import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Connect the protected site via CNAME or load balancing, configure access and origin capabilities, and route business traffic to the WAF instance for protection * * ## Import * * ```sh * $ pulumi import volcenginecc:waf/domain:Domain example "domain" * ``` */ export declare class Domain extends pulumi.CustomResource { /** * Get an existing Domain resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: DomainState, opts?: pulumi.CustomResourceOptions): Domain; /** * Returns true if the given object is an instance of Domain. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Domain; /** * Access mode. 10: CNAME access, 11: Layer 7 load balancing (CLB) access. */ readonly accessMode: pulumi.Output; /** * High defense instance IP. Displayed for high-defense WAF access; otherwise blank. */ readonly advancedDefenseIp: pulumi.Output; /** * High defense instance IPv6. Displayed for high-defense WAF access; otherwise blank. */ readonly advancedDefenseIpv6: pulumi.Output; /** * API protection policy enabled. 0: Off, 1: On */ readonly apiEnable: pulumi.Output; /** * Attack status. 0: No attack detected, 1: Attack detected. */ readonly attackStatus: pulumi.Output; /** * Whether to enable intelligent CC protection policy. 0: Disabled, 1: Enabled. */ readonly autoCcEnable: pulumi.Output; /** * Whether to enable automatic blocking. 0: Disabled, 1: Enabled. */ readonly automaticBlackEnable: pulumi.Output; readonly backendGroups: pulumi.Output; /** * Denylist policy enabled. 0: Off, 1: On */ readonly blackIpEnable: pulumi.Output; /** * Whether to enable regional blocking policy. 0: Disabled; 1: Enabled. */ readonly blackLctEnable: pulumi.Output; /** * Dynamic token protection enabled */ readonly botDytokenEnable: pulumi.Output; /** * Bot rate limit policy enabled. * 0: Off * 1: On */ readonly botFrequencyEnable: pulumi.Output; /** * Bot statistics protection policy enabled. * 0: Off * 1: On */ readonly botRepeatEnable: pulumi.Output; /** * Set the default action for the bot behavior map policy. Effective when BotSequenceEnable = 1 is enabled. Default is 0 (Observe). * 0: Observe * 2: Intercept * 6: JS Challenge * 7: CAPTCHA. */ readonly botSequenceDefaultAction: pulumi.Output; /** * Whether to enable bot behavior map. * 0: Off * 1: On. */ readonly botSequenceEnable: pulumi.Output; /** * Whether to enable CC protection policy. * 0: Disabled * 1: Enabled. */ readonly ccEnable: pulumi.Output; /** * Certificate ID managed in Certificate Center */ readonly certificateId: pulumi.Output; /** * Certificate name. Displayed when protocol type includes HTTPS. */ readonly certificateName: pulumi.Output; /** * Certificate hosting platform: waf/certificate_service. */ readonly certificatePlatform: pulumi.Output; /** * CLB instance ID. */ readonly clbInstanceIds: pulumi.Output; /** * CLB listener ID. */ readonly clbListenerId: pulumi.Output; /** * CLB backend server group ID. */ readonly clbPoolId: pulumi.Output; /** * CLB backend server ID */ readonly clbServerId: pulumi.Output; /** * Client IP acquisition method. 0: Custom header field, 1: Use the first public IP address in the X-Forwarded-For (XFF) field as the real client IP address. */ readonly clientIpLocation: pulumi.Output; /** * Maximum client request body size (MB). */ readonly clientMaxBodySize: pulumi.Output; readonly cloudAccessConfigs: pulumi.Output; /** * CNAME record. */ readonly cname: pulumi.Output; /** * Whether to enable custom bot protection. */ readonly customBotEnable: pulumi.Output; /** * Custom header. */ readonly customHeaders: pulumi.Output; /** * Whether to enable custom response. */ readonly customRspEnable: pulumi.Output; /** * Custom SNI. */ readonly customSni: pulumi.Output; /** * Set protection mode for exception ALB instances. * 1: Enable protection. The configured protection policies take effect. * 2: Pause protection. Only forwarding is performed without inspection; the configured protection policies do not take effect. * 3: Origin mode. Requests are sent directly to the origin server and are no longer forwarded to the WAF instance. * After configuring exception protection instances, the domain may also have the following