`
// 跳过具体字段不去扫描的例外规则详情。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
SkipConditions []*SkipCondition `json:"SkipConditions,omitnil,omitempty" name:"SkipConditions"`
}
+type ExceptionRule struct {
+ // 例外规则的 ID。
通过规则 ID 可支持不同的规则配置操作:
增加新规则:ID 为空或不指定 ID 参数; 修改已有规则:指定需要更新/修改的规则 ID; 删除已有规则:ExceptionRules 参数中,Rules 列表中未包含的已有规则将被删除。
+ Id *string `json:"Id,omitnil,omitempty" name:"Id"`
+
+ // 例外规则的名称。
+ Name *string `json:"Name,omitnil,omitempty" name:"Name"`
+
+ // 例外规则的具体内容,需符合表达式语法,详细规范参见产品文档。
+ Condition *string `json:"Condition,omitnil,omitempty" name:"Condition"`
+
+ // 例外规则执行选项,取值有:WebSecurityModules: 指定例外规则的安全防护模块。ManagedRules:指定托管规则。
+ SkipScope *string `json:"SkipScope,omitnil,omitempty" name:"SkipScope"`
+
+ // 跳过请求的具体类型,取值有:SkipOnAllRequestFields: 跳过所有请求;SkipOnSpecifiedRequestFields: 跳过指定请求字段。仅当 SkipScope 为 ManagedRules 时有效。
+ SkipOption *string `json:"SkipOption,omitnil,omitempty" name:"SkipOption"`
+
+ // 指定例外规则的安全防护模块,仅当 SkipScope 为 WebSecurityModules 时有效。取值有:websec-mod-managed-rules:托管规则;websec-mod-rate-limiting:速率限制;websec-mod-custom-rules:自定义规则;websec-mod-adaptive-control:自适应频控、智能客户端过滤、慢速攻击防护、流量盗刷防护;websec-mod-bot:Bot管理。
+ WebSecurityModulesForException []*string `json:"WebSecurityModulesForException,omitnil,omitempty" name:"WebSecurityModulesForException"`
+
+ // 指定例外规则的具体托管规则,仅当 SkipScope 为 ManagedRules 时有效,且此时不能指定 ManagedRuleGroupsForException 。
+ ManagedRulesForException []*string `json:"ManagedRulesForException,omitnil,omitempty" name:"ManagedRulesForException"`
+
+ // 指定例外规则的托管规则组,仅当 SkipScope 为 ManagedRules 时有效,且此时不能指定 ManagedRulesForException 。
+ ManagedRuleGroupsForException []*string `json:"ManagedRuleGroupsForException,omitnil,omitempty" name:"ManagedRuleGroupsForException"`
+
+ // 指定例外规则跳过指定请求字段的具体配置,仅当 SkipScope 为 ManagedRules 并且 SkipOption 为 SkipOnSpecifiedRequestFields 时有效。
+ RequestFieldsForException []*RequestFieldsForException `json:"RequestFieldsForException,omitnil,omitempty" name:"RequestFieldsForException"`
+
+ // 例外规则是否开启。取值有:on:开启off:关闭
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+}
+
+type ExceptionRules struct {
+ // 例外规则的定义列表。使用 ModifySecurityPolicy 修改 Web 防护配置时: 若未指定 Rules 参数,或 Rules 参数长度为零:清空所有例外规则配置。若 SecurityPolicy 参数中,未指定 ExceptionRules 参数值:保持已有例外规则配置,不做修改。
+ Rules []*ExceptionRule `json:"Rules,omitnil,omitempty" name:"Rules"`
+}
+
// Predefined struct for user
type ExportZoneConfigRequestParams struct {
// 站点 ID。
@@ -10850,11 +11032,9 @@ type FirstPartConfig struct {
// 开关,取值有:
// on:开启;
// off:关闭。
- // 注意:此字段可能返回 null,表示取不到有效值。
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 首段包的统计时长,单位是秒,即期望首段包的统计时长是多少,默认5秒。
- // 注意:此字段可能返回 null,表示取不到有效值。
StatTime *uint64 `json:"StatTime,omitnil,omitempty" name:"StatTime"`
}
@@ -10887,7 +11067,6 @@ type ForceRedirect struct {
// 重定向状态码,取值有:
// 301:301跳转;
// 302:302跳转。
- // 注意:此字段可能返回 null,表示取不到有效值。
RedirectStatusCode *int64 `json:"RedirectStatusCode,omitnil,omitempty" name:"RedirectStatusCode"`
}
@@ -11209,33 +11388,42 @@ type Hsts struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// MaxAge 数值。单位为秒,最大值为1天。
- // 注意:此字段可能返回 null,表示取不到有效值。
MaxAge *int64 `json:"MaxAge,omitnil,omitempty" name:"MaxAge"`
// 是否包含子域名,取值有:
// on:开启;
// off:关闭。
- // 注意:此字段可能返回 null,表示取不到有效值。
IncludeSubDomains *string `json:"IncludeSubDomains,omitnil,omitempty" name:"IncludeSubDomains"`
// 是否开启预加载,取值有:
// on:开启;
// off:关闭。
- // 注意:此字段可能返回 null,表示取不到有效值。
Preload *string `json:"Preload,omitnil,omitempty" name:"Preload"`
}
+type HttpDDoSProtection struct {
+ // 自适应频控的具体配置。
+ AdaptiveFrequencyControl *AdaptiveFrequencyControl `json:"AdaptiveFrequencyControl,omitnil,omitempty" name:"AdaptiveFrequencyControl"`
+
+ // 智能客户端过滤的具体配置。
+ ClientFiltering *ClientFiltering `json:"ClientFiltering,omitnil,omitempty" name:"ClientFiltering"`
+
+ // 流量防盗刷的具体配置。
+ BandwidthAbuseDefense *BandwidthAbuseDefense `json:"BandwidthAbuseDefense,omitnil,omitempty" name:"BandwidthAbuseDefense"`
+
+ // 慢速攻击防护的具体配置。
+ SlowAttackDefense *SlowAttackDefense `json:"SlowAttackDefense,omitnil,omitempty" name:"SlowAttackDefense"`
+}
+
type Https struct {
// http2 配置开关,取值有:
// on:开启;
// off:关闭。
- // 注意:此字段可能返回 null,表示取不到有效值。
Http2 *string `json:"Http2,omitnil,omitempty" name:"Http2"`
// OCSP 配置开关,取值有:
// on:开启;
// off:关闭。
- // 注意:此字段可能返回 null,表示取不到有效值。
OcspStapling *string `json:"OcspStapling,omitnil,omitempty" name:"OcspStapling"`
// Tls 版本设置,取值有:
@@ -11243,7 +11431,6 @@ type Https struct {
// TLSV1.1:TLSv1.1版本;
// TLSV1.2:TLSv1.2版本;
// TLSv1.3:TLSv1.3版本。修改时必须开启连续的版本。
- // 注意:此字段可能返回 null,表示取不到有效值。
TlsVersion []*string `json:"TlsVersion,omitnil,omitempty" name:"TlsVersion"`
// HSTS 配置。
@@ -11257,17 +11444,23 @@ type Https struct {
// 申请类型,取值有:
// apply:托管EdgeOne;
// none:不托管EdgeOne。不填,默认取值为none。
- // 注意:此字段可能返回 null,表示取不到有效值。
ApplyType *string `json:"ApplyType,omitnil,omitempty" name:"ApplyType"`
// 密码套件,取值有:
// loose-v2023:提供高兼容性,安全性一般,支持 TLS 1.0-1.3 密码套件;
// general-v2023:提供较高兼容性,安全性中等,支持 TLS 1.2-1.3 密码套件;
// strict-v2023:提供高安全性能,禁用所有含不安全隐患的加密套件,支持 TLS 1.2-1.3 密码套件。
- // 注意:此字段可能返回 null,表示取不到有效值。
CipherSuite *string `json:"CipherSuite,omitnil,omitempty" name:"CipherSuite"`
}
+type IPExpireInfo struct {
+ // 定时过期时间,遵循 ISO 8601 标准的日期和时间格式。例如 "2022-01-01T00:00:00+08:00"。
+ ExpireTime *string `json:"ExpireTime,omitnil,omitempty" name:"ExpireTime"`
+
+ // IP 列表。仅支持 IP 及 IP 网段。
+ IPList []*string `json:"IPList,omitnil,omitempty" name:"IPList"`
+}
+
type IPGroup struct {
// 组 Id,创建时填 0 即可。
GroupId *int64 `json:"GroupId,omitnil,omitempty" name:"GroupId"`
@@ -11275,8 +11468,15 @@ type IPGroup struct {
// 组名称。
Name *string `json:"Name,omitnil,omitempty" name:"Name"`
- // IP 组内容,仅支持 IP 及 IP 掩码。
+ // IP 组内容,仅支持 IP 及 IP 网段。
Content []*string `json:"Content,omitnil,omitempty" name:"Content"`
+
+ // IP 定时过期信息。
+ // 作为入参:用于为指定的 IP 地址或网段配置定时过期时间。
+ // 作为出参,包含以下两类信息:
+ // 当前未到期的定时过期信息:尚未触发的过期配置。
+ // 一周内已到期的定时过期信息:已触发的过期配置。
+ IPExpireInfo []*IPExpireInfo `json:"IPExpireInfo,omitnil,omitempty" name:"IPExpireInfo"`
}
type IPRegionInfo struct {
@@ -11309,7 +11509,6 @@ type Identification struct {
ZoneName *string `json:"ZoneName,omitnil,omitempty" name:"ZoneName"`
// 验证子域名。验证站点时,该值为空。验证子域名是为具体子域名。
- // 注意:此字段可能返回 null,表示取不到有效值。
Domain *string `json:"Domain,omitnil,omitempty" name:"Domain"`
// 验证状态,取值有:
@@ -11321,7 +11520,6 @@ type Identification struct {
Ascription *AscriptionInfo `json:"Ascription,omitnil,omitempty" name:"Ascription"`
// 域名当前的 NS 记录。
- // 注意:此字段可能返回 null,表示取不到有效值。
OriginalNameServers []*string `json:"OriginalNameServers,omitnil,omitempty" name:"OriginalNameServers"`
// 站点归属权校验:文件校验信息。
@@ -11541,11 +11739,9 @@ type IntelligenceRule struct {
// 开关,取值有:
// on:开启;
// off:关闭。
- // 注意:此字段可能返回 null,表示取不到有效值。
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 规则详情。
- // 注意:此字段可能返回 null,表示取不到有效值。
IntelligenceRuleItems []*IntelligenceRuleItem `json:"IntelligenceRuleItems,omitnil,omitempty" name:"IntelligenceRuleItems"`
}
@@ -11570,11 +11766,9 @@ type IpTableConfig struct {
// 开关,取值有:
// on:开启;
// off:关闭;
- // 注意:此字段可能返回 null,表示取不到有效值。
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 基础管控规则。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
IpTableRules []*IpTableRule `json:"IpTableRules,omitnil,omitempty" name:"IpTableRules"`
