Oracle Cloud Infrastructure v3.10.0, Nov 5 25

Oracle Cloud Infrastructure v3.10.0 published on Wednesday, Nov 5, 2025 by Pulumi

oci.Waas.getProtectionRules

Explain and create an oci.Waas.getProtectionRules resource

Oracle Cloud Infrastructure v3.10.0 published on Wednesday, Nov 5, 2025 by Pulumi

Gets the list of available protection rules for a WAAS policy. Use the GetWafConfig operation to view a list of currently configured protection rules for the Web Application Firewall, or use the ListRecommendations operation to get a list of recommended protection rules for the Web Application Firewall. The list is sorted by key, in ascending order.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testProtectionRules = oci.Waas.getProtectionRules({
    waasPolicyId: testWaasPolicy.id,
    actions: protectionRuleAction,
    modSecurityRuleIds: testRule.id,
});

import pulumi
import pulumi_oci as oci

test_protection_rules = oci.Waas.get_protection_rules(waas_policy_id=test_waas_policy["id"],
    actions=protection_rule_action,
    mod_security_rule_ids=test_rule["id"])

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v3/go/oci/waas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := waas.GetProtectionRules(ctx, &waas.GetProtectionRulesArgs{
			WaasPolicyId:       testWaasPolicy.Id,
			Actions:            protectionRuleAction,
			ModSecurityRuleIds: testRule.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testProtectionRules = Oci.Waas.GetProtectionRules.Invoke(new()
    {
        WaasPolicyId = testWaasPolicy.Id,
        Actions = protectionRuleAction,
        ModSecurityRuleIds = testRule.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Waas.WaasFunctions;
import com.pulumi.oci.Waas.inputs.GetProtectionRulesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testProtectionRules = WaasFunctions.getProtectionRules(GetProtectionRulesArgs.builder()
            .waasPolicyId(testWaasPolicy.id())
            .actions(protectionRuleAction)
            .modSecurityRuleIds(testRule.id())
            .build());

    }
}

variables:
  testProtectionRules:
    fn::invoke:
      function: oci:Waas:getProtectionRules
      arguments:
        waasPolicyId: ${testWaasPolicy.id}
        actions: ${protectionRuleAction}
        modSecurityRuleIds: ${testRule.id}

Using getProtectionRules

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getProtectionRules(args: GetProtectionRulesArgs, opts?: InvokeOptions): Promise<GetProtectionRulesResult>
function getProtectionRulesOutput(args: GetProtectionRulesOutputArgs, opts?: InvokeOptions): Output<GetProtectionRulesResult>

def get_protection_rules(actions: Optional[Sequence[str]] = None,
                         filters: Optional[Sequence[GetProtectionRulesFilter]] = None,
                         mod_security_rule_ids: Optional[Sequence[str]] = None,
                         waas_policy_id: Optional[str] = None,
                         opts: Optional[InvokeOptions] = None) -> GetProtectionRulesResult
def get_protection_rules_output(actions: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                         filters: Optional[pulumi.Input[Sequence[pulumi.Input[GetProtectionRulesFilterArgs]]]] = None,
                         mod_security_rule_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                         waas_policy_id: Optional[pulumi.Input[str]] = None,
                         opts: Optional[InvokeOptions] = None) -> Output[GetProtectionRulesResult]

func GetProtectionRules(ctx *Context, args *GetProtectionRulesArgs, opts ...InvokeOption) (*GetProtectionRulesResult, error)
func GetProtectionRulesOutput(ctx *Context, args *GetProtectionRulesOutputArgs, opts ...InvokeOption) GetProtectionRulesResultOutput

> Note: This function is named GetProtectionRules in the Go SDK.

public static class GetProtectionRules 
{
    public static Task<GetProtectionRulesResult> InvokeAsync(GetProtectionRulesArgs args, InvokeOptions? opts = null)
    public static Output<GetProtectionRulesResult> Invoke(GetProtectionRulesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetProtectionRulesResult> getProtectionRules(GetProtectionRulesArgs args, InvokeOptions options)
public static Output<GetProtectionRulesResult> getProtectionRules(GetProtectionRulesArgs args, InvokeOptions options)

fn::invoke:
  function: oci:Waas/getProtectionRules:getProtectionRules
  arguments:
    # arguments dictionary

The following arguments are supported:

WaasPolicyId string: The OCID of the WAAS policy.
Actions List<string>: Filter rules using a list of actions.
Filters List<GetProtectionRulesFilter>
ModSecurityRuleIds List<string>: Filter rules using a list of ModSecurity rule IDs.