protection statuses: * 5: Partially enabled. The default protection mode is enabled, but some exception instances are in paused protection or origin mode. * 6: Partially paused. The default protection mode is paused, but some exception instances are in enabled protection or origin mode. * 7: Partially origin. The default protection mode is origin mode, but some exception instances are in enabled protection or paused protection. */ readonly defenceMode: pulumi.Output; /** * Data leakage protection enabled */ readonly dlpEnable: pulumi.Output; /** * Protected domain information. Supports wildcard and exact domains */ readonly domain: pulumi.Output; /** * User-defined redirection enabled. 0: Off, 1: On */ readonly enableCustomRedirect: pulumi.Output; /** * Whether to enable HTTP/2.0. 0: Disabled, 1: Enabled. */ readonly enableHttp2: pulumi.Output; /** * IPv6 request protection supported. 0: Off, 1: On */ readonly enableIpv6: pulumi.Output; /** * Whether to enable SNI configuration. 0: Off, 1: On. */ readonly enableSni: pulumi.Output; /** * Persistent connection reuse count */ readonly keepAliveRequest: pulumi.Output; /** * Persistent connection keep-alive time (seconds) */ readonly keepAliveTimeout: pulumi.Output; /** * Load balancing algorithm type. wrr: Weighted round robin, wlc: Weighted least connections, sh: Source address hash. */ readonly lbAlgorithm: pulumi.Output; /** * Port number */ readonly port: pulumi.Output; /** * Project name. */ readonly projectName: pulumi.Output; /** * Protocol following enabled. 0: Off, 1: On */ readonly protocolFollow: pulumi.Output; /** * Access port information */ readonly protocolPorts: pulumi.Output; /** * Access protocol type: supports HTTP/HTTPS */ readonly protocols: pulumi.Output; /** * Proxy configuration enabled. 0: Off, 1: On */ readonly proxyConfig: pulumi.Output; /** * Connection timeout between WAF and backend server (seconds). */ readonly proxyConnectTimeout: pulumi.Output; /** * Number of reusable WAF origin persistent connections. */ readonly proxyKeepAlive: pulumi.Output; /** * Idle persistent connection timeout (seconds) */ readonly proxyKeepAliveTimeout: pulumi.Output; /** * Timeout for WAF to read response from backend server (seconds). */ readonly proxyReadTimeout: pulumi.Output; /** * WAF origin retry count. */ readonly proxyRetry: pulumi.Output; /** * Timeout for WAF to transmit request to backend server (seconds). */ readonly proxyWriteTimeout: pulumi.Output; /** * CNAME access origin method. 0: Private network origin, 1: Public network origin. */ readonly publicRealServer: pulumi.Output; /** * Whether to enable abnormal response protection. */ readonly rspAbnormalEnable: pulumi.Output; /** * Service IP */ readonly serverIps: pulumi.Output; /** * WAF origin IP. */ readonly srcIps: pulumi.Output; /** * Origin protocol. */ readonly srcProtocol: pulumi.Output; /** * Cipher suite */ readonly sslCiphers: pulumi.Output; /** * TLS protocol version. For example: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 */ readonly sslProtocols: pulumi.Output; /** * Access status. 0: Normal, 1: DNS not resolved, 2: Configuring, 3: Configuration failed, 4: Configuration not effective, 5: Updating, 6: Instance deleted. */ readonly status: pulumi.Output; /** * Whether to enable managed bot protection. */ readonly systemBotEnable: pulumi.Output; /** * Whether to enable anti-tampering. */ readonly tamperProofEnable: pulumi.Output; readonly tcpListenerConfigs: pulumi.Output; /** * Log service enabled. 0: Off, 1: On */ readonly tlsEnable: pulumi.Output; /** * Log field configuration details */ readonly tlsFieldsConfig: pulumi.Output; /** * Update time */ readonly updateTime: pulumi.Output; /** * VPC ID。 */ readonly vpcId: pulumi.Output; /** * WAF protection enabled */ readonly wafEnable: pulumi.Output; /** * Allowlist request protection enabled */ readonly wafWhiteReqEnable: pulumi.Output; /** * Whether to enable allowlist protection. */ readonly whiteEnable: pulumi.Output; /** * Field allowlist protection enabled */ readonly whiteFieldEnable: pulumi.Output; /** * Create a Domain resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: DomainArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Domain resources. */ export interface DomainState { /** * Access mode. 10: CNAME access, 11: Layer 7 load balancing (CLB) access. */ accessMode?: pulumi.Input; /** * High defense instance IP. Displayed for high-defense WAF access; otherwise blank. */ advancedDefenseIp?: pulumi.Input; /** * High defense instance IPv6. Displayed for high-defense WAF access; otherwise blank. */ advancedDefenseIpv6?: pulumi.Input; /** * API protection policy enabled. 