}
@@ -11622,7 +11816,6 @@ type IpTableRule struct {
Status *string `json:"Status,omitnil,omitempty" name:"Status"`
// 规则名。
- // 注意:此字段可能返回 null,表示取不到有效值。
RuleName *string `json:"RuleName,omitnil,omitempty" name:"RuleName"`
// 匹配内容。支持多值输入。
@@ -12020,6 +12213,17 @@ type MaxAgeParameters struct {
CacheTime *int64 `json:"CacheTime,omitnil,omitempty" name:"CacheTime"`
}
+type MinimalRequestBodyTransferRate struct {
+ // 正文传输最小速率阈值,单位仅支持bps。
+ MinimalAvgTransferRateThreshold *string `json:"MinimalAvgTransferRateThreshold,omitnil,omitempty" name:"MinimalAvgTransferRateThreshold"`
+
+ // 正文传输最小速率统计时间范围,取值有:10s:10秒;30s:30秒;60s:60秒;120s:120秒。
+ CountingPeriod *string `json:"CountingPeriod,omitnil,omitempty" name:"CountingPeriod"`
+
+ // 正文传输最小速率阈值是否开启。取值有:on:开启;off:关闭。
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+}
+
// Predefined struct for user
type ModifyAccelerationDomainRequestParams struct {
// 加速域名所属站点ID。
@@ -14104,15 +14308,15 @@ type ModifyOriginParameters struct {
// follow:协议跟随。
OriginProtocol *string `json:"OriginProtocol,omitnil,omitempty" name:"OriginProtocol"`
- // HTTP 回源端口,取值范围 1~65535。该参数仅当回源协议 OriginProtocol 为 http 或者 follow 时生效。
+ // HTTP 回源端口,取值范围 1~65535。当回源协议 OriginProtocol 为 http 或者 follow 时该参数必填。
HTTPOriginPort *int64 `json:"HTTPOriginPort,omitnil,omitempty" name:"HTTPOriginPort"`
- // HTTPS 回源端口,取值范围 1~65535。该参数仅当回源协议 OriginProtocol 为 https 或者 follow 时生效。
+ // HTTPS 回源端口,取值范围 1~65535。当回源协议 OriginProtocol 为 https 或者 follow 时该参数必填。
HTTPSOriginPort *int64 `json:"HTTPSOriginPort,omitnil,omitempty" name:"HTTPSOriginPort"`
- // 指定是否允许访问私有对象存储源站,该参数仅当源站类型 OriginType = COS 或 AWSS3 时会生效,取值有:
+ // 指定是否允许访问私有对象存储源站,当源站类型 OriginType = COS 或 AWSS3 时该参数必填,取值有:
// on:使用私有鉴权;
- // off:不使用私有鉴权。不填写时,默认值为off。
+ // off:不使用私有鉴权。
PrivateAccess *string `json:"PrivateAccess,omitnil,omitempty" name:"PrivateAccess"`
// 私有鉴权使用参数,该参数仅当 OriginType = AWSS3 且 PrivateAccess = on 时会生效。
@@ -14438,10 +14642,7 @@ type ModifySecurityIPGroupRequestParams struct {
// IP 组配置。
IPGroup *IPGroup `json:"IPGroup,omitnil,omitempty" name:"IPGroup"`
- // 操作类型,取值有:
- // append: 向 IPGroup 中追加 Content 参数中内容;
- // remove: 从 IPGroup 中删除 Content 参数中内容;
- // update: 全量替换 IPGroup 内容,并可修改 IPGroup 名称。
+ // 操作类型,取值有: append: 向 IPGroup 中添加新的 IP 地址或设置定时过期时间; remove: 从 IPGroup 中删除指定的 IP 地址或其定时过期时间; update: 完全替换 IPGroup 中 Content 或 ExpireInfo 的内容,并且可以修改 IPGroup 的名称。 使用 append 操作时注意: 为 IP 或网段添加定时过期时间时,必须晚于当前时间。如果该 IP 或网段在组中不存在,必须同时在 Content 参数中添加该 IP 或网段。若该 IP 或网段已存在过期时间,则新时间将覆盖原有时间。 使用 remove 操作时注意: 删除 IP 或网段时,相关的未过期的定时过期时间也会被删除; 删除定时过期时间时,仅能删除当前未过期的时间。 使用 update 操作时注意: 替换 Content 内容时,不在 Content 中的 IP 或网段的未过期时间会被删除; 替换 IPExpireInfo 内容时,IPExpireInfo 中的 IP 或网段必须在 Content 中或在 IP 组中存在。
Mode *string `json:"Mode,omitnil,omitempty" name:"Mode"`
}
@@ -14454,10 +14655,7 @@ type ModifySecurityIPGroupRequest struct {
// IP 组配置。
IPGroup *IPGroup `json:"IPGroup,omitnil,omitempty" name:"IPGroup"`
- // 操作类型,取值有:
- // append: 向 IPGroup 中追加 Content 参数中内容;
- // remove: 从 IPGroup 中删除 Content 参数中内容;
- // update: 全量替换 IPGroup 内容,并可修改 IPGroup 名称。
+ // 操作类型,取值有: append: 向 IPGroup 中添加新的 IP 地址或设置定时过期时间; remove: 从 IPGroup 中删除指定的 IP 地址或其定时过期时间; update: 完全替换 IPGroup 中 Content 或 ExpireInfo 的内容,并且可以修改 IPGroup 的名称。 使用 append 操作时注意: 为 IP 或网段添加定时过期时间时,必须晚于当前时间。如果该 IP 或网段在组中不存在,必须同时在 Content 参数中添加该 IP 或网段。若该 IP 或网段已存在过期时间,则新时间将覆盖原有时间。 使用 remove 操作时注意: 删除 IP 或网段时,相关的未过期的定时过期时间也会被删除; 删除定时过期时间时,仅能删除当前未过期的时间。 使用 update 操作时注意: 替换 Content 内容时,不在 Content 中的 IP 或网段的未过期时间会被删除; 替换 IPExpireInfo 内容时,IPExpireInfo 中的 IP 或网段必须在 Content 中或在 IP 组中存在。
Mode *string `json:"Mode,omitnil,omitempty" name:"Mode"`
}
@@ -14509,10 +14707,10 @@ type ModifySecurityPolicyRequestParams struct {
// 站点 ID。
ZoneId *string `json:"ZoneId,omitnil,omitempty" name:"ZoneId"`
- // 安全策略配置。当 SecurityPolicy 参数中的 CustomRule 被设置时,SecurityConfig 参数中的 AclConfg、 IpTableConfg 将被忽略;当 SecurityPolicy 参数中的 ManagedRule 被设置时,SecurityConfig 参数中的 WafConfig 将被忽略。对于自定义规则以及托管规则策略配置建议使用 SecurityPolicy 参数进行设置。
+ // 安全策略配置。当 SecurityPolicy 参数中的 ExceptionRules 被设置时,SecurityConfig 参数中的 ExceptConfig 将被忽略;当 SecurityPolicy 参数中的 CustomRules 被设置时,SecurityConfig 参数中的 AclConfig、 IpTableConfig 将被忽略;当 SecurityPolicy 参数中的 HttpDDoSProtection 和 RateLimitingRules 被设置时,SecurityConfig 参数中的 RateLimitConfig 将被忽略;当 SecurityPolicy 参数中的 ManagedRule 被设置时,SecurityConfig 参数中的 WafConfig 将被忽略;对于例外规则、自定义规则、速率限制以及托管规则策略配置建议使用 SecurityPolicy 参数进行设置。
SecurityConfig *SecurityConfig `json:"SecurityConfig,omitnil,omitempty" name:"SecurityConfig"`
- // 安全策略配置。对 Web 防护自定义策略和托管规则配置建议使用,支持表达式语法对安全策略进行配置。
+ // 安全策略配置。对 Web 例外规则、防护自定义策略、速率规则和托管规则配置建议使用,支持表达式语法对安全策略进行配置。
SecurityPolicy *SecurityPolicy `json:"SecurityPolicy,omitnil,omitempty" name:"SecurityPolicy"`
// 安全策略类型,可使用以下参数值: ZoneDefaultPolicy:用于指定站点级策略;Template:用于指定策略模板,需要同时指定 TemplateId 参数;Host:用于指定域名级策略(注意:当使用域名来指定域名服务策略时,仅支持已经应用了域名级策略的域名服务或者策略模板)。
@@ -14531,10 +14729,10 @@ type ModifySecurityPolicyRequest struct {
// 站点 ID。
ZoneId *string `json:"ZoneId,omitnil,omitempty" name:"ZoneId"`
- // 安全策略配置。当 SecurityPolicy 参数中的 CustomRule 被设置时,SecurityConfig 参数中的 AclConfg、 IpTableConfg 将被忽略;当 SecurityPolicy 参数中的 ManagedRule 被设置时,SecurityConfig 参数中的 WafConfig 将被忽略。对于自定义规则以及托管规则策略配置建议使用 SecurityPolicy 参数进行设置。
+ // 安全策略配置。当 SecurityPolicy 参数中的 ExceptionRules 被设置时,SecurityConfig 参数中的 ExceptConfig 将被忽略;当 SecurityPolicy 参数中的 CustomRules 被设置时,SecurityConfig 参数中的 AclConfig、 IpTableConfig 将被忽略;当 SecurityPolicy 参数中的 HttpDDoSProtection 和 RateLimitingRules 被设置时,SecurityConfig 参数中的 RateLimitConfig 将被忽略;当 SecurityPolicy 参数中的 ManagedRule 被设置时,SecurityConfig 参数中的 WafConfig 将被忽略;对于例外规则、自定义规则、速率限制以及托管规则策略配置建议使用 SecurityPolicy 参数进行设置。
SecurityConfig *SecurityConfig `json:"SecurityConfig,omitnil,omitempty" name:"SecurityConfig"`
- // 安全策略配置。对 Web 防护自定义策略和托管规则配置建议使用,支持表达式语法对安全策略进行配置。
+ // 安全策略配置。对 Web 例外规则、防护自定义策略、速率规则和托管规则配置建议使用,支持表达式语法对安全策略进行配置。
SecurityPolicy *SecurityPolicy `json:"SecurityPolicy,omitnil,omitempty" name:"SecurityPolicy"`
// 安全策略类型,可使用以下参数值: ZoneDefaultPolicy:用于指定站点级策略;Template:用于指定策略模板,需要同时指定 TemplateId 参数;Host:用于指定域名级策略(注意:当使用域名来指定域名服务策略时,仅支持已经应用了域名级策略的域名服务或者策略模板)。
@@ -15052,24 +15250,20 @@ type OfflineCacheParameters struct {
type Origin struct {
// 主源站列表。
- // 注意:此字段可能返回 null,表示取不到有效值。
Origins []*string `json:"Origins,omitnil,omitempty" name:"Origins"`
// 备源站列表。
- // 注意:此字段可能返回 null,表示取不到有效值。
BackupOrigins []*string `json:"BackupOrigins,omitnil,omitempty" name:"BackupOrigins"`
// 回源协议配置,取值有:
// http:强制 http 回源;
// follow:协议跟随回源;
// https:强制 https 回源。
- // 注意:此字段可能返回 null,表示取不到有效值。
OriginPullProtocol *string `json:"OriginPullProtocol,omitnil,omitempty" name:"OriginPullProtocol"`
// 源站为腾讯云 COS 时,是否为私有访问 bucket,取值有:
// on:私有访问;
// off:公共访问。
- // 注意:此字段可能返回 null,表示取不到有效值。
CosPrivateAccess *string `json:"CosPrivateAccess,omitnil,omitempty" name:"CosPrivateAccess"`
}
@@ -15111,6 +15305,9 @@ type OriginDetail struct {
// 注意:此字段可能返回 null,表示取不到有效值。
PrivateParameters []*PrivateParameter `json:"PrivateParameters,omitnil,omitempty" name:"PrivateParameters"`
+ // 当前配置的回源 HOST 头。
+ HostHeader *string `json:"HostHeader,omitnil,omitempty" name:"HostHeader"`
+
// MO 子应用 ID
//
// Deprecated: VodeoSubAppId is deprecated.
