class OCI::Waas::Models::PolicyConfig

The configuration details for the WAAS policy.

Constants

CIPHER_GROUP_ENUM
CLIENT_ADDRESS_HEADER_ENUM
TLS_PROTOCOLS_ENUM

Attributes

certificate_id[RW]

The OCID of the SSL certificate to use if HTTPS is supported. @return [String]

cipher_group[R]

The set cipher group for the configured TLS protocol. This sets the configuration for the TLS connections between clients and edge nodes only.

  • DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: `ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA`

@return [String]

client_address_header[R]

Specifies an HTTP header name which is treated as the connecting client's IP address. Applicable only if `isBehindCdn` is enabled.

The edge node reads this header and its value and sets the client IP address as specified. It does not create the header if the header is not present in the request. If the header is not present, the connecting IP address will be used as the client's true IP address. It uses the last IP address in the header's value as the true IP address.

Example: `X-Client-Ip: 11.1.1.1, 13.3.3.3`

In the case of multiple headers with the same name, only the first header will be used. It is assumed that CDN sets the correct client IP address to prevent spoofing.

  • X_FORWARDED_FOR: Corresponds to `X-Forwarded-For` header name.

  • X_CLIENT_IP: Corresponds to `X-Client-Ip` header name.

  • X_REAL_IP: Corresponds to `X-Real-Ip` header name.

  • CLIENT_IP: Corresponds to `Client-Ip` header name.

  • TRUE_CLIENT_IP: Corresponds to `True-Client-Ip` header name.

@return [String]

health_checks[RW]

@return [OCI::Waas::Models::HealthCheck]

is_behind_cdn[RW]

Enabling `isBehindCdn` allows for the collection of IP addresses from client requests if the WAF is connected to a CDN. @return [BOOLEAN]

is_cache_control_respected[RW]

Enable or disable automatic content caching based on the response `cache-control` header. This feature enables the origin to act as a proxy cache. Caching is usually defined using `cache-control` header. For example `cache-control: max-age=120` means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting. @return [BOOLEAN]

is_https_enabled[RW]

Enable or disable HTTPS support. If true, a `certificateId` is required. If unspecified, defaults to `false`. @return [BOOLEAN]

is_https_forced[RW]

Force HTTP to HTTPS redirection. If unspecified, defaults to `false`. @return [BOOLEAN]

is_origin_compression_enabled[RW]

Enable or disable GZIP compression of origin responses. If enabled, the header `Accept-Encoding: gzip` is sent to origin, otherwise, the empty `Accept-Encoding:` header is used. @return [BOOLEAN]

is_response_buffering_enabled[RW]

Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte. @return [BOOLEAN]

is_sni_enabled[RW]

SNI stands for Server Name Indication and is an extension of the TLS protocol. It indicates which hostname is being contacted by the browser at the beginning of the 'handshake'-process. This allows a server to connect multiple SSL Certificates to one IP address and port. @return [BOOLEAN]

load_balancing_method[RW]

An object that represents a load balancing method and its properties. @return [OCI::Waas::Models::LoadBalancingMethod]

tls_protocols[R]

A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. The TLS protocol is negotiated while the request is connecting and the most recent protocol supported by both the edge node and client browser will be selected. If no such version exists, the connection will be aborted.

  • TLS_V1: corresponds to TLS 1.0 specification.

  • TLS_V1_1: corresponds to TLS 1.1 specification.

  • TLS_V1_2: corresponds to TLS 1.2 specification.

  • TLS_V1_3: corresponds to TLS 1.3 specification.

Enabled TLS protocols must go in a row. For example if `TLS_v1_1` and `TLS_V1_3` are enabled, `TLS_V1_2` must be enabled too. @return [Array<String>]

websocket_path_prefixes[RW]

ModSecurity is not capable to inspect WebSockets. Therefore paths specified here have WAF disabled if Connection request header from the client has the value Upgrade (case insensitive matching) and Upgrade request header has the value websocket (case insensitive matching). Paths matches if the concatenation of request URL path and query starts with the contents of the one of `websocketPathPrefixes` array value. In All other cases challenges, like JSC, HIC and etc., remain active. @return [Array<String>]

Public Class Methods

attribute_map() click to toggle source

Attribute mapping from ruby-style variable name to JSON key.

