import * as pulumi from "@pulumi/pulumi"; /** * The zia_advanced_settings resource manages advanced settings in the Zscaler Internet Access (ZIA) cloud service. This singleton resource controls a wide range of advanced proxy, authentication, DNS resolution, and security settings including domain fronting protection, HTTP tunnel tracking, surrogate IP enforcement, and session timeout configuration. * * For more information, see the [ZIA Advanced Settings documentation](https://help.zscaler.com/zia/advanced-settings). * * ## Example Usage * ### Basic Advanced Settings * * ```typescript * import * as zia from "@bdzscaler/pulumi-zia"; * * const example = new zia.AdvancedSettings("example", { * enableOffice365: true, * logInternalIp: true, * blockHttpTunnelOnNonHttpPorts: true, * blockDomainFrontingOnHostHeader: true, * authBypassUrls: [".example.com"], * }); * ``` * * ## Import * * This is a singleton resource and does not support traditional import. It is automatically managed by the provider. */ export declare class AdvancedSettings extends pulumi.CustomResource { /** * Get an existing AdvancedSettings resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): AdvancedSettings; /** * Returns true if the given object is an instance of AdvancedSettings. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AdvancedSettings; /** * Cloud applications that bypass authentication. */ readonly authBypassApps: pulumi.Output; /** * URL categories that bypass authentication. */ readonly authBypassUrlCategories: pulumi.Output; /** * URLs that bypass authentication. */ readonly authBypassUrls: pulumi.Output; /** * Cloud applications that bypass basic authentication. */ readonly basicBypassApps: pulumi.Output; /** * URL categories that bypass basic authentication. */ readonly basicBypassUrlCategories: pulumi.Output; /** * Block connections where CONNECT host and SNI mismatch. */ readonly blockConnectHostSniMismatch: pulumi.Output; /** * Cloud applications for which domain fronting is blocked. */ readonly blockDomainFrontingApps: pulumi.Output; /** * Block domain fronting when the host header mismatches the SNI. */ readonly blockDomainFrontingOnHostHeader: pulumi.Output; /** * Block HTTP tunnels on non-HTTP ports. */ readonly blockHttpTunnelOnNonHttpPorts: pulumi.Output; /** * Block non-compliant HTTP requests on HTTP ports. */ readonly blockNonCompliantHttpRequestOnHttpPorts: pulumi.Output; /** * Block non-HTTP traffic on HTTP ports. */ readonly blockNonHttpOnHttpPortEnabled: pulumi.Output; /** * Enable cascading URL filtering. */ readonly cascadeUrlFiltering: pulumi.Output; /** * Cloud applications that bypass digest authentication. */ readonly digestAuthBypassApps: pulumi.Output; /** * URL categories that bypass digest authentication. */ readonly digestAuthBypassUrlCategories: pulumi.Output; /** * URLs that bypass digest authentication. */ readonly digestAuthBypassUrls: pulumi.Output; /** * Cloud applications with DNS resolution on transparent proxy enabled. */ readonly dnsResolutionOnTransparentProxyApps: pulumi.Output; /** * Cloud applications exempt from DNS resolution on transparent proxy. */ readonly dnsResolutionOnTransparentProxyExemptApps: pulumi.Output; /** * URL categories exempt from DNS resolution on transparent proxy. */ readonly dnsResolutionOnTransparentProxyExemptUrlCategories: pulumi.Output; /** * URLs exempt from DNS resolution on transparent proxy. */ readonly dnsResolutionOnTransparentProxyExemptUrls: pulumi.Output; /** * Cloud applications with IPv6 DNS resolution on transparent proxy enabled. */ readonly dnsResolutionOnTransparentProxyIpv6Apps: pulumi.Output; /** * Cloud applications exempt from IPv6 DNS resolution on transparent proxy. */ readonly dnsResolutionOnTransparentProxyIpv6ExemptApps: pulumi.Output; /** * URL categories exempt from IPv6 DNS resolution on transparent proxy. */ readonly dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories: pulumi.Output; /** * URL categories with IPv6 DNS resolution on transparent proxy enabled. */ readonly dnsResolutionOnTransparentProxyIpv6UrlCategories: pulumi.Output; /** * URL categories with DNS resolution on transparent proxy enabled. */ readonly dnsResolutionOnTransparentProxyUrlCategories: pulumi.Output; /** * URLs with DNS resolution on transparent proxy enabled. */ readonly dnsResolutionOnTransparentProxyUrls: pulumi.Output; /** * URL