@@ -15159,7 +15356,6 @@ type OriginGroup struct {
UpdateTime *string `json:"UpdateTime,omitnil,omitempty" name:"UpdateTime"`
// 回源Host Header。
- // 注意:此字段可能返回 null,表示取不到有效值。
HostHeader *string `json:"HostHeader,omitnil,omitempty" name:"HostHeader"`
}
@@ -15263,6 +15459,12 @@ type OriginInfo struct {
// 私有鉴权使用参数,该参数仅当源站类型 PrivateAccess = on 时会生效。
PrivateParameters []*PrivateParameter `json:"PrivateParameters,omitnil,omitempty" name:"PrivateParameters"`
+ // 自定义回源 HOST 头,该参数仅当 OriginType=IP_DOMAIN 时生效。
+ // 如果 OriginType=COS 或 AWS_S3 时,回源 HOST 头将与源站域名保持一致。
+ // 如果OriginType=ORIGIN_GROUP 或 LB 时,回源 HOST 头遵循源站组内配置,如果没有配置则默认为加速域名。
+ // 如果 OriginType=VOD 或 SPACE 时,无需配置该头部,按对应的回源域名生效。
+ HostHeader *string `json:"HostHeader,omitnil,omitempty" name:"HostHeader"`
+
// VODEO 子应用 ID。该参数当 OriginType = VODEO 时必填。
//
// Deprecated: VodeoSubAppId is deprecated.
@@ -15387,10 +15589,87 @@ type PartialModule struct {
Module *string `json:"Module,omitnil,omitempty" name:"Module"`
// 模块下的需要例外的具体规则ID列表。
- // 注意:此字段可能返回 null,表示取不到有效值。
Include []*int64 `json:"Include,omitnil,omitempty" name:"Include"`
}
+type Plan struct {
+ // 套餐类型。取值有:
+ // plan-trial: 试用版套餐;
+ // plan-personal: 个人版套餐;
+ // plan-basic: 基础版套餐;
+ // plan-standard: 标准版套餐;
+ // plan-enterprise-v2: 企业版套餐;
+ // plan-enterprise-model-a: 企业版 Model A 套餐。
+ // plan-enterprise: 旧企业版套餐。
+ PlanType *string `json:"PlanType,omitnil,omitempty" name:"PlanType"`
+
+ // 套餐 ID。形如 edgeone-2y041pblwaxe。
+ PlanId *string `json:"PlanId,omitnil,omitempty" name:"PlanId"`
+
+ // 服务区域,取值有:
+ // mainland: 中国大陆;
+ // overseas: 全球(不包括中国大陆);
+ // global: 全球(包括中国大陆)。
+ Area *string `json:"Area,omitnil,omitempty" name:"Area"`
+
+ // 套餐状态,取值有:
+ // normal:正常状态;
+ // expiring-soon:即将到期状态;
+ // expired:到期状态;
+ // isolated:隔离状态;
+ // overdue-isolated:欠费隔离状态。
+ Status *string `json:"Status,omitnil,omitempty" name:"Status"`
+
+ // 付费类型,取值有:
+ // 0: 后付费;
+ // 1: 预付费。
+ PayMode *int64 `json:"PayMode,omitnil,omitempty" name:"PayMode"`
+
+ // 套餐绑定的站点信息,包括站点id和站点名称,站点状态。
+ ZonesInfo []*ZoneInfo `json:"ZonesInfo,omitnil,omitempty" name:"ZonesInfo"`
+
+ // 套餐内智能加速请求数规格,单位:次。
+ SmartRequestCapacity *int64 `json:"SmartRequestCapacity,omitnil,omitempty" name:"SmartRequestCapacity"`
+
+ // 套餐内VAU规格,单位:个。
+ VAUCapacity *int64 `json:"VAUCapacity,omitnil,omitempty" name:"VAUCapacity"`
+
+ // 套餐内内容加速流量规格,单位:字节。
+ AccTrafficCapacity *int64 `json:"AccTrafficCapacity,omitnil,omitempty" name:"AccTrafficCapacity"`
+
+ // 套餐内智能加速流量规格,单位:字节。
+ SmartTrafficCapacity *int64 `json:"SmartTrafficCapacity,omitnil,omitempty" name:"SmartTrafficCapacity"`
+
+ // 套餐内DDoS防护流量规格,单位:字节。
+ DDoSTrafficCapacity *int64 `json:"DDoSTrafficCapacity,omitnil,omitempty" name:"DDoSTrafficCapacity"`
+
+ // 套餐内安全流量规格,单位:字节。
+ SecTrafficCapacity *int64 `json:"SecTrafficCapacity,omitnil,omitempty" name:"SecTrafficCapacity"`
+
+ // 套餐内安全请求数规格,单位:次。
+ SecRequestCapacity *int64 `json:"SecRequestCapacity,omitnil,omitempty" name:"SecRequestCapacity"`
+
+ // 套餐内四层加速流量规格,单位:字节。
+ L4TrafficCapacity *int64 `json:"L4TrafficCapacity,omitnil,omitempty" name:"L4TrafficCapacity"`
+
+ // 套餐内中国大陆网络优化流量规格,单位:字节。
+ CrossMLCTrafficCapacity *int64 `json:"CrossMLCTrafficCapacity,omitnil,omitempty" name:"CrossMLCTrafficCapacity"`
+
+ // 套餐是否允许绑定新站点,取值有:
+ // true: 允许绑定新站点;
+ // false: 不允许绑定新站点。
+ Bindable *string `json:"Bindable,omitnil,omitempty" name:"Bindable"`
+
+ // 套餐生效时间。
+ EnabledTime *string `json:"EnabledTime,omitnil,omitempty" name:"EnabledTime"`
+
+ // 套餐过期时间。
+ ExpiredTime *string `json:"ExpiredTime,omitnil,omitempty" name:"ExpiredTime"`
+
+ // 套餐所支持的功能,取值有:ContentAcceleration:内容加速功能;SmartAcceleration:智能加速功能;L4:四层加速功能;Waf:高级 Web 防护;QUIC:QUIC功能;CrossMLC:中国大陆网络优化功能;ProcessMedia:媒体处理功能;L4DDoS:四层DDoS防护功能;L7DDoS功能只会出现以下所有规格中的一项L7DDoS.CM30G;七层DDoS防护功能-中国大陆30G保底带宽规格;L7DDoS.CM60G;七层DDoS防护功能-中国大陆60G保底带宽规格;L7DDoS.CM100G;七层DDoS防护功能-中国大陆100G保底带宽规格;L7DDoS.Anycast300G;七层DDoS防护功能-中国大陆以外Anycast300G保底带宽规格;L7DDoS.AnycastUnlimited;七层DDoS防护功能-中国大陆以外Anycast无上限全力防护规格;L7DDoS.CM30G_Anycast300G;七层DDoS防护功能-中国大陆30G保底带宽规格,中国大陆以外Anycast300G保底带宽规格;L7DDoS.CM60G_Anycast300G;七层DDoS防护功能-中国大陆60G保底带宽规格,中国大陆以外Anycast300G保底带宽规格;L7DDoS.CM100G_Anycast300G;七层DDoS防护功能-中国大陆100G保底带宽规格,中国大陆以外Anycast300G保底带宽规格;L7DDoS.CM30G_AnycastUnlimited;七层DDoS防护功能-中国大陆30G保底带宽规格,中国大陆以外Anycast无上限全力防护规格;L7DDoS.CM60G_AnycastUnlimited;七层DDoS防护功能-中国大陆60G保底带宽规格,中国大陆以外Anycast无上限全力防护规格;L7DDoS.CM100G_AnycastUnlimited;七层DDoS防护功能-中国大陆100G保底带宽规格,中国大陆以外Anycast无上限全力防护规格;
+ Features []*string `json:"Features,omitnil,omitempty" name:"Features"`
+}
+
type PlanInfo struct {
// 结算货币类型,取值有:
// CNY :人民币结算;
@@ -15446,7 +15725,6 @@ type PostMaxSize struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 最大限制,取值在1MB和500MB之间。单位字节。
- // 注意:此字段可能返回 null,表示取不到有效值。
MaxSize *int64 `json:"MaxSize,omitnil,omitempty" name:"MaxSize"`
}
@@ -15518,11 +15796,9 @@ type QueryString struct {
// CacheKey使用QueryString的方式,取值有:
// includeCustom:使用部分url参数;
// excludeCustom:排除部分url参数。
- // 注意:此字段可能返回 null,表示取不到有效值。
Action *string `json:"Action,omitnil,omitempty" name:"Action"`
// 使用/排除的url参数数组。
- // 注意:此字段可能返回 null,表示取不到有效值。
Value []*string `json:"Value,omitnil,omitempty" name:"Value"`
}
@@ -15569,15 +15845,12 @@ type RateLimitConfig struct {
RateLimitUserRules []*RateLimitUserRule `json:"RateLimitUserRules,omitnil,omitempty" name:"RateLimitUserRules"`
// 速率限制模板功能。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
RateLimitTemplate *RateLimitTemplate `json:"RateLimitTemplate,omitnil,omitempty" name:"RateLimitTemplate"`
// 智能客户端过滤。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
RateLimitIntelligence *RateLimitIntelligence `json:"RateLimitIntelligence,omitnil,omitempty" name:"RateLimitIntelligence"`
// 速率限制-托管定制规则。如果为null,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
RateLimitCustomizes []*RateLimitUserRule `json:"RateLimitCustomizes,omitnil,omitempty" name:"RateLimitCustomizes"`
}
@@ -15623,7 +15896,6 @@ type RateLimitTemplateDetail struct {
// normal:适中;
// strict:严格;
// close:关闭,仅精准速率限制生效。
- // 注意:此字段可能返回 null,表示取不到有效值。
Mode *string `json:"Mode,omitnil,omitempty" name:"Mode"`
// 唯一id。
@@ -15632,11 +15904,9 @@ type RateLimitTemplateDetail struct {
// 模板处置方式,取值有:
// alg:JavaScript挑战;
// monitor:观察。
- // 注意:此字段可能返回 null,表示取不到有效值。
Action *string `json:"Action,omitnil,omitempty" name:"Action"`
// 惩罚时间,取值范围0-2天,单位秒。
- // 注意:此字段可能返回 null,表示取不到有效值。
PunishTime *int64 `json:"PunishTime,omitnil,omitempty" name:"PunishTime"`
// 统计阈值,单位是次,取值范围0-4294967294。
@@ -15709,6 +15979,43 @@ type RateLimitUserRule struct {
RedirectUrl *string `json:"RedirectUrl,omitnil,omitempty" name:"RedirectUrl"`
}
+type RateLimitingRule struct {
+ // 精准速率限制的 ID。
通过规则 ID 可支持不同的规则配置操作:
增加新规则:ID 为空或不指定 ID 参数;修改已有规则:指定需要更新/修改的规则 ID;删除已有规则:RateLimitingRules 参数中,Rules 列表中未包含的已有规则将被删除。
+ Id *string `json:"Id,omitnil,omitempty" name:"Id"`
+
+ // 精准速率限制的名称。
+ Name *string `json:"Name,omitnil,omitempty" name:"Name"`
+
+ // 精准速率限制的具体内容,需符合表达式语法,详细规范参见产品文档。
+ Condition *string `json:"Condition,omitnil,omitempty" name:"Condition"`
+
+ // 速率阈值请求特征的匹配方式, 当 Enabled 为 on 时,此字段必填。
当条件有多个时,将组合多个条件共同进行统计计算,条件最多不可超过5条。取值有:
http.request.ip:客户端 IP;http.request.xff_header_ip:客户端 IP(优先匹配 XFF 头部);http.request.uri.path:请求的访问路径;http.request.cookies['session']:名称为session的Cookie,其中session可替换为自己指定的参数;http.request.headers['user-agent']:名称为user-agent的HTTP头部,其中user-agent可替换为自己指定的参数;http.request.ja3:请求的JA3指纹;http.request.uri.query['test']:名称为test的URL查询参数,其中test可替换为自己指定的参数。