WaasPolicyId string: The OCID of the WAAS policy.
Actions []string: Filter rules using a list of actions.
Filters []GetProtectionRulesFilter
ModSecurityRuleIds []string: Filter rules using a list of ModSecurity rule IDs.

waasPolicyId String: The OCID of the WAAS policy.
actions List<String>: Filter rules using a list of actions.
filters List<GetProtectionRulesFilter>
modSecurityRuleIds List<String>: Filter rules using a list of ModSecurity rule IDs.

waasPolicyId string: The OCID of the WAAS policy.
actions string[]: Filter rules using a list of actions.
filters GetProtectionRulesFilter[]
modSecurityRuleIds string[]: Filter rules using a list of ModSecurity rule IDs.

waas_policy_id str: The OCID of the WAAS policy.
actions Sequence[str]: Filter rules using a list of actions.
filters Sequence[GetProtectionRulesFilter]
mod_security_rule_ids Sequence[str]: Filter rules using a list of ModSecurity rule IDs.

waasPolicyId String: The OCID of the WAAS policy.
actions List<String>: Filter rules using a list of actions.
filters List<Property Map>
modSecurityRuleIds List<String>: Filter rules using a list of ModSecurity rule IDs.

getProtectionRules Result

The following output properties are available:

Id string: The provider-assigned unique ID for this managed resource.
ProtectionRules List<GetProtectionRulesProtectionRule>: The list of protection_rules.
WaasPolicyId string
Actions List<string>: The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF.
Filters List<GetProtectionRulesFilter>
ModSecurityRuleIds List<string>

Id string: The provider-assigned unique ID for this managed resource.
ProtectionRules []GetProtectionRulesProtectionRule: The list of protection_rules.
WaasPolicyId string
Actions []string: The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF.
Filters []GetProtectionRulesFilter
ModSecurityRuleIds []string

id String: The provider-assigned unique ID for this managed resource.
protectionRules List<GetProtectionRulesProtectionRule>: The list of protection_rules.
waasPolicyId String
actions List<String>: The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF.
filters List<GetProtectionRulesFilter>
modSecurityRuleIds List<String>

id string: The provider-assigned unique ID for this managed resource.
protectionRules GetProtectionRulesProtectionRule[]: The list of protection_rules.
waasPolicyId string
actions string[]: The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF.
filters GetProtectionRulesFilter[]
modSecurityRuleIds string[]

id str: The provider-assigned unique ID for this managed resource.
protection_rules Sequence[GetProtectionRulesProtectionRule]: The list of protection_rules.
waas_policy_id str
actions Sequence[str]: The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF.
filters Sequence[GetProtectionRulesFilter]
mod_security_rule_ids Sequence[str]

id String: The provider-assigned unique ID for this managed resource.
protectionRules List<Property Map>: The list of protection_rules.
waasPolicyId String
actions List<String>: The action to take when the traffic is detected as malicious. If unspecified, defaults to OFF.
filters List<Property Map>
modSecurityRuleIds List<String>

Supporting Types

GetProtectionRulesFilter

Name string: The name of the protection rule.
Values List<string>
Regex bool

Name string: The name of the protection rule.
Values []string
Regex bool

name String: The name of the protection rule.
values List<String>
regex Boolean

name string: The name of the protection rule.
values string[]
regex boolean

name str: The name of the protection rule.
values Sequence[str]
regex bool

name String: The name of the protection rule.
values List<String>
regex Boolean

GetProtectionRulesProtectionRule

Action string: Filter rules using a list of actions.
Description string: The description of the protection rule.
Exclusions List<GetProtectionRulesProtectionRuleExclusion>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Key string: The unique key of the protection rule.
Labels List<string>: The list of labels for the protection rule.
ModSecurityRuleIds List<string>: The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
Name string: The name of the protection rule.
WaasPolicyId string: The OCID of the WAAS policy.