# File lib/oci/waas/models/policy_config.rb, line 116
def self.attribute_map
  {
    # rubocop:disable Style/SymbolLiteral
    'certificate_id': :'certificateId',
    'is_https_enabled': :'isHttpsEnabled',
    'is_https_forced': :'isHttpsForced',
    'tls_protocols': :'tlsProtocols',
    'is_origin_compression_enabled': :'isOriginCompressionEnabled',
    'is_behind_cdn': :'isBehindCdn',
    'client_address_header': :'clientAddressHeader',
    'is_cache_control_respected': :'isCacheControlRespected',
    'is_response_buffering_enabled': :'isResponseBufferingEnabled',
    'cipher_group': :'cipherGroup',
    'load_balancing_method': :'loadBalancingMethod',
    'websocket_path_prefixes': :'websocketPathPrefixes',
    'is_sni_enabled': :'isSniEnabled',
    'health_checks': :'healthChecks'
    # rubocop:enable Style/SymbolLiteral
  }
end
new(attributes = {}) click to toggle source

Initializes the object @param [Hash] attributes Model attributes in the form of hash @option attributes [String] :certificate_id The value to assign to the {#certificate_id} property @option attributes [BOOLEAN] :is_https_enabled The value to assign to the {#is_https_enabled} property @option attributes [BOOLEAN] :is_https_forced The value to assign to the {#is_https_forced} property @option attributes [Array<String>] :tls_protocols The value to assign to the {#tls_protocols} property @option attributes [BOOLEAN] :is_origin_compression_enabled The value to assign to the {#is_origin_compression_enabled} property @option attributes [BOOLEAN] :is_behind_cdn The value to assign to the {#is_behind_cdn} property @option attributes [String] :client_address_header The value to assign to the {#client_address_header} property @option attributes [BOOLEAN] :is_cache_control_respected The value to assign to the {#is_cache_control_respected} property @option attributes [BOOLEAN] :is_response_buffering_enabled The value to assign to the {#is_response_buffering_enabled} property @option attributes [String] :cipher_group The value to assign to the {#cipher_group} property @option attributes [OCI::Waas::Models::LoadBalancingMethod] :load_balancing_method The value to assign to the {#load_balancing_method} property @option attributes [Array<String>] :websocket_path_prefixes The value to assign to the {#websocket_path_prefixes} property @option attributes [BOOLEAN] :is_sni_enabled The value to assign to the {#is_sni_enabled} property @option attributes [OCI::Waas::Models::HealthCheck] :health_checks The value to assign to the {#health_checks} property

# File lib/oci/waas/models/policy_config.rb, line 179
def initialize(attributes = {})
  return unless attributes.is_a?(Hash)

  # convert string to symbol for hash key
  attributes = attributes.each_with_object({}) { |(k, v), h| h[k.to_sym] = v }

  self.certificate_id = attributes[:'certificateId'] if attributes[:'certificateId']

  raise 'You cannot provide both :certificateId and :certificate_id' if attributes.key?(:'certificateId') && attributes.key?(:'certificate_id')

  self.certificate_id = attributes[:'certificate_id'] if attributes[:'certificate_id']

  self.is_https_enabled = attributes[:'isHttpsEnabled'] unless attributes[:'isHttpsEnabled'].nil?

  raise 'You cannot provide both :isHttpsEnabled and :is_https_enabled' if attributes.key?(:'isHttpsEnabled') && attributes.key?(:'is_https_enabled')

  self.is_https_enabled = attributes[:'is_https_enabled'] unless attributes[:'is_https_enabled'].nil?

  self.is_https_forced = attributes[:'isHttpsForced'] unless attributes[:'isHttpsForced'].nil?

  raise 'You cannot provide both :isHttpsForced and :is_https_forced' if attributes.key?(:'isHttpsForced') && attributes.key?(:'is_https_forced')

  self.is_https_forced = attributes[:'is_https_forced'] unless attributes[:'is_https_forced'].nil?

  self.tls_protocols = attributes[:'tlsProtocols'] if attributes[:'tlsProtocols']

  raise 'You cannot provide both :tlsProtocols and :tls_protocols' if attributes.key?(:'tlsProtocols') && attributes.key?(:'tls_protocols')

  self.tls_protocols = attributes[:'tls_protocols'] if attributes[:'tls_protocols']

  self.is_origin_compression_enabled = attributes[:'isOriginCompressionEnabled'] unless attributes[:'isOriginCompressionEnabled'].nil?
  self.is_origin_compression_enabled = true if is_origin_compression_enabled.nil? && !attributes.key?(:'isOriginCompressionEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isOriginCompressionEnabled and :is_origin_compression_enabled' if attributes.key?(:'isOriginCompressionEnabled') && attributes.key?(:'is_origin_compression_enabled')