0: Off, 1: On */ apiEnable?: pulumi.Input; /** * Attack status. 0: No attack detected, 1: Attack detected. */ attackStatus?: pulumi.Input; /** * Whether to enable intelligent CC protection policy. 0: Disabled, 1: Enabled. */ autoCcEnable?: pulumi.Input; /** * Whether to enable automatic blocking. 0: Disabled, 1: Enabled. */ automaticBlackEnable?: pulumi.Input; backendGroups?: pulumi.Input[]>; /** * Denylist policy enabled. 0: Off, 1: On */ blackIpEnable?: pulumi.Input; /** * Whether to enable regional blocking policy. 0: Disabled; 1: Enabled. */ blackLctEnable?: pulumi.Input; /** * Dynamic token protection enabled */ botDytokenEnable?: pulumi.Input; /** * Bot rate limit policy enabled. * 0: Off * 1: On */ botFrequencyEnable?: pulumi.Input; /** * Bot statistics protection policy enabled. * 0: Off * 1: On */ botRepeatEnable?: pulumi.Input; /** * Set the default action for the bot behavior map policy. Effective when BotSequenceEnable = 1 is enabled. Default is 0 (Observe). * 0: Observe * 2: Intercept * 6: JS Challenge * 7: CAPTCHA. */ botSequenceDefaultAction?: pulumi.Input; /** * Whether to enable bot behavior map. * 0: Off * 1: On. */ botSequenceEnable?: pulumi.Input; /** * Whether to enable CC protection policy. * 0: Disabled * 1: Enabled. */ ccEnable?: pulumi.Input; /** * Certificate ID managed in Certificate Center */ certificateId?: pulumi.Input; /** * Certificate name. Displayed when protocol type includes HTTPS. */ certificateName?: pulumi.Input; /** * Certificate hosting platform: waf/certificate_service. */ certificatePlatform?: pulumi.Input; /** * CLB instance ID. */ clbInstanceIds?: pulumi.Input; /** * CLB listener ID. */ clbListenerId?: pulumi.Input; /** * CLB backend server group ID. */ clbPoolId?: pulumi.Input; /** * CLB backend server ID */ clbServerId?: pulumi.Input; /** * Client IP acquisition method. 0: Custom header field, 1: Use the first public IP address in the X-Forwarded-For (XFF) field as the real client IP address. */ clientIpLocation?: pulumi.Input; /** * Maximum client request body size (MB). */ clientMaxBodySize?: pulumi.Input; cloudAccessConfigs?: pulumi.Input[]>; /** * CNAME record. */ cname?: pulumi.Input; /** * Whether to enable custom bot protection. */ customBotEnable?: pulumi.Input; /** * Custom header. */ customHeaders?: pulumi.Input[]>; /** * Whether to enable custom response. */ customRspEnable?: pulumi.Input; /** * Custom SNI. */ customSni?: pulumi.Input; /** * Set protection mode for exception ALB instances. * 1: Enable protection. The configured protection policies take effect. * 2: Pause protection. Only forwarding is performed without inspection; the configured protection policies do not take effect. * 3: Origin mode. Requests are sent directly to the origin server and are no longer forwarded to the WAF instance. * After configuring exception protection instances, the domain may also have the following protection statuses: * 5: Partially enabled. The default protection mode is enabled, but some exception instances are in paused protection or origin mode. * 6: Partially paused. The default protection mode is paused, but some exception instances are in enabled protection or origin mode. * 7: Partially origin. The default protection mode is origin mode, but some exception instances are in enabled protection or paused protection. */ defenceMode?: pulumi.Input; /** * Data leakage protection enabled */ dlpEnable?: pulumi.Input; /** * Protected domain information. Supports wildcard and exact domains */ domain?: pulumi.Input; /** * User-defined redirection enabled. 0: Off, 1: On */ enableCustomRedirect?: pulumi.Input; /** * Whether to enable HTTP/2.0. 0: Disabled, 1: Enabled. */ enableHttp2?: pulumi.Input; /** * IPv6 request protection supported. 