+ CountBy []*string `json:"CountBy,omitnil,omitempty" name:"CountBy"`
+
+ // 精准速率限制在时间范围内的累计拦截次数,取值范围 1 ~ 100000。
+ MaxRequestThreshold *int64 `json:"MaxRequestThreshold,omitnil,omitempty" name:"MaxRequestThreshold"`
+
+ // 统计的时间窗口,取值有:1s:1秒;5s:5秒;10s:10秒;20s:20秒;30s:30秒;40s:40秒;50s:50秒;1m:1分钟;2m:2分钟;5m:5分钟;10m:10分钟;1h:1小时。
+ CountingPeriod *string `json:"CountingPeriod,omitnil,omitempty" name:"CountingPeriod"`
+
+ // Action 动作的持续时长,单位仅支持:s:秒,取值 1 ~ 120;m:分钟,取值 1 ~ 120;h:小时,取值 1 ~ 48;d:天,取值 1 ~ 30。
+ ActionDuration *string `json:"ActionDuration,omitnil,omitempty" name:"ActionDuration"`
+
+ // 精准速率限制的处置方式。取值有:Monitor:观察;Deny:拦截,其中DenyActionParameters.Name支持Deny和ReturnCustomPage;Challenge:挑战,其中ChallengeActionParameters.Name支持JSChallenge和ManagedChallenge;Redirect:重定向至URL;
+ Action *SecurityAction `json:"Action,omitnil,omitempty" name:"Action"`
+
+ // 精准速率限制的优先级,范围是 0 ~ 100,默认为 0。
+ Priority *int64 `json:"Priority,omitnil,omitempty" name:"Priority"`
+
+ // 精准速率限制规则是否开启。取值有:on:开启;off:关闭。
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+}
+
+type RateLimitingRules struct {
+ // 精准速率限制的定义列表。使用 ModifySecurityPolicy 修改 Web 防护配置时:
若未指定 Rules 参数,或 Rules 参数长度为零:清空所有精准速率限制配置。 若 SecurityPolicy 参数中,未指定 RateLimitingRules 参数值:保持已有自定义规则配置,不做修改。
+ Rules []*RateLimitingRule `json:"Rules,omitnil,omitempty" name:"Rules"`
+}
+
type RealtimeLogDeliveryTask struct {
// 实时日志投递任务 ID。
TaskId *string `json:"TaskId,omitnil,omitempty" name:"TaskId"`
@@ -15851,6 +16158,39 @@ func (r *RenewPlanResponse) FromJsonString(s string) error {
return json.Unmarshal([]byte(s), &r)
}
+type RequestBodyTransferTimeout struct {
+ // 正文传输超时时长,取值 5 ~ 120,单位仅支持秒(s)。
+ IdleTimeout *string `json:"IdleTimeout,omitnil,omitempty" name:"IdleTimeout"`
+
+ // 正文传输超时时长是否开启。取值有:on:开启;off:关闭。
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+}
+
+type RequestFieldsForException struct {
+ // 跳过的具体字段。取值支持:
+ // body.json:JSON 请求内容;此时 Condition 支持 key、value, TargetField 支持 key、value,例如 { "Scope": "body.json", "Condition": "", "TargetField": "key" },表示 JSON 请求内容所有参数跳过 WAF 扫描;
+ // cookie:Cookie;此时 Condition 支持 key、value, TargetField 支持 key、value,例如 { "Scope": "cookie", "Condition": "${key} in ['account-id'] and ${value} like ['prefix-*']", "TargetField": "value" },表示 Cookie 参数名称等于account-id 并且参数值通配符匹配 prefix-* 跳过 WAF 扫描;
+ // header:HTTP 头部参数;此时 Condition 支持 key、value, TargetField 支持 key、value,例如 { "Scope": "header", "Condition": "${key} like ['x-auth-*']", "TargetField": "value" },表示 header 参数名称通配符匹配 x-auth-* 跳过 WAF 扫描;
+ // uri.query:URL 编码内容/查询参数;此时 Condition 支持 key、value, TargetField 支持 key、value,例如 { "Scope": "uri.query", "Condition": "${key} in ['action'] and ${value} in ['upload', 'delete']", "TargetField": "value" },表示 URL 编码内容/查询参数的参数名称等于 action 并且参数值等于 upload 或 delete 跳过 WAF 扫描;
+ // uri:请求路径URI;此时 Condition 必须为空, TargetField 支持 query、path、fullpath,例如 { "Scope": "uri", "Condition": "", "TargetField": "query" },表示请求路径 URI 仅查询参数跳过 WAF 扫描;
+ // body:请求正文内容。此时 Condition 必须为空, TargetField 支持 fullbody、multipart,例如 { "Scope": "body", "Condition": "", "TargetField": "fullbody" },表示请求正文内容为完整请求正文跳过 WAF 扫描;
+ Scope *string `json:"Scope,omitnil,omitempty" name:"Scope"`
+
+ // 跳过的具体字段的表达式,需要符合表达式语法。
+ // Condition 支持表达式配置语法: 按规则的匹配条件表达式语法编写,支持引用 key、value。 支持 in、like 操作符,以及 and 逻辑组合。
+ // 例如:${key} in ['x-trace-id']:参数名称等于x-trace-id。${key} in ['x-trace-id'] and ${value} like ['Bearer *']:参数名称等于x-trace-id并且参数值通配符匹配Bearer *。
+ Condition *string `json:"Condition,omitnil,omitempty" name:"Condition"`
+
+ // Scope 参数使用不同取值时,TargetField 表达式中支持的值如下:
+ // body.json:支持 key、value
+ // cookie:支持 key、value
+ // header:支持 key、value
+ // uri.query:支持 key、value
+ // uri:支持 path、query、fullpath
+ // body:支持 fullbody、multipart
+ TargetField *string `json:"TargetField,omitnil,omitempty" name:"TargetField"`
+}
+
type Resource struct {
// 资源 ID。
Id *string `json:"Id,omitnil,omitempty" name:"Id"`
@@ -16093,9 +16433,9 @@ type RuleEngineAction struct {
// ErrorPage:自定义错误页面;
// ModifyResponseHeader:修改 HTTP 节点响应头;
// ModifyRequestHeader:修改 HTTP 节点请求头;
- // ResponseSpeedLimit:单连接下载限速。
- // SetContentIdentifierParameters:设置内容标识符。
- // 注意:此字段可能返回 null,表示取不到有效值。
+ // ResponseSpeedLimit:单连接下载限速;
+ // SetContentIdentifier:设置内容标识符;
+ // Vary:Vary 特性配置。
Name *string `json:"Name,omitnil,omitempty" name:"Name"`
// 节点缓存 TTL 配置参数,当 Name 取值为 Cache 时,该参数必填。
@@ -16230,10 +16570,13 @@ type RuleEngineAction struct {
// 注意:此字段可能返回 null,表示取不到有效值。
ResponseSpeedLimitParameters *ResponseSpeedLimitParameters `json:"ResponseSpeedLimitParameters,omitnil,omitempty" name:"ResponseSpeedLimitParameters"`
- // 内容标识配置参数,当 Name 取值为 HttpResponse 时,该参数必填。
+ // 内容标识配置参数,当 Name 取值为 SetContentIdentifier 时,该参数必填。
//
// 注意:此字段可能返回 null,表示取不到有效值。
SetContentIdentifierParameters *SetContentIdentifierParameters `json:"SetContentIdentifierParameters,omitnil,omitempty" name:"SetContentIdentifierParameters"`
+
+ // Vary 特性配置参数,当 Name 取值为 Vary 时,该参数必填。
+ VaryParameters *VaryParameters `json:"VaryParameters,omitnil,omitempty" name:"VaryParameters"`
}
type RuleEngineItem struct {
@@ -16446,62 +16789,66 @@ type SecEntryValue struct {
type SecurityAction struct {
// 安全执行的具体动作。取值有:
- // Deny:拦截;Monitor:观察;ReturnCustomPage:使用指定页面拦截;Redirect:重定向至 URL;BlockIP:IP 封禁;JSChallenge:JavaScript 挑战;ManagedChallenge:托管挑战;Disabled:未启用;Allow:放行。
+ // Deny:拦截,阻止请求访问站点资源;
+ // Monitor:观察,仅记录日志;
+ // Redirect:重定向至 URL;
+ // Disabled:未启用,不启用指定规则;
+ // Allow:允许访问,但延迟处理请求;
+ // Challenge:挑战,响应挑战内容;
+ // BlockIP:待废弃,IP 封禁;
+ // ReturnCustomPage:待废弃,使用指定页面拦截;
+ // JSChallenge:待废弃,JavaScript 挑战;
+ // ManagedChallenge:待废弃,托管挑战。
Name *string `json:"Name,omitnil,omitempty" name:"Name"`
- // 当 Name 为 BlockIP 时的附加参数。
- BlockIPActionParameters *BlockIPActionParameters `json:"BlockIPActionParameters,omitnil,omitempty" name:"BlockIPActionParameters"`
-
- // 当 Name 为 ReturnCustomPage 时的附加参数。
- ReturnCustomPageActionParameters *ReturnCustomPageActionParameters `json:"ReturnCustomPageActionParameters,omitnil,omitempty" name:"ReturnCustomPageActionParameters"`
+ // 当 Name 为 Deny 时的附加参数。
+ DenyActionParameters *DenyActionParameters `json:"DenyActionParameters,omitnil,omitempty" name:"DenyActionParameters"`
// 当 Name 为 Redirect 时的附加参数。
RedirectActionParameters *RedirectActionParameters `json:"RedirectActionParameters,omitnil,omitempty" name:"RedirectActionParameters"`
+
+ // 当 Name 为 Challenge 时的附加参数。
+ ChallengeActionParameters *ChallengeActionParameters `json:"ChallengeActionParameters,omitnil,omitempty" name:"ChallengeActionParameters"`
+
+ // 待废弃,当 Name 为 BlockIP 时的附加参数。
+ BlockIPActionParameters *BlockIPActionParameters `json:"BlockIPActionParameters,omitnil,omitempty" name:"BlockIPActionParameters"`
+
+ // 待废弃,当 Name 为 ReturnCustomPage 时的附加参数。
+ ReturnCustomPageActionParameters *ReturnCustomPageActionParameters `json:"ReturnCustomPageActionParameters,omitnil,omitempty" name:"ReturnCustomPageActionParameters"`
}
type SecurityConfig struct {
// 托管规则。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
WafConfig *WafConfig `json:"WafConfig,omitnil,omitempty" name:"WafConfig"`
// 速率限制。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
RateLimitConfig *RateLimitConfig `json:"RateLimitConfig,omitnil,omitempty" name:"RateLimitConfig"`
// 自定义规则。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
AclConfig *AclConfig `json:"AclConfig,omitnil,omitempty" name:"AclConfig"`