  self.is_origin_compression_enabled = attributes[:'is_origin_compression_enabled'] unless attributes[:'is_origin_compression_enabled'].nil?
  self.is_origin_compression_enabled = true if is_origin_compression_enabled.nil? && !attributes.key?(:'isOriginCompressionEnabled') && !attributes.key?(:'is_origin_compression_enabled') # rubocop:disable Style/StringLiterals

  self.is_behind_cdn = attributes[:'isBehindCdn'] unless attributes[:'isBehindCdn'].nil?
  self.is_behind_cdn = false if is_behind_cdn.nil? && !attributes.key?(:'isBehindCdn') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isBehindCdn and :is_behind_cdn' if attributes.key?(:'isBehindCdn') && attributes.key?(:'is_behind_cdn')

  self.is_behind_cdn = attributes[:'is_behind_cdn'] unless attributes[:'is_behind_cdn'].nil?
  self.is_behind_cdn = false if is_behind_cdn.nil? && !attributes.key?(:'isBehindCdn') && !attributes.key?(:'is_behind_cdn') # rubocop:disable Style/StringLiterals

  self.client_address_header = attributes[:'clientAddressHeader'] if attributes[:'clientAddressHeader']

  raise 'You cannot provide both :clientAddressHeader and :client_address_header' if attributes.key?(:'clientAddressHeader') && attributes.key?(:'client_address_header')

  self.client_address_header = attributes[:'client_address_header'] if attributes[:'client_address_header']

  self.is_cache_control_respected = attributes[:'isCacheControlRespected'] unless attributes[:'isCacheControlRespected'].nil?
  self.is_cache_control_respected = false if is_cache_control_respected.nil? && !attributes.key?(:'isCacheControlRespected') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isCacheControlRespected and :is_cache_control_respected' if attributes.key?(:'isCacheControlRespected') && attributes.key?(:'is_cache_control_respected')

  self.is_cache_control_respected = attributes[:'is_cache_control_respected'] unless attributes[:'is_cache_control_respected'].nil?
  self.is_cache_control_respected = false if is_cache_control_respected.nil? && !attributes.key?(:'isCacheControlRespected') && !attributes.key?(:'is_cache_control_respected') # rubocop:disable Style/StringLiterals

  self.is_response_buffering_enabled = attributes[:'isResponseBufferingEnabled'] unless attributes[:'isResponseBufferingEnabled'].nil?
  self.is_response_buffering_enabled = false if is_response_buffering_enabled.nil? && !attributes.key?(:'isResponseBufferingEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isResponseBufferingEnabled and :is_response_buffering_enabled' if attributes.key?(:'isResponseBufferingEnabled') && attributes.key?(:'is_response_buffering_enabled')

  self.is_response_buffering_enabled = attributes[:'is_response_buffering_enabled'] unless attributes[:'is_response_buffering_enabled'].nil?
  self.is_response_buffering_enabled = false if is_response_buffering_enabled.nil? && !attributes.key?(:'isResponseBufferingEnabled') && !attributes.key?(:'is_response_buffering_enabled') # rubocop:disable Style/StringLiterals

  self.cipher_group = attributes[:'cipherGroup'] if attributes[:'cipherGroup']
  self.cipher_group = "DEFAULT" if cipher_group.nil? && !attributes.key?(:'cipherGroup') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :cipherGroup and :cipher_group' if attributes.key?(:'cipherGroup') && attributes.key?(:'cipher_group')

  self.cipher_group = attributes[:'cipher_group'] if attributes[:'cipher_group']
  self.cipher_group = "DEFAULT" if cipher_group.nil? && !attributes.key?(:'cipherGroup') && !attributes.key?(:'cipher_group') # rubocop:disable Style/StringLiterals

  self.load_balancing_method = attributes[:'loadBalancingMethod'] if attributes[:'loadBalancingMethod']

  raise 'You cannot provide both :loadBalancingMethod and :load_balancing_method' if attributes.key?(:'loadBalancingMethod') && attributes.key?(:'load_balancing_method')

  self.load_balancing_method = attributes[:'load_balancing_method'] if attributes[:'load_balancing_method']

  self.websocket_path_prefixes = attributes[:'websocketPathPrefixes'] if attributes[:'websocketPathPrefixes']