Action string: Filter rules using a list of actions.
Description string: The description of the protection rule.
Exclusions []GetProtectionRulesProtectionRuleExclusion: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Key string: The unique key of the protection rule.
Labels []string: The list of labels for the protection rule.
ModSecurityRuleIds []string: The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
Name string: The name of the protection rule.
WaasPolicyId string: The OCID of the WAAS policy.

action String: Filter rules using a list of actions.
description String: The description of the protection rule.
exclusions List<GetProtectionRulesProtectionRuleExclusion>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
key String: The unique key of the protection rule.
labels List<String>: The list of labels for the protection rule.
modSecurityRuleIds List<String>: The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
name String: The name of the protection rule.
waasPolicyId String: The OCID of the WAAS policy.

action string: Filter rules using a list of actions.
description string: The description of the protection rule.
exclusions GetProtectionRulesProtectionRuleExclusion[]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
key string: The unique key of the protection rule.
labels string[]: The list of labels for the protection rule.
modSecurityRuleIds string[]: The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
name string: The name of the protection rule.
waasPolicyId string: The OCID of the WAAS policy.

action str: Filter rules using a list of actions.
description str: The description of the protection rule.
exclusions Sequence[GetProtectionRulesProtectionRuleExclusion]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
key str: The unique key of the protection rule.
labels Sequence[str]: The list of labels for the protection rule.
mod_security_rule_ids Sequence[str]: The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
name str: The name of the protection rule.
waas_policy_id str: The OCID of the WAAS policy.

action String: Filter rules using a list of actions.
description String: The description of the protection rule.
exclusions List<Property Map>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
key String: The unique key of the protection rule.
labels List<String>: The list of labels for the protection rule.
modSecurityRuleIds List<String>: The list of the ModSecurity rule IDs that apply to this protection rule. For more information about ModSecurity's open source WAF rules, see Mod Security's documentation.
name String: The name of the protection rule.
waasPolicyId String: The OCID of the WAAS policy.

GetProtectionRulesProtectionRuleExclusion

Exclusions List<string>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Target string: The target of the exclusion.

Exclusions []string: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
Target string: The target of the exclusion.

exclusions List<String>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target String: The target of the exclusion.

exclusions string[]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target string: The target of the exclusion.

exclusions Sequence[str]: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target str: The target of the exclusion.

exclusions List<String>: An array of The target property of a request that would allow it to bypass the protection rule. For example, when target is REQUEST_COOKIE_NAMES, the list may include names of cookies to exclude from the protection rule. When the target is ARGS, the list may include strings of URL query parameters and values from form-urlencoded XML, JSON, AMP, or POST payloads to exclude from the protection rule. Exclusions properties must not contain whitespace, comma or |. Note: If protection rules have been enabled that utilize the maxArgumentCount or maxTotalNameLengthOfArguments properties, and the target property has been set to ARGS, it is important that the exclusions properties be defined to honor those protection rule settings in a consistent manner.
target String: The target of the exclusion.

Package Details

Repository: oci pulumi/pulumi-oci
License: Apache-2.0
Notes: This Pulumi package is based on the oci Terraform Provider.

Oracle Cloud Infrastructure v3.10.0 published on Wednesday, Nov 5, 2025 by Pulumi

pulumi/pulumi-oci

oci.Waas.getProtectionRules

On this page

On this page

Example Usage

Using getProtectionRules

getProtectionRules Result

Supporting Types

GetProtectionRulesFilter

GetProtectionRulesProtectionRule

GetProtectionRulesProtectionRuleExclusion

Package Details

On this page

On this page