// Bot配置。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
BotConfig *BotConfig `json:"BotConfig,omitnil,omitempty" name:"BotConfig"`
// 七层防护总开关。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
SwitchConfig *SwitchConfig `json:"SwitchConfig,omitnil,omitempty" name:"SwitchConfig"`
// 基础访问管控。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
IpTableConfig *IpTableConfig `json:"IpTableConfig,omitnil,omitempty" name:"IpTableConfig"`
// 例外规则配置。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
ExceptConfig *ExceptConfig `json:"ExceptConfig,omitnil,omitempty" name:"ExceptConfig"`
// 自定义拦截页面配置。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
DropPageConfig *DropPageConfig `json:"DropPageConfig,omitnil,omitempty" name:"DropPageConfig"`
// 模板配置。此处仅出参数使用。
- // 注意:此字段可能返回 null,表示取不到有效值。
TemplateConfig *TemplateConfig `json:"TemplateConfig,omitnil,omitempty" name:"TemplateConfig"`
// 慢速攻击配置。如果入参为空或不填,默认使用历史配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
SlowPostConfig *SlowPostConfig `json:"SlowPostConfig,omitnil,omitempty" name:"SlowPostConfig"`
// 检测长度限制配置。仅出参使用。
- // 注意:此字段可能返回 null,表示取不到有效值。
DetectLengthLimitConfig *DetectLengthLimitConfig `json:"DetectLengthLimitConfig,omitnil,omitempty" name:"DetectLengthLimitConfig"`
}
@@ -16511,6 +16858,15 @@ type SecurityPolicy struct {
// 托管规则配置。
ManagedRules *ManagedRules `json:"ManagedRules,omitnil,omitempty" name:"ManagedRules"`
+
+ // HTTP DDOS防护配置。
+ HttpDDoSProtection *HttpDDoSProtection `json:"HttpDDoSProtection,omitnil,omitempty" name:"HttpDDoSProtection"`
+
+ // 速率限制规则配置。
+ RateLimitingRules *RateLimitingRules `json:"RateLimitingRules,omitnil,omitempty" name:"RateLimitingRules"`
+
+ // 例外规则配置。
+ ExceptionRules *ExceptionRules `json:"ExceptionRules,omitnil,omitempty" name:"ExceptionRules"`
}
type SecurityTemplateBinding struct {
@@ -16530,35 +16886,27 @@ type SecurityType struct {
type ServerCertInfo struct {
// 服务器证书 ID。来源于 SSL 侧,您可以前往 [SSL 证书列表](https://console.cloud.tencent.com/ssl) 查看 CertId。
- //
- // 注意:此字段可能返回 null,表示取不到有效值。
CertId *string `json:"CertId,omitnil,omitempty" name:"CertId"`
// 证书备注名。
- // 注意:此字段可能返回 null,表示取不到有效值。
Alias *string `json:"Alias,omitnil,omitempty" name:"Alias"`
// 证书类型,取值有:
// default:默认证书;
// upload:用户上传;
// managed:腾讯云托管。
- // 注意:此字段可能返回 null,表示取不到有效值。
Type *string `json:"Type,omitnil,omitempty" name:"Type"`
// 证书过期时间。
- // 注意:此字段可能返回 null,表示取不到有效值。
ExpireTime *string `json:"ExpireTime,omitnil,omitempty" name:"ExpireTime"`
// 证书部署时间。
- // 注意:此字段可能返回 null,表示取不到有效值。
DeployTime *string `json:"DeployTime,omitnil,omitempty" name:"DeployTime"`
// 签名算法。
- // 注意:此字段可能返回 null,表示取不到有效值。
SignAlgo *string `json:"SignAlgo,omitnil,omitempty" name:"SignAlgo"`
// 证书归属域名名称。
- // 注意:此字段可能返回 null,表示取不到有效值。
CommonName *string `json:"CommonName,omitnil,omitempty" name:"CommonName"`
}
@@ -16593,7 +16941,6 @@ type SkipCondition struct {
MatchFromType *string `json:"MatchFromType,omitnil,omitempty" name:"MatchFromType"`
// 匹配Key的值。
- // 注意:此字段可能返回 null,表示取不到有效值。
MatchFrom []*string `json:"MatchFrom,omitnil,omitempty" name:"MatchFrom"`
// 匹配Content所使用的匹配方式,取值为:
@@ -16602,10 +16949,23 @@ type SkipCondition struct {
MatchContentType *string `json:"MatchContentType,omitnil,omitempty" name:"MatchContentType"`
// 匹配Value的值。
- // 注意:此字段可能返回 null,表示取不到有效值。
MatchContent []*string `json:"MatchContent,omitnil,omitempty" name:"MatchContent"`
}
+type SlowAttackDefense struct {
+ // 慢速攻击防护是否开启。取值有:on:开启;off:关闭。
+ Enabled *string `json:"Enabled,omitnil,omitempty" name:"Enabled"`
+
+ // 慢速攻击防护的处置方式,当 Enabled 为 on 时,此字段必填。SecurityAction 的 Name 取值支持:Monitor:观察;Deny:拦截;
+ Action *SecurityAction `json:"Action,omitnil,omitempty" name:"Action"`
+
+ // 正文传输最小速率阈值的具体配置,当 Enabled 为 on 时,此字段必填。
+ MinimalRequestBodyTransferRate *MinimalRequestBodyTransferRate `json:"MinimalRequestBodyTransferRate,omitnil,omitempty" name:"MinimalRequestBodyTransferRate"`
+
+ // 正文传输超时时长的具体配置,当 Enabled 为 on 时,此字段必填。
+ RequestBodyTransferTimeout *RequestBodyTransferTimeout `json:"RequestBodyTransferTimeout,omitnil,omitempty" name:"RequestBodyTransferTimeout"`
+}
+
type SlowPostConfig struct {
// 开关,取值有:
// on:开启;
@@ -16613,21 +16973,17 @@ type SlowPostConfig struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 首包配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
FirstPartConfig *FirstPartConfig `json:"FirstPartConfig,omitnil,omitempty" name:"FirstPartConfig"`
// 基础配置。
- // 注意:此字段可能返回 null,表示取不到有效值。
SlowRateConfig *SlowRateConfig `json:"SlowRateConfig,omitnil,omitempty" name:"SlowRateConfig"`
// 慢速攻击的处置动作,取值有:
// monitor:观察;
// drop:拦截。
- // 注意:此字段可能返回 null,表示取不到有效值。
Action *string `json:"Action,omitnil,omitempty" name:"Action"`
// 本规则的Id。
- // 注意:此字段可能返回 null,表示取不到有效值。
RuleId *uint64 `json:"RuleId,omitnil,omitempty" name:"RuleId"`
}
@@ -16638,11 +16994,9 @@ type SlowRateConfig struct {
Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
// 统计的间隔,单位是秒,即在首段包传输结束后,将数据传输轴按照本参数切分,每个分片独立计算慢速攻击。
- // 注意:此字段可能返回 null,表示取不到有效值。
Interval *uint64 `json:"Interval,omitnil,omitempty" name:"Interval"`
// 统计时应用的速率阈值,单位是bps,即如果本分片中的传输速率没达到本参数的值,则判定为慢速攻击,应用慢速攻击的处置方式。
- // 注意:此字段可能返回 null,表示取不到有效值。
Threshold *uint64 `json:"Threshold,omitnil,omitempty" name:"Threshold"`
}
@@ -16780,14 +17134,14 @@ type Task struct {
// 节点缓存清除方法,取值有:
// invalidate:标记过期,用户请求时触发回源校验,即发送带有 If-None-Match 和 If-Modified-Since 头部的 HTTP 条件请求。若源站响应 200,则节点会回源拉取新的资源并更新缓存;若源站响应 304,则节点不会更新缓存;
// delete:直接删除节点缓存,用户请求时触发回源拉取资源。
- // 注意:此字段可能返回 null,表示取不到有效值。
Method *string `json:"Method,omitnil,omitempty" name:"Method"`
// 状态。取值有:
// processing:处理中;
// success:成功;
// failed:失败;
- // timeout:超时。
+ // timeout:超时;
+ // canceled:已取消。
Status *string `json:"Status,omitnil,omitempty" name:"Status"`
// 任务创建时间。
@@ -17041,17 +17395,25 @@ type UpstreamRequestQueryString struct {
}
type UpstreamURLRewriteParameters struct {
- // 回源 URL 重写类型,仅支持填写 Path。
+ // 回源 URL 重写类型。仅支持填写 Path。
Type *string `json:"Type,omitnil,omitempty" name:"Type"`
// 回源 URL 重写动作。取值有:
- // replace:替换路径前缀;
- // addPrefix:增加路径前缀;
- // rmvPrefix:移除路径前缀。
+ // replace:指替换完整路径。用于将完整的请求 URL Path 替换为指定路径。
+ //
+ // addPrefix:指增加路径前缀。用于增加指定路径前缀至请求 URL Path。
+ //
+ // rmvPrefix:指移除路径前缀。用于移除请求 URL Path 的指定路径前缀。
+ //
+ // regexReplace:指正则替换完整路径。用于通过 Google RE2 正则表达式匹配和替换完整路径。
+ //
Action *string `json:"Action,omitnil,omitempty" name:"Action"`
- // 回源 URL 重写值,最大长度 1024,必须以 / 开头。
注意:当 Action 为 addPrefix 时,不能以 / 结尾;当 Action 为 rmvPrefix 时,不能存在 *。
+ // 回源 URL 重写值。需要满足 URL Path 规范,且保证重写后的 Path 以 / 开头,以防止回源 URL 的 Host 被修改,长度范围为 1~1024。当 Action 为 addPrefix 时,不能以 / 结尾;当 Action 为 rmvPrefix 时,不能存在 *;当 Action 为 regexReplace 时,支持用 $NUM 引用正则捕获组,其中 NUM 代表组编号,如 $1,最多支持 $9。
Value *string `json:"Value,omitnil,omitempty" name:"Value"`
+
+ // 回源 URL 重写用于正则替换匹配完整路径的正则表达式。需要满足 Google RE2 规范,长度范围为 1~1024。当 Action 为 regexReplace 时,此字段必填,否则无需填写此字段。
+ Regex *string `json:"Regex,omitnil,omitempty" name:"Regex"`
}
type VanityNameServers struct {
@@ -17072,16 +17434,23 @@ type VanityNameServersIps struct {
IPv4 *string `json:"IPv4,omitnil,omitempty" name:"IPv4"`
}
+type VaryParameters struct {
+ // Vary 特性配置开关,取值有:
+ // on:开启;
+ // off:关闭。
+ Switch *string `json:"Switch,omitnil,omitempty" name:"Switch"`
+}
+
// Predefined struct for user
type VerifyOwnershipRequestParams struct {
- // 站点或者加速域名。
+ // 站点域名或者站点下的加速域名。
Domain *string `json:"Domain,omitnil,omitempty" name:"Domain"`
}
type VerifyOwnershipRequest struct {