  raise 'You cannot provide both :websocketPathPrefixes and :websocket_path_prefixes' if attributes.key?(:'websocketPathPrefixes') && attributes.key?(:'websocket_path_prefixes')

  self.websocket_path_prefixes = attributes[:'websocket_path_prefixes'] if attributes[:'websocket_path_prefixes']

  self.is_sni_enabled = attributes[:'isSniEnabled'] unless attributes[:'isSniEnabled'].nil?
  self.is_sni_enabled = false if is_sni_enabled.nil? && !attributes.key?(:'isSniEnabled') # rubocop:disable Style/StringLiterals

  raise 'You cannot provide both :isSniEnabled and :is_sni_enabled' if attributes.key?(:'isSniEnabled') && attributes.key?(:'is_sni_enabled')

  self.is_sni_enabled = attributes[:'is_sni_enabled'] unless attributes[:'is_sni_enabled'].nil?
  self.is_sni_enabled = false if is_sni_enabled.nil? && !attributes.key?(:'isSniEnabled') && !attributes.key?(:'is_sni_enabled') # rubocop:disable Style/StringLiterals

  self.health_checks = attributes[:'healthChecks'] if attributes[:'healthChecks']

  raise 'You cannot provide both :healthChecks and :health_checks' if attributes.key?(:'healthChecks') && attributes.key?(:'health_checks')

  self.health_checks = attributes[:'health_checks'] if attributes[:'health_checks']
end
swagger_types() click to toggle source

Attribute type mapping.

# File lib/oci/waas/models/policy_config.rb, line 138
def self.swagger_types
  {
    # rubocop:disable Style/SymbolLiteral
    'certificate_id': :'String',
    'is_https_enabled': :'BOOLEAN',
    'is_https_forced': :'BOOLEAN',
    'tls_protocols': :'Array<String>',
    'is_origin_compression_enabled': :'BOOLEAN',
    'is_behind_cdn': :'BOOLEAN',
    'client_address_header': :'String',
    'is_cache_control_respected': :'BOOLEAN',
    'is_response_buffering_enabled': :'BOOLEAN',
    'cipher_group': :'String',
    'load_balancing_method': :'OCI::Waas::Models::LoadBalancingMethod',
    'websocket_path_prefixes': :'Array<String>',
    'is_sni_enabled': :'BOOLEAN',
    'health_checks': :'OCI::Waas::Models::HealthCheck'
    # rubocop:enable Style/SymbolLiteral
  }
end

Public Instance Methods

==(other) click to toggle source

Checks equality by comparing each attribute. @param [Object] other the other object to be compared

# File lib/oci/waas/models/policy_config.rb, line 335
def ==(other)
  return true if equal?(other)

  self.class == other.class &&
    certificate_id == other.certificate_id &&
    is_https_enabled == other.is_https_enabled &&
    is_https_forced == other.is_https_forced &&
    tls_protocols == other.tls_protocols &&
    is_origin_compression_enabled == other.is_origin_compression_enabled &&
    is_behind_cdn == other.is_behind_cdn &&
    client_address_header == other.client_address_header &&
    is_cache_control_respected == other.is_cache_control_respected &&
    is_response_buffering_enabled == other.is_response_buffering_enabled &&
    cipher_group == other.cipher_group &&
    load_balancing_method == other.load_balancing_method &&
    websocket_path_prefixes == other.websocket_path_prefixes &&
    is_sni_enabled == other.is_sni_enabled &&
    health_checks == other.health_checks
end
build_from_hash(attributes) click to toggle source

Builds the object from hash @param [Hash] attributes Model attributes in the form of hash @return [Object] Returns the model itself

# File lib/oci/waas/models/policy_config.rb, line 378
def build_from_hash(attributes)
  return nil unless attributes.is_a?(Hash)

  self.class.swagger_types.each_pair do |key, type|
    if type =~ /^Array<(.*)>/i
      # check to ensure the input is an array given that the the attribute
      # is documented as an array but the input is not
      if attributes[self.class.attribute_map[key]].is_a?(Array)
        public_method("#{key}=").call(
          attributes[self.class.attribute_map[key]]
            .map { |v| OCI::Internal::Util.convert_to_type(Regexp.last_match(1), v) }
        )
      end
    elsif !attributes[self.class.attribute_map[key]].nil?
      public_method("#{key}=").call(
        OCI::Internal::Util.convert_to_type(type, attributes[self.class.attribute_map[key]])
      )
    end
    # or else data not found in attributes(hash), not an issue as the data can be optional
  end

  self
end
cipher_group=(cipher_group) click to toggle source

Custom attribute writer method checking allowed values (enum). @param [Object] cipher_group Object to be assigned

