import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * The zia_url_filtering_rules resource manages URL filtering rules in the Zscaler Internet Access (ZIA) cloud service. URL filtering rules define the actions to take when users access URLs that match specific categories, protocols, locations, departments, groups, or users. * * For more information, see the [ZIA URL Filtering documentation](https://help.zscaler.com/zia/url-filtering). * * ## Example Usage * ### Basic URL Filtering Rule * * ```typescript * import * as zia from "@bdzscaler/pulumi-zia"; * * const example = new zia.URLFilteringRule("example", { * name: "Example URL Filtering Rule", * description: "Allow access to business URLs", * order: 1, * state: "ENABLED", * action: "ALLOW", * protocols: ["ANY_RULE"], * urlCategories: ["ANY"], * }); * ``` * * ## Import * * An existing URL Filtering Rule can be imported using its resource ID, e.g. * * ```sh * $ pulumi import zia:index:URLFilteringRule example 12345 * ``` */ export declare class URLFilteringRule extends pulumi.CustomResource { /** * Get an existing URLFilteringRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): URLFilteringRule; /** * Returns true if the given object is an instance of URLFilteringRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is URLFilteringRule; /** * Action taken when traffic matches rule criteria. Valid values: `BLOCK`, `CAUTION`, `ALLOW`, `ISOLATE`. */ readonly action: pulumi.Output; /** * When set to true, a 'BLOCK' action can be overridden. Can only be set when action is 'BLOCK'. */ readonly blockOverride: pulumi.Output; /** * Browser End User Notification template ID. Only applicable when action is 'BLOCK' or 'CAUTION'. */ readonly browserEunTemplateId: pulumi.Output; /** * The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'. */ readonly cbiProfile: pulumi.Output; /** * If set to true, the CIPA Compliance rule is enabled. */ readonly ciparule: pulumi.Output; /** * IDs of departments for which the rule must be applied. */ readonly departments: pulumi.Output; /** * Additional information about the URL filtering rule. Maximum 10240 characters. */ readonly description: pulumi.Output; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ readonly deviceGroups: pulumi.Output; /** * Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`. */ readonly deviceTrustLevels: pulumi.Output; /** * IDs of devices for which the rule must be applied. */ readonly devices: pulumi.Output; /** * URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified. */ readonly endUserNotificationUrl: pulumi.Output; /** * Enforce a set validity time period for the URL filtering rule. */ readonly enforceTimeValidity: pulumi.Output; /** * IDs of groups for which the rule must be applied. */ readonly groups: pulumi.Output; /** * IDs of labels associated with the URL filtering rule. */ readonly labels: pulumi.Output; /** * IDs of location groups to which the rule must be applied. */ readonly locationGroups: pulumi.Output; /** * IDs of locations for which the rule must be applied. */ readonly locations: pulumi.Output; /** * The name of the URL filtering rule. Must be unique. */ readonly name: pulumi.Output; /** * The order of execution of the rule with respect to other URL filtering rules. */ readonly order: pulumi.Output; /** * IDs of groups for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true. */ readonly overrideGroups: pulumi.Output; /** * IDs of users for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true. */ readonly overrideUsers: pulumi.Output; /** * Protocols to which the rule applies. Valid values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `SSL_RULE`. */ readonly protocols: pulumi.Output; /** * Admin rank of the URL filtering policy rule. Valid values: 0-7. Default: 7. */ readonly rank: pulumi.Output; /** * Request methods to which the rule applies. Valid values: `CONNECT`, `DELETE`, `GET`, `HEAD`, `OPTIONS`, `OTHER`, `POST`, `PUT`, `TRACE`. */ readonly requestMethods: pulumi.Output; /** * The system-generated ID of the URL filtering rule. */ readonly ruleId: pulumi.Output; /** * Size quota in MB beyond which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 10-100000. Not applicable when action is 'BLOCK'. */ readonly sizeQuota: pulumi.Output; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ readonly sourceCountries: pulumi.Output; /** * IDs of source IP address groups. */ readonly sourceIpGroups: pulumi.Output; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ readonly state: pulumi.Output; /** * Time quota in minutes, after which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 15-600. Not applicable when action is 'BLOCK'. */ readonly timeQuota: pulumi.Output; /** * IDs of time intervals during which the rule must be enforced. */ readonly timeWindows: pulumi.Output; /** * List of URL categories to which the rule applies. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for available categories. */ readonly urlCategories: pulumi.Output; /** * User agent types the rule applies to. Valid values: `CHROME`, `FIREFOX`, `MSIE`, `MSEDGE`, `MSCHREDGE`, `OPERA`, `SAFARI`, `OTHER`. */ readonly userAgentTypes: pulumi.Output; /** * User risk score levels for the rule. Valid values: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`. */ readonly userRiskScoreLevels: pulumi.Output; /** * IDs of users for which the rule must be applied. */ readonly users: pulumi.Output; /** * If enforceTimeValidity is set to true, the URL filtering rule ceases to be valid on this end date and time (RFC 1123 format). */ readonly validityEndTime: pulumi.Output; /** * If enforceTimeValidity is set to true, the URL filtering rule is valid starting on this date and time (RFC 1123 format). */ readonly validityStartTime: pulumi.Output; /** * If enforceTimeValidity is set to true, the URL filtering rule date and time is valid based on this time zone ID. Use IANA format (e.g. 