*tchttp.BaseRequest
- // 站点或者加速域名。
+ // 站点域名或者站点下的加速域名。
Domain *string `json:"Domain,omitnil,omitempty" name:"Domain"`
}
@@ -17276,7 +17645,6 @@ type Zone struct {
ActiveStatus *string `json:"ActiveStatus,omitnil,omitempty" name:"ActiveStatus"`
// 站点别名。数字、英文、-和_组合,限制20个字符。
- // 注意:此字段可能返回 null,表示取不到有效值。
AliasZoneName *string `json:"AliasZoneName,omitnil,omitempty" name:"AliasZoneName"`
// 是否伪站点,取值有:
@@ -17391,6 +17759,18 @@ type ZoneConfigParameters struct {
ZoneConfig *ZoneConfig `json:"ZoneConfig,omitnil,omitempty" name:"ZoneConfig"`
}
+type ZoneInfo struct {
+ // 站点id。
+ ZoneId *string `json:"ZoneId,omitnil,omitempty" name:"ZoneId"`
+
+ // 站点名称。
+ ZoneName *string `json:"ZoneName,omitnil,omitempty" name:"ZoneName"`
+
+ // 站点是否停用。取值有:false:非停用;
+ // true:停用。
+ Paused *bool `json:"Paused,omitnil,omitempty" name:"Paused"`
+}
+
type ZoneSetting struct {
// 站点名称。
ZoneName *string `json:"ZoneName,omitnil,omitempty" name:"ZoneName"`
diff --git a/vendor/modules.txt b/vendor/modules.txt
index e2e55f5505..e21eb0d09a 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1166,7 +1166,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit/v20190319
# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.1148
## explicit; go 1.14
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls/v20201016
-# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1170
+# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1182
## explicit; go 1.11
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors
@@ -1327,7 +1327,7 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq/v20200217
# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.578
## explicit; go 1.14
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem/v20210701
-# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1129
+# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1182
## explicit; go 1.14
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901
# github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/thpc v1.0.998
diff --git a/website/docs/r/teo_security_policy_config.html.markdown b/website/docs/r/teo_security_policy_config.html.markdown
index e754b3b0c3..ee2d10c75b 100644
--- a/website/docs/r/teo_security_policy_config.html.markdown
+++ b/website/docs/r/teo_security_policy_config.html.markdown
@@ -25,7 +25,7 @@ resource "tencentcloud_teo_security_policy_config" "example" {
custom_rules {
precise_match_rules {
name = "rule1"
- condition = "$${http.request.host} contain ['abc']"
+ condition = "$${http.request.host} contain ['test']"
enabled = "on"
priority = 50
action {
@@ -190,6 +190,84 @@ resource "tencentcloud_teo_security_policy_config" "example" {
}
}
}
+
+ http_ddos_protection {
+ adaptive_frequency_control {
+ enabled = "on"
+ sensitivity = "Loose"
+ action {
+ name = "Challenge"
+ challenge_action_parameters {
+ challenge_option = "JSChallenge"
+ }
+ }
+ }
+
+ client_filtering {
+ enabled = "on"
+ action {
+ name = "Challenge"
+ challenge_action_parameters {
+ challenge_option = "JSChallenge"
+ }
+ }
+ }
+
+ bandwidth_abuse_defense {
+ enabled = "on"
+ action {
+ name = "Deny"
+ }
+ }
+
+ slow_attack_defense {
+ enabled = "on"
+ action {
+ name = "Deny"
+ }
+
+ minimal_request_body_transfer_rate {
+ minimal_avg_transfer_rate_threshold = "80bps"
+ counting_period = "60s"
+ enabled = "on"
+ }
+
+ request_body_transfer_timeout {
+ idle_timeout = "5s"
+ enabled = "on"
+ }
+ }
+ }
+
+ rate_limiting_rules {
+ rules {
+ name = "Single IP request rate limit"
+ condition = "$${http.request.uri.path} contain ['/checkout/submit']"
+ count_by = ["http.request.ip"]
+ max_request_threshold = 300
+ counting_period = "60s"
+ action_duration = "30m"
+ action {
+ name = "Challenge"
+ challenge_action_parameters {
+ challenge_option = "JSChallenge"
+ }
+ }
+ priority = 50
+ enabled = "on"
+ }
+ }
+
+ exception_rules {
+ rules {
+ name = "High-frequency API bypasses rate limits"
+ condition = "$${http.request.method} in ['POST'] and $${http.request.uri.path} in ['/api/EventLogUpload']"
+ skip_scope = "WebSecurityModules"
+ skip_option = "SkipOnAllRequestFields"
+ web_security_modules_for_exception = ["websec-mod-adaptive-control"]
+ enabled = "off"
+ }
+ }
}
}
```
@@ -564,6 +642,44 @@ The following arguments are supported:
* `security_policy` - (Optional, List) Security policy configuration. it is recommended to use for custom policies and managed rule configurations of Web protection. it supports configuring security policies with expression grammar.
* `template_id` - (Optional, String, ForceNew) Specify the policy Template ID. use this parameter to specify the ID of the policy Template when the Entity parameter value is Template.
+The `action` object of `adaptive_frequency_control` supports the following:
+
+* `name` - (Required, String) The specific action of security execution. The values are:
+Deny: intercept, block the request to access site resources;
+Monitor: observe, only record logs;
+Redirect: redirect to URL;
+Disabled: disabled, do not enable the specified rule;
+Allow: allow access, but delay processing requests;
+Challenge: challenge, respond to challenge content;
+BlockIP: to be abandoned, IP ban;
+ReturnCustomPage: to be abandoned, use the specified page to intercept;
+JSChallenge: to be abandoned, JavaScript challenge;
+ManagedChallenge: to be abandoned, managed challenge..
+* `block_ip_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is BlockIP.
+* `challenge_action_parameters` - (Optional, List) Additional parameters when Name is Challenge.
+* `deny_action_parameters` - (Optional, List) Additional parameters when Name is Deny.
+* `redirect_action_parameters` - (Optional, List) Additional parameters when Name is Redirect.
+* `return_custom_page_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is ReturnCustomPage.
+
+The `action` object of `bandwidth_abuse_defense` supports the following:
+
+* `name` - (Required, String) The specific action of security execution. The values are:
+Deny: intercept, block the request to access site resources;
+Monitor: observe, only record logs;
+Redirect: redirect to URL;
+Disabled: disabled, do not enable the specified rule;
+Allow: allow access, but delay processing requests;
+Challenge: challenge, respond to challenge content;
+BlockIP: to be abandoned, IP ban;
+ReturnCustomPage: to be abandoned, use the specified page to intercept;
+JSChallenge: to be abandoned, JavaScript challenge;
+ManagedChallenge: to be abandoned, managed challenge..
+* `block_ip_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is BlockIP.
+* `challenge_action_parameters` - (Optional, List) Additional parameters when Name is Challenge.
+* `deny_action_parameters` - (Optional, List) Additional parameters when Name is Deny.
+* `redirect_action_parameters` - (Optional, List) Additional parameters when Name is Redirect.
+* `return_custom_page_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is ReturnCustomPage.
+
The `action` object of `basic_access_rules` supports the following:
* `name` - (Required, String) Specific actions for safe execution. valid values:.
@@ -572,6 +688,25 @@ The `action` object of `basic_access_rules` supports the following:
* `redirect_action_parameters` - (Optional, List) Additional parameter when Name is Redirect.
* `return_custom_page_action_parameters` - (Optional, List) Additional parameter when Name is ReturnCustomPage.