categories that bypass domain fronting detection. */ readonly domainFrontingBypassUrlCategories: pulumi.Output; /** * Enable dynamic user risk scoring. */ readonly dynamicUserRiskEnabled: pulumi.Output; /** * Enable EDNS Client Subnet (ECS) for all DNS queries. */ readonly ecsForAllEnabled: pulumi.Output; /** * Enable admin rank-based access control. */ readonly enableAdminRankAccess: pulumi.Output; /** * Enable DNS resolution on transparent proxy. */ readonly enableDnsResolutionOnTransparentProxy: pulumi.Output; /** * Enable policy evaluation on global SSL bypass. */ readonly enableEvaluatePolicyOnGlobalSslBypass: pulumi.Output; /** * Enable IPv6 DNS optimization on all transparent proxy connections. */ readonly enableIpv6DnsOptimizationOnAllTransparentProxy: pulumi.Output; /** * Enable IPv6 DNS resolution on transparent proxy. */ readonly enableIpv6DnsResolutionOnTransparentProxy: pulumi.Output; /** * Enable Office 365 one-click configuration. */ readonly enableOffice365: pulumi.Output; /** * Enable policy evaluation for unauthenticated traffic. */ readonly enablePolicyForUnauthenticatedTraffic: pulumi.Output; /** * Enforce surrogate IP for Windows applications. */ readonly enforceSurrogateIpForWindowsApp: pulumi.Output; /** * Enable HTTP/2 for non-browser traffic. */ readonly http2NonbrowserTrafficEnabled: pulumi.Output; /** * URL categories for which HTTP range headers are removed. */ readonly httpRangeHeaderRemoveUrlCategories: pulumi.Output; /** * Cloud applications that bypass Kerberos authentication. */ readonly kerberosBypassApps: pulumi.Output; /** * URL categories that bypass Kerberos authentication. */ readonly kerberosBypassUrlCategories: pulumi.Output; /** * URLs that bypass Kerberos authentication. */ readonly kerberosBypassUrls: pulumi.Output; /** * Enable logging of internal IP addresses. */ readonly logInternalIp: pulumi.Output; /** * Prefer SNI over CONNECT host header for policy evaluation. */ readonly preferSniOverConnHost: pulumi.Output; /** * Cloud applications that prefer SNI over CONNECT host header. */ readonly preferSniOverConnHostApps: pulumi.Output; /** * The internal resource identifier for the advanced settings. */ readonly resourceId: pulumi.Output; /** * Enable X-Forwarded-For header for SIPA traffic. */ readonly sipaXffHeaderEnabled: pulumi.Output; /** * URL categories that bypass SNI/DNS optimization. */ readonly sniDnsOptimizationBypassUrlCategories: pulumi.Output; /** * Track HTTP tunnels on HTTP ports. */ readonly trackHttpTunnelOnHttpPorts: pulumi.Output; /** * UI session timeout in minutes. */ readonly uiSessionTimeout: pulumi.Output; /** * Include Zscaler Client Connector and PAC road warrior traffic in firewall policy. */ readonly zscalerClientConnector1AndPacRoadWarriorInFirewall: pulumi.Output; /** * Create a AdvancedSettings resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: AdvancedSettingsArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a AdvancedSettings resource. */ export interface AdvancedSettingsArgs { /** * Cloud applications that bypass authentication. */ authBypassApps?: pulumi.Input[] | undefined>; /** * URL categories that bypass authentication. */ authBypassUrlCategories?: pulumi.Input[] | undefined>; /** * URLs that bypass authentication. */ authBypassUrls?: pulumi.Input[] | undefined>; /** * Cloud applications that bypass basic authentication. */ basicBypassApps?: pulumi.Input[] | undefined>; /** * URL categories that bypass basic authentication. */ basicBypassUrlCategories?: pulumi.Input[] | undefined>; /** * Block connections where CONNECT host and SNI mismatch. */ blockConnectHostSniMismatch?: pulumi.Input; /** * Cloud applications for which domain fronting is blocked. */ blockDomainFrontingApps?: pulumi.Input[] | undefined>; /** * Block domain fronting when the host header mismatches the SNI. */ blockDomainFrontingOnHostHeader?: pulumi.Input; /** * Block HTTP tunnels on non-HTTP ports. */ blockHttpTunnelOnNonHttpPorts?: pulumi.Input; /** * Block non-compliant HTTP requests on HTTP ports. */ blockNonCompliantHttpRequestOnHttpPorts?: pulumi.Input; /** * Block non-HTTP traffic on HTTP ports. */ blockNonHttpOnHttpPortEnabled?: pulumi.Input; /** * Enable cascading URL filtering. */ cascadeUrlFiltering?: pulumi.Input; /** * Cloud applications that bypass digest authentication. */ digestAuthBypassApps?: pulumi.Input[] | undefined>; /** * URL categories that bypass digest authentication. */ digestAuthBypassUrlCategories?: pulumi.Input[] | undefined>; /** * URLs that bypass digest authentication. */ digestAuthBypassUrls?: pulumi.Input[] | undefined>; /** * Cloud applications with DNS resolution on transparent proxy enabled. */ dnsResolutionOnTransparentProxyApps?: pulumi.Input[] | undefined>; /** * Cloud applications exempt from DNS resolution on transparent proxy. */ dnsResolutionOnTransparentProxyExemptApps?: pulumi.Input[] | undefined>; /** * URL categories exempt from DNS resolution on transparent proxy. */ dnsResolutionOnTransparentProxyExemptUrlCategories?: pulumi.Input[] | undefined>; /** * URLs exempt from DNS resolution on transparent proxy. */ dnsResolutionOnTransparentProxyExemptUrls?: pulumi.Input[] | undefined>; /** * Cloud applications with IPv6 DNS resolution on transparent proxy enabled. */ dnsResolutionOnTransparentProxyIpv6Apps?: pulumi.Input[] | undefined>; /** * Cloud applications exempt from IPv6 DNS resolution on transparent proxy. */ dnsResolutionOnTransparentProxyIpv6ExemptApps?: pulumi.Input[] | undefined>; /** * URL categories exempt from IPv6 DNS resolution on transparent proxy. */ dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories?: pulumi.Input[] | undefined>; /** * URL categories with IPv6 DNS resolution on transparent proxy enabled. */ dnsResolutionOnTransparentProxyIpv6UrlCategories?: pulumi.Input[] | undefined>; /** * URL categories with DNS resolution on transparent proxy enabled. */ dnsResolutionOnTransparentProxyUrlCategories?: pulumi.Input[] | undefined>; /** * URLs with DNS resolution on transparent proxy enabled. */ dnsResolutionOnTransparentProxyUrls?: pulumi.Input[] | undefined>; /** * URL categories that bypass domain fronting detection. */ domainFrontingBypassUrlCategories?: pulumi.Input[] | undefined>; /** * Enable dynamic user risk scoring. */ dynamicUserRiskEnabled?: pulumi.Input; /** * Enable EDNS Client Subnet (ECS) for all DNS queries. */ ecsForAllEnabled?: pulumi.Input; /** * Enable admin rank-based access control. */ enableAdminRankAccess?: pulumi.Input; /** * Enable DNS resolution on transparent proxy. */ enableDnsResolutionOnTransparentProxy?: pulumi.Input; /** * Enable policy evaluation on global SSL bypass. */ enableEvaluatePolicyOnGlobalSslBypass?: pulumi.Input; /** * Enable IPv6 DNS optimization on all transparent proxy connections. */ enableIpv6DnsOptimizationOnAllTransparentProxy?: pulumi.Input; /** * Enable IPv6 DNS resolution on transparent proxy. */ enableIpv6DnsResolutionOnTransparentProxy?: pulumi.Input; /** * Enable Office 365 one-click configuration. */ enableOffice365?: pulumi.Input; /** * Enable policy evaluation for unauthenticated traffic. */ enablePolicyForUnauthenticatedTraffic?: pulumi.Input; /** * Enforce surrogate IP for Windows applications. */ enforceSurrogateIpForWindowsApp?: pulumi.Input; /** * Enable HTTP/2 for non-browser traffic. */ http2NonbrowserTrafficEnabled?: pulumi.Input; /** * URL categories for which HTTP range headers are removed. */ httpRangeHeaderRemoveUrlCategories?: pulumi.Input[] | undefined>; /** * Cloud applications that bypass Kerberos authentication. */ kerberosBypassApps?: pulumi.Input[] | undefined>; /** * URL categories that bypass Kerberos authentication. */ kerberosBypassUrlCategories?: pulumi.Input[] | undefined>; /** * URLs that bypass Kerberos authentication. */ kerberosBypassUrls?: pulumi.Input[] | undefined>; /** * Enable logging of internal IP addresses. */ logInternalIp?: pulumi.Input; /** * Prefer SNI over CONNECT host header for policy evaluation. */ preferSniOverConnHost?: pulumi.Input; /** * Cloud applications that prefer SNI over CONNECT host header. */ preferSniOverConnHostApps?: pulumi.Input[] | undefined>; /** * Enable X-Forwarded-For header for SIPA traffic. */ sipaXffHeaderEnabled?: pulumi.Input; /** * URL categories that bypass SNI/DNS optimization. */ sniDnsOptimizationBypassUrlCategories?: pulumi.Input[] | undefined>; /** * Track HTTP tunnels on HTTP ports. */ trackHttpTunnelOnHttpPorts?: pulumi.Input; /** * UI session timeout in minutes. */ uiSessionTimeout?: pulumi.Input; /** * Include Zscaler Client Connector and PAC road warrior traffic in firewall policy. */ zscalerClientConnector1AndPacRoadWarriorInFirewall?: pulumi.Input; } //# sourceMappingURL=advancedSettings.d.ts.map