# File lib/oci/waas/models/policy_config.rb, line 319
def cipher_group=(cipher_group)
  # rubocop:disable Style/ConditionalAssignment
  if cipher_group && !CIPHER_GROUP_ENUM.include?(cipher_group)
    OCI.logger.debug("Unknown value for 'cipher_group' [" + cipher_group + "]. Mapping to 'CIPHER_GROUP_UNKNOWN_ENUM_VALUE'") if OCI.logger
    @cipher_group = CIPHER_GROUP_UNKNOWN_ENUM_VALUE
  else
    @cipher_group = cipher_group
  end
  # rubocop:enable Style/ConditionalAssignment
end
client_address_header=(client_address_header) click to toggle source

Custom attribute writer method checking allowed values (enum). @param [Object] client_address_header Object to be assigned

# File lib/oci/waas/models/policy_config.rb, line 306
def client_address_header=(client_address_header)
  # rubocop:disable Style/ConditionalAssignment
  if client_address_header && !CLIENT_ADDRESS_HEADER_ENUM.include?(client_address_header)
    OCI.logger.debug("Unknown value for 'client_address_header' [" + client_address_header + "]. Mapping to 'CLIENT_ADDRESS_HEADER_UNKNOWN_ENUM_VALUE'") if OCI.logger
    @client_address_header = CLIENT_ADDRESS_HEADER_UNKNOWN_ENUM_VALUE
  else
    @client_address_header = client_address_header
  end
  # rubocop:enable Style/ConditionalAssignment
end
eql?(other) click to toggle source

@see the `==` method @param [Object] other the other object to be compared

# File lib/oci/waas/models/policy_config.rb, line 358
def eql?(other)
  self == other
end
hash() click to toggle source

Calculates hash code according to all attributes. @return [Fixnum] Hash code

# File lib/oci/waas/models/policy_config.rb, line 367
def hash
  [certificate_id, is_https_enabled, is_https_forced, tls_protocols, is_origin_compression_enabled, is_behind_cdn, client_address_header, is_cache_control_respected, is_response_buffering_enabled, cipher_group, load_balancing_method, websocket_path_prefixes, is_sni_enabled, health_checks].hash
end
tls_protocols=(tls_protocols) click to toggle source

Custom attribute writer method checking allowed values (enum). @param [Object] tls_protocols Object to be assigned

# File lib/oci/waas/models/policy_config.rb, line 286
def tls_protocols=(tls_protocols)
  # rubocop:disable Style/ConditionalAssignment
  if tls_protocols.nil?
    @tls_protocols = nil
  else
    @tls_protocols =
      tls_protocols.collect do |item|
        if TLS_PROTOCOLS_ENUM.include?(item)
          item
        else
          OCI.logger.debug("Unknown value for 'tls_protocols' [#{item}]. Mapping to 'TLS_PROTOCOLS_UNKNOWN_ENUM_VALUE'") if OCI.logger
          TLS_PROTOCOLS_UNKNOWN_ENUM_VALUE
        end
      end
  end
  # rubocop:enable Style/ConditionalAssignment
end
to_hash() click to toggle source

Returns the object in the form of hash @return [Hash] Returns the object in the form of hash

# File lib/oci/waas/models/policy_config.rb, line 411
def to_hash
  hash = {}
  self.class.attribute_map.each_pair do |attr, param|
    value = public_method(attr).call
    next if value.nil? && !instance_variable_defined?("@#{attr}")

    hash[param] = _to_hash(value)
  end
  hash
end
to_s() click to toggle source

Returns the string representation of the object @return [String] String presentation of the object

# File lib/oci/waas/models/policy_config.rb, line 405
def to_s
  to_hash.to_s
end

Private Instance Methods

_to_hash(value) click to toggle source

Outputs non-array value in the form of hash For object, use to_hash. Otherwise, just return the value @param [Object] value Any valid value @return [Hash] Returns the value in the form of hash

# File lib/oci/waas/models/policy_config.rb, line 428
def _to_hash(value)
  if value.is_a?(Array)
    value.compact.map { |v| _to_hash(v) }
  elsif value.is_a?(Hash)
    {}.tap do |hash|
      value.each { |k, v| hash[k] = _to_hash(v) }
    end
  elsif value.respond_to? :to_hash
    value.to_hash
  else
    value
  end
end