+The `action` object of `client_filtering` supports the following:
+
+* `name` - (Required, String) The specific action of security execution. The values are:
+Deny: intercept, block the request to access site resources;
+Monitor: observe, only record logs;
+Redirect: redirect to URL;
+Disabled: disabled, do not enable the specified rule;
+Allow: allow access, but delay processing requests;
+Challenge: challenge, respond to challenge content;
+BlockIP: to be abandoned, IP ban;
+ReturnCustomPage: to be abandoned, use the specified page to intercept;
+JSChallenge: to be abandoned, JavaScript challenge;
+ManagedChallenge: to be abandoned, managed challenge..
+* `block_ip_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is BlockIP.
+* `challenge_action_parameters` - (Optional, List) Additional parameters when Name is Challenge.
+* `deny_action_parameters` - (Optional, List) Additional parameters when Name is Deny.
+* `redirect_action_parameters` - (Optional, List) Additional parameters when Name is Redirect.
+* `return_custom_page_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is ReturnCustomPage.
+
The `action` object of `managed_rule_groups` supports the following:
* `name` - (Required, String) Specific actions for safe execution. valid values:.
@@ -604,10 +739,59 @@ The `action` object of `rules` supports the following:
* `redirect_action_parameters` - (Optional, List) Additional parameter when Name is Redirect.
* `return_custom_page_action_parameters` - (Optional, List) Additional parameter when Name is ReturnCustomPage.
+The `action` object of `rules` supports the following:
+
+* `name` - (Required, String) The specific action of security execution. The values are:
+Deny: intercept, block the request to access site resources;
+Monitor: observe, only record logs;
+Redirect: redirect to URL;
+Disabled: disabled, do not enable the specified rule;
+Allow: allow access, but delay processing requests;
+Challenge: challenge, respond to challenge content;
+BlockIP: to be abandoned, IP ban;
+ReturnCustomPage: to be abandoned, use the specified page to intercept;
+JSChallenge: to be abandoned, JavaScript challenge;
+ManagedChallenge: to be abandoned, managed challenge..
+* `block_ip_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is BlockIP.
+* `challenge_action_parameters` - (Optional, List) Additional parameters when Name is Challenge.
+* `deny_action_parameters` - (Optional, List) Additional parameters when Name is Deny.
+* `redirect_action_parameters` - (Optional, List) Additional parameters when Name is Redirect.
+* `return_custom_page_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is ReturnCustomPage.
+
+The `action` object of `slow_attack_defense` supports the following:
+
+* `name` - (Required, String) The specific action of security execution. The values are:
+Deny: intercept, block the request to access site resources;
+Monitor: observe, only record logs;
+Redirect: redirect to URL;
+Disabled: disabled, do not enable the specified rule;
+Allow: allow access, but delay processing requests;
+Challenge: challenge, respond to challenge content;
+BlockIP: to be abandoned, IP ban;
+ReturnCustomPage: to be abandoned, use the specified page to intercept;
+JSChallenge: to be abandoned, JavaScript challenge;
+ManagedChallenge: to be abandoned, managed challenge..
+* `block_ip_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is BlockIP.
+* `challenge_action_parameters` - (Optional, List) Additional parameters when Name is Challenge.
+* `deny_action_parameters` - (Optional, List) Additional parameters when Name is Deny.
+* `redirect_action_parameters` - (Optional, List) Additional parameters when Name is Redirect.
+* `return_custom_page_action_parameters` - (Optional, List) To be deprecated, additional parameter when Name is ReturnCustomPage.
+
+The `adaptive_frequency_control` object of `http_ddos_protection` supports the following:
+
+* `enabled` - (Required, String) Whether adaptive frequency control is enabled. The possible values are: on: enabled; off: disabled. .
+* `action` - (Optional, List) The handling method of adaptive frequency control. When Enabled is on, this field is required. SecurityAction's Name value supports: Monitor: Observe; Deny: Intercept; Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge. .
+* `sensitivity` - (Optional, String) The restriction level of adaptive frequency control. When Enabled is on, this field is required. The values are: Loose: loose; Moderate: moderate; Strict: strict. .
+
The `auto_update` object of `managed_rules` supports the following:
* `auto_update_to_latest_version` - (Required, String) Indicates whether to enable automatic update to the latest version. valid values: on: enabled off: disabled.
+The `bandwidth_abuse_defense` object of `http_ddos_protection` supports the following:
+
+* `enabled` - (Required, String) Whether the anti-theft feature (only applicable to mainland China) is enabled. The possible values are: on: enabled; off: disabled. .
+* `action` - (Optional, List) The method for preventing traffic fraud (only applicable to mainland China). When Enabled is on, this field is required. SecurityAction Name value supports: Monitor: Observe; Deny: Intercept; Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge. .
+
The `basic_access_rules` object of `custom_rules` supports the following:
* `action` - (Required, List) Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
@@ -620,12 +804,59 @@ The `block_ip_action_parameters` object of `action` supports the following:
* `duration` - (Required, String) Penalty duration for blocking ips. supported units: s: second, value range 1-120; m: minute, value range 1-120; h: hour, value range 1-48..
+The `block_ip_action_parameters` object of `action` supports the following:
+
+* `duration` - (Required, String) The penalty duration for banning an IP. Supported units are: s: seconds, value range 1 to 120; m: minutes, value range 1 to 120; h: hours, value range 1 to 48. .
+
+The `challenge_action_parameters` object of `action` supports the following:
+
+* `challenge_option` - (Required, String) The specific challenge action to be executed safely. The possible values are: InterstitialChallenge: interstitial challenge; InlineChallenge: embedded challenge; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge. .
+* `attester_id` - (Optional, String) Client authentication method ID. This field is required when Name is InterstitialChallenge/InlineChallenge.
+* `interval` - (Optional, String) The time interval for repeating the challenge. When Name is InterstitialChallenge/InlineChallenge, this field is required. The default value is 300s. Supported units are: s: seconds, value range 1 to 60; m: minutes, value range 1 to 60; h: hours, value range 1 to 24. .
+
+The `client_filtering` object of `http_ddos_protection` supports the following:
+
+* `enabled` - (Required, String) Whether smart client filtering is enabled. The possible values are: on: enabled; off: disabled. .
+* `action` - (Optional, List) The method of intelligent client filtering. When Enabled is on, this field is required. SecurityAction Name value supports: Monitor: Observe; Deny: Intercept; Challenge: Challenge, where ChallengeActionParameters.Name only supports JSChallenge. .
+
The `custom_rules` object of `security_policy` supports the following:
* `basic_access_rules` - (Optional, List) List of custom rule definitions.
when modifying the Web protection configuration using ModifySecurityPolicy:
- if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations.
- if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
* `precise_match_rules` - (Optional, List) List of custom rule definitions.
when modifying the Web protection configuration using ModifySecurityPolicy:
- if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations.
- if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
* `rules` - (Optional, List, **Deprecated**) It has been deprecated from version 1.81.184. Please use `precise_match_rules` or `basic_access_rules` instead. List of custom rule definitions.
when modifying the Web protection configuration using ModifySecurityPolicy:
- if the Rules parameter is not specified or the parameter length of Rules is zero: clear all custom rule configurations.
- if the parameter value of CustomRules in the SecurityPolicy parameter is not specified: keep the existing custom rule configuration without modification.
+The `deny_action_parameters` object of `action` supports the following:
+
+* `block_ip_duration` - (Optional, String) When BlockIP is on, the IP blocking duration.
+* `block_ip` - (Optional, String) Whether to extend the blocking of source IP. The possible values are:
+on: on;
+off: off.
+When enabled, the client IP that triggers the rule will be blocked continuously. When this option is enabled, the BlockIpDuration parameter must be specified at the same time.
+Note: This option cannot be enabled at the same time as the ReturnCustomPage or Stall options.
+* `error_page_id` - (Optional, String) The PageId of the custom page.
+* `response_code` - (Optional, String) Customize the status code of the page.
+* `return_custom_page` - (Optional, String) Whether to use custom pages. The possible values are:
+on: on;
+off: off.
+After enabling, use custom page content to intercept (respond to) requests. When enabling this option, you must specify the ResponseCode and ErrorPageId parameters at the same time.
+Note: This option cannot be enabled at the same time as the BlockIp or Stall options.
+* `stall` - (Optional, String) Whether to ignore the request source suspension. The value is:
+on: Enable;
+off: Disable.
+After enabling, it will no longer respond to requests in the current connection session and will not actively disconnect. It is used to fight against crawlers and consume client connection resources.
+Note: This option cannot be enabled at the same time as the BlockIp or ReturnCustomPage options.
+
+The `exception_rules` object of `security_policy` supports the following:
+
+* `rules` - (Optional, List) Definition list of exception rules. When using ModifySecurityPolicy to modify the Web protection configuration: If the Rules parameter is not specified, or the length of the Rules parameter is zero: clear all exception rule configurations. .If the ExceptionRules parameter value is not specified in the SecurityPolicy parameter: keep the existing exception rule configurations and do not modify them. .
+
+The `http_ddos_protection` object of `security_policy` supports the following:
+
+* `adaptive_frequency_control` - (Optional, List) Specific configuration of adaptive frequency control.
+* `bandwidth_abuse_defense` - (Optional, List) Specific configuration of traffic fraud prevention.
+* `client_filtering` - (Optional, List) Specific configuration of intelligent client filtering.
+* `slow_attack_defense` - (Optional, List) Specific configuration of slow attack protection.
+
The `managed_rule_groups` object of `managed_rules` supports the following:
* `action` - (Required, List) Handling actions for managed rule groups. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process requests and record security events in logs; Disabled: not enabled, do not scan requests and skip this rule..
@@ -644,6 +875,12 @@ The `managed_rules` object of `security_policy` supports the following:
The `meta_data` object of `managed_rule_groups` supports the following:
+The `minimal_request_body_transfer_rate` object of `slow_attack_defense` supports the following:
+
+* `counting_period` - (Required, String) The minimum text transmission rate statistics time range, the possible values are: 10s: 10 seconds; 30s: 30 seconds; 60s: 60 seconds; 120s: 120 seconds. .
+* `enabled` - (Required, String) Whether the text transmission minimum rate threshold is enabled. The possible values are: on: enabled; off: disabled. .
+* `minimal_avg_transfer_rate_threshold` - (Required, String) Minimum text transmission rate threshold. The unit only supports bps.
+
The `precise_match_rules` object of `custom_rules` supports the following:
* `action` - (Required, List) Execution actions for custom rules. the Name parameter value of SecurityAction supports: Deny: block; Monitor: observe; ReturnCustomPage: block using a specified page; Redirect: Redirect to URL; BlockIP: IP blocking; JSChallenge: JavaScript challenge; ManagedChallenge: managed challenge; Allow: Allow..
@@ -652,15 +889,53 @@ The `precise_match_rules` object of `custom_rules` supports the following:
* `name` - (Required, String) The name of the custom rule.