0: Off, 1: On */ enableIpv6?: pulumi.Input; /** * Whether to enable SNI configuration. 0: Off, 1: On. */ enableSni?: pulumi.Input; /** * Persistent connection reuse count */ keepAliveRequest?: pulumi.Input; /** * Persistent connection keep-alive time (seconds) */ keepAliveTimeout?: pulumi.Input; /** * Load balancing algorithm type. wrr: Weighted round robin, wlc: Weighted least connections, sh: Source address hash. */ lbAlgorithm?: pulumi.Input; /** * Port number */ port?: pulumi.Input; /** * Project name. */ projectName?: pulumi.Input; /** * Protocol following enabled. 0: Off, 1: On */ protocolFollow?: pulumi.Input; /** * Access port information */ protocolPorts?: pulumi.Input; /** * Access protocol type: supports HTTP/HTTPS */ protocols?: pulumi.Input[]>; /** * Proxy configuration enabled. 0: Off, 1: On */ proxyConfig?: pulumi.Input; /** * Connection timeout between WAF and backend server (seconds). */ proxyConnectTimeout?: pulumi.Input; /** * Number of reusable WAF origin persistent connections. */ proxyKeepAlive?: pulumi.Input; /** * Idle persistent connection timeout (seconds) */ proxyKeepAliveTimeout?: pulumi.Input; /** * Timeout for WAF to read response from backend server (seconds). */ proxyReadTimeout?: pulumi.Input; /** * WAF origin retry count. */ proxyRetry?: pulumi.Input; /** * Timeout for WAF to transmit request to backend server (seconds). */ proxyWriteTimeout?: pulumi.Input; /** * CNAME access origin method. 0: Private network origin, 1: Public network origin. */ publicRealServer?: pulumi.Input; /** * Whether to enable abnormal response protection. */ rspAbnormalEnable?: pulumi.Input; /** * Service IP */ serverIps?: pulumi.Input; /** * WAF origin IP. */ srcIps?: pulumi.Input; /** * Origin protocol. */ srcProtocol?: pulumi.Input; /** * Cipher suite */ sslCiphers?: pulumi.Input[]>; /** * TLS protocol version. For example: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 */ sslProtocols?: pulumi.Input[]>; /** * Access status. 0: Normal, 1: DNS not resolved, 2: Configuring, 3: Configuration failed, 4: Configuration not effective, 5: Updating, 6: Instance deleted. */ status?: pulumi.Input; /** * Whether to enable managed bot protection. */ systemBotEnable?: pulumi.Input; /** * Whether to enable anti-tampering. */ tamperProofEnable?: pulumi.Input; tcpListenerConfigs?: pulumi.Input[]>; /** * Log service enabled. 0: Off, 1: On */ tlsEnable?: pulumi.Input; /** * Log field configuration details */ tlsFieldsConfig?: pulumi.Input; /** * Update time */ updateTime?: pulumi.Input; /** * VPC ID。 */ vpcId?: pulumi.Input; /** * WAF protection enabled */ wafEnable?: pulumi.Input; /** * Allowlist request protection enabled */ wafWhiteReqEnable?: pulumi.Input; /** * Whether to enable allowlist protection. */ whiteEnable?: pulumi.Input; /** * Field allowlist protection enabled */ whiteFieldEnable?: pulumi.Input; } /** * The set of arguments for constructing a Domain resource. */ export interface DomainArgs { /** * Access mode. 10: CNAME access, 11: Layer 7 load balancing (CLB) access. */ accessMode: pulumi.Input; /** * API protection policy enabled. 0: Off, 1: On */ apiEnable?: pulumi.Input; /** * Whether to enable intelligent CC protection policy. 0: Disabled, 1: Enabled. */ autoCcEnable?: pulumi.Input; backendGroups?: pulumi.Input[]>; /** * Denylist policy enabled. 0: Off, 1: On */ blackIpEnable?: pulumi.Input; /** * Whether to enable regional blocking policy. 0: Disabled; 1: Enabled. */ blackLctEnable?: pulumi.Input; /** * Dynamic token protection enabled */ botDytokenEnable?: pulumi.Input; /** * Bot rate limit policy enabled. * 0: Off * 1: On */ botFrequencyEnable?: pulumi.Input; /** * Bot statistics protection policy enabled. * 0: Off * 1: On */ botRepeatEnable?: pulumi.Input; /** * Set the default action for the bot behavior map policy. Effective when BotSequenceEnable = 1 is enabled. Default is 0 (Observe). * 0: Observe * 2: Intercept * 6: JS Challenge * 7: CAPTCHA. */ botSequenceDefaultAction?: pulumi.Input; /** * Whether to enable bot behavior map. * 0: Off * 1: On. */ botSequenceEnable?: pulumi.Input; /** * Whether to enable CC protection policy. * 0: Disabled * 1: Enabled. */ ccEnable?: pulumi.Input; /** * Certificate ID managed in Certificate