'America/Los_Angeles'). See https://nodatime.org/TimeZones for the complete list. */ readonly validityTimeZoneId: pulumi.Output; /** * List of preconfigured workload groups to which the policy must be applied. */ readonly workloadGroups: pulumi.Output; /** * Create a URLFilteringRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: URLFilteringRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a URLFilteringRule resource. */ export interface URLFilteringRuleArgs { /** * Action taken when traffic matches rule criteria. Valid values: `BLOCK`, `CAUTION`, `ALLOW`, `ISOLATE`. */ action?: pulumi.Input; /** * When set to true, a 'BLOCK' action can be overridden. Can only be set when action is 'BLOCK'. */ blockOverride?: pulumi.Input; /** * Browser End User Notification template ID. Only applicable when action is 'BLOCK' or 'CAUTION'. */ browserEunTemplateId?: pulumi.Input; /** * The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'. */ cbiProfile?: pulumi.Input; /** * If set to true, the CIPA Compliance rule is enabled. */ ciparule?: pulumi.Input; /** * IDs of departments for which the rule must be applied. */ departments?: pulumi.Input[] | undefined>; /** * Additional information about the URL filtering rule. Maximum 10240 characters. */ description?: pulumi.Input; /** * IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector. */ deviceGroups?: pulumi.Input[] | undefined>; /** * Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`. */ deviceTrustLevels?: pulumi.Input[] | undefined>; /** * IDs of devices for which the rule must be applied. */ devices?: pulumi.Input[] | undefined>; /** * URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified. */ endUserNotificationUrl?: pulumi.Input; /** * Enforce a set validity time period for the URL filtering rule. */ enforceTimeValidity?: pulumi.Input; /** * IDs of groups for which the rule must be applied. */ groups?: pulumi.Input[] | undefined>; /** * IDs of labels associated with the URL filtering rule. */ labels?: pulumi.Input[] | undefined>; /** * IDs of location groups to which the rule must be applied. */ locationGroups?: pulumi.Input[] | undefined>; /** * IDs of locations for which the rule must be applied. */ locations?: pulumi.Input[] | undefined>; /** * The name of the URL filtering rule. Must be unique. */ name: pulumi.Input; /** * The order of execution of the rule with respect to other URL filtering rules. */ order: pulumi.Input; /** * IDs of groups for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true. */ overrideGroups?: pulumi.Input[] | undefined>; /** * IDs of users for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true. */ overrideUsers?: pulumi.Input[] | undefined>; /** * Protocols to which the rule applies. Valid values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `SSL_RULE`. */ protocols?: pulumi.Input[] | undefined>; /** * Admin rank of the URL filtering policy rule. Valid values: 0-7. Default: 7. */ rank?: pulumi.Input; /** * Request methods to which the rule applies. Valid values: `CONNECT`, `DELETE`, `GET`, `HEAD`, `OPTIONS`, `OTHER`, `POST`, `PUT`, `TRACE`. */ requestMethods?: pulumi.Input[] | undefined>; /** * Size quota in MB beyond which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 10-100000. Not applicable when action is 'BLOCK'. */ sizeQuota?: pulumi.Input; /** * Source countries (ISO 3166-1 alpha-2 codes) for the rule. */ sourceCountries?: pulumi.Input[] | undefined>; /** * IDs of source IP address groups. */ sourceIpGroups?: pulumi.Input[] | undefined>; /** * Rule state. Valid values: `ENABLED`, `DISABLED`. */ state?: pulumi.Input; /** * Time quota in minutes, after which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 15-600. Not applicable when action is 'BLOCK'. */ timeQuota?: pulumi.Input; /** * IDs of time intervals during which the rule must be enforced. */ timeWindows?: pulumi.Input[] | undefined>; /** * List of URL categories to which the rule applies. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for available categories. */ urlCategories?: pulumi.Input[] | undefined>; /** * User agent types the rule applies to. Valid values: `CHROME`, `FIREFOX`, `MSIE`, `MSEDGE`, `MSCHREDGE`, `OPERA`, `SAFARI`, `OTHER`. */ userAgentTypes?: pulumi.Input[] | undefined>; /** * User risk score levels for the rule. Valid values: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`. */ userRiskScoreLevels?: pulumi.Input[] | undefined>; /** * IDs of users for which the rule must be applied. */ users?: pulumi.Input[] | undefined>; /** * If enforceTimeValidity is set to true, the URL filtering rule ceases to be valid on this end date and time (RFC 1123 format). */ validityEndTime?: pulumi.Input; /** * If enforceTimeValidity is set to true, the URL filtering rule is valid starting on this date and time (RFC 1123 format). */ validityStartTime?: pulumi.Input; /** * If enforceTimeValidity is set to true, the URL filtering rule date and time is valid based on this time zone ID. Use IANA format (e.g. 'America/Los_Angeles'). See https://nodatime.org/TimeZones for the complete list. */ validityTimeZoneId?: pulumi.Input; /** * List of preconfigured workload groups to which the policy must be applied. */ workloadGroups?: pulumi.Input[] | undefined>; } //# sourceMappingURL=urlfilteringRule.d.ts.map