* `priority` - (Optional, Int) Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports `rule_type` is `PreciseMatchRule`.
+The `rate_limiting_rules` object of `security_policy` supports the following:
+
+* `rules` - (Optional, List) A list of precise rate limiting definitions. When using ModifySecurityPolicy to modify the Web protection configuration:
If the Rules parameter is not specified, or the Rules parameter length is zero: clear all precise rate limiting configurations. . If the RateLimitingRules parameter value is not specified in the SecurityPolicy parameter: keep the existing custom rule configuration and do not modify it. .
+
The `redirect_action_parameters` object of `action` supports the following:
* `url` - (Required, String) Redirect URL.
+The `redirect_action_parameters` object of `action` supports the following:
+
+* `url` - (Required, String) The URL to redirect.
+
+The `request_body_transfer_timeout` object of `slow_attack_defense` supports the following:
+
+* `enabled` - (Required, String) Whether the text transmission timeout is enabled. The possible values are: on: enabled; off: disabled. .
+* `idle_timeout` - (Required, String) The text transmission timeout period is between 5 and 120, and the unit only supports seconds (s).
+
+The `request_fields_for_exception` object of `rules` supports the following:
+
+* `condition` - (Required, String) The expression of the specific field to be skipped must conform to the expression syntax.
+Condition supports expression configuration syntax: Written according to the matching condition expression syntax of the rule, supporting references to key and value. . Supports in, like operators, and and logical combinations. .
+For example: ${key} in ['x-trace-id']: parameter name is equal to x-trace-id. .${key} in ['x-trace-id'] and ${value} like ['Bearer *']: parameter name is equal to x-trace-id and the parameter value wildcard matches Bearer *. .
+* `scope` - (Required, String) Specific fields to skip. Supported values:
+body.json: JSON request content; in this case, Condition supports key and value, and TargetField supports key and value, for example, { "Scope": "body.json", "Condition": "", "TargetField": "key" }, which means that all parameters of JSON request content skip WAF scanning;
+cookie: Cookie; in this case, Condition supports key and value, and TargetField supports key and value, for example, { "Scope": "cookie", "Condition": "${key} in ['account-id'] and ${value} like ['prefix-*']", "TargetField": "value" }, which means that the Cookie parameter name is equal to account-id and the parameter value wildcard matches prefix-* to skip WAF scanning;
+header: HTTP header parameter; Condition supports key and value, TargetField supports key and value, for example { "Scope": "header", "Condition": "${key} like ['x-auth-*']", "TargetField": "value" }, which means that the header parameter name wildcard matches x-auth-* and skips WAF scanning;
+uri.query: URL encoded content/query parameter; Condition supports key and value, TargetField supports key and value, for example { "Scope": "uri.query", "Condition": "${key} in ['action'] and ${value} in ['upload', 'delete']", "TargetField": "value" }, which means that the parameter name of the URL encoded content/query parameter is equal to action And the parameter value is equal to upload or delete to skip WAF scanning;
+uri: request path URI; in this case, Condition must be empty, TargetField supports query, path, fullpath, for example, { "Scope": "uri", "Condition": "", "TargetField": "query" }, indicating that the request path URI only query parameters skip WAF scanning;
+body: request body content. In this case, Condition must be empty, TargetField supports fullbody and multipart, for example, { "Scope": "body", "Condition": "", "TargetField": "fullbody" }, indicating that the request body content is the complete request body and skips WAF scanning;.
+* `target_field` - (Required, String) When the Scope parameter uses different values, the supported values in the TargetField expression are as follows:
+ body.json: supports key and value
+ cookie: supports key and value
+ header: supports key and value
+ uri.query: supports key and value
+ uri: supports path, query and fullpath
+ body: supports fullbody and multipart.
+
The `return_custom_page_action_parameters` object of `action` supports the following:
* `error_page_id` - (Required, String) Response custom page ID.
* `response_code` - (Required, String) Response status code.
+The `return_custom_page_action_parameters` object of `action` supports the following:
+
+* `error_page_id` - (Required, String) The custom page ID of the response.
+* `response_code` - (Required, String) Response status code.
+
The `rule_actions` object of `managed_rule_groups` supports the following:
* `action` - (Required, List) Specify the handling action for the managed rule item in RuleId. the Name parameter value of SecurityAction supports: Deny: block and respond with an interception page; Monitor: observe, do not process the request and record the security event in logs; Disabled: Disabled, do not scan the request and skip this rule..
@@ -679,10 +954,46 @@ The `rules` object of `custom_rules` supports the following:
* `priority` - (Optional, Int) Customizes the priority of rules. value range: 0-100. it defaults to 0. only supports `rule_type` is `PreciseMatchRule`.
* `rule_type` - (Optional, String) Type of custom rule. valid values: BasicAccessRule: basic access control; PreciseMatchRule: exact matching rule, default; ManagedAccessRule: expert customized rule, for output only. the default value is PreciseMatchRule.
+The `rules` object of `exception_rules` supports the following:
+
+* `condition` - (Optional, String) The specific content of the exception rule must comply with the expression syntax. For detailed specifications, see the product documentation.
+* `enabled` - (Optional, String) Whether the exception rule is enabled. The values are: on: enabledoff: disabled.
+* `id` - (Optional, String) The ID of the exception rule.
The rule ID can support different rule configuration operations:
Add a new rule: the ID is empty or the ID parameter is not specified; Modify an existing rule: specify the rule ID to be updated/modified; Delete an existing rule: in the ExceptionRules parameter, the existing rules not included in the Rules list will be deleted. .
+* `managed_rule_groups_for_exception` - (Optional, Set) Specifies the managed rule group for the exception rule. This is only valid when SkipScope is ManagedRules and ManagedRulesForException cannot be specified.
+* `managed_rules_for_exception` - (Optional, Set) Specifies the specific managed rule for the exception rule. This is only valid when SkipScope is ManagedRules and ManagedRuleGroupsForException cannot be specified.
+* `name` - (Optional, String) The name of the exception rule.
+* `request_fields_for_exception` - (Optional, List) Specifies the specific configuration of the exception rule to skip the specified request field. This is only valid when SkipScope is ManagedRules and SkipOption is SkipOnSpecifiedRequestFields.
+* `skip_option` - (Optional, String) The specific type of the skipped request. The possible values are: SkipOnAllRequestFields: skip all requests; SkipOnSpecifiedRequestFields: skip specified request fields. . This option is only valid when SkipScope is ManagedRules.
+* `skip_scope` - (Optional, String) Exception rule execution options, the values are: WebSecurityModules: Specifies the security protection module for the exception rule. .ManagedRules: Specifies the managed rules. .
+* `web_security_modules_for_exception` - (Optional, Set) Specifies the security protection module for the exception rule. It is valid only when SkipScope is WebSecurityModules. The possible values are: websec-mod-managed-rules: managed rules; websec-mod-rate-limiting: rate limiting; websec-mod-custom-rules: custom rules; websec-mod-adaptive-control: adaptive frequency control, intelligent client filtering, slow attack protection, traffic theft protection; websec-mod-bot: Bot management. .
+
+The `rules` object of `rate_limiting_rules` supports the following:
+
+* `action_duration` - (Optional, String) Action The duration of the action. The supported units are: s: seconds, with a value of 1 to 120; m: minutes, with a value of 1 to 120; h: hours, with a value of 1 to 48; d: days, with a value of 1 to 30. .
+* `action` - (Optional, List) The precise rate limit handling method. The values are: Monitor: Observe; Deny: Intercept, where DenyActionParameters.Name supports Deny and ReturnCustomPage; Challenge: Challenge, where ChallengeActionParameters.Name supports JSChallenge and ManagedChallenge; Redirect: Redirect to URL; .
+* `condition` - (Optional, String) The specific content of the precise rate limit must conform to the expression syntax. For detailed specifications, see the product documentation.
+* `count_by` - (Optional, Set) The matching method of the rate threshold request feature. When Enabled is on, this field is required.
When there are multiple conditions, multiple conditions will be combined for statistical calculation. The number of conditions cannot exceed 5. The possible values are:
http.request.ip: client IP; http.request.xff_header_ip: client IP (matching XFF header first); http.request.uri.path: requested access path; http.request.cookies['session']: cookie named session, where session can be replaced by the parameter you specify; http.request.headers['user-agent']: HTTP header named user-agent, where user-agent can be replaced by the parameter you specify; http.request.ja3: requested JA3 fingerprint; http.request.uri.query['test']: URL query parameter named test, where test can be replaced by the parameter you specify. .
+* `counting_period` - (Optional, String) The statistical time window, the possible values are: 1s: 1 second; 5s: 5 seconds; 10s: 10 seconds; 20s: 20 seconds; 30s: 30 seconds; 40s: 40 seconds; 50s: 50 seconds; 1m: 1 minute; 2m: 2 minutes; 5m: 5 minutes; 10m: 10 minutes; 1h: 1 hour. .
+* `enabled` - (Optional, String) Whether the precise rate limit rule is enabled. The possible values are: on: enabled; off: disabled. .
+* `id` - (Optional, String) The ID of the precise rate limit.
The rule ID can support different rule configuration operations:
Add a new rule: the ID is empty or the ID parameter is not specified; Modify an existing rule: specify the rule ID to be updated/modified; Delete an existing rule: in the RateLimitingRules parameter, the existing rules not included in the Rules list will be deleted. .
+* `max_request_threshold` - (Optional, Int) The cumulative number of interceptions within the time range of the precise rate limit, ranging from 1 to 100000.
+* `name` - (Optional, String) The name of the precise rate limit.
+* `priority` - (Optional, Int) The priority of precise rate limiting ranges from 0 to 100, and the default is 0.
+
The `security_policy` object supports the following:
* `custom_rules` - (Optional, List) Custom rule configuration.
+* `exception_rules` - (Optional, List) Exception rule configuration.
+* `http_ddos_protection` - (Optional, List) HTTP DDOS protection configuration.
* `managed_rules` - (Optional, List) Managed rule configuration.
+* `rate_limiting_rules` - (Optional, List) Rate limiting rule configuration.
+
+The `slow_attack_defense` object of `http_ddos_protection` supports the following:
+
+* `enabled` - (Required, String) Whether slow attack protection is enabled. The possible values are: on: enabled; off: disabled. .
+* `action` - (Optional, List) The handling method of slow attack protection. When Enabled is on, this field is required. SecurityAction Name value supports: Monitor: Observe; Deny: Intercept; .
+* `minimal_request_body_transfer_rate` - (Optional, List) Specific configuration of the minimum rate threshold for text transmission. This field is required when Enabled is on.
+* `request_body_transfer_timeout` - (Optional, List) Specific configuration of the text transmission timeout. When Enabled is on, this field is required.
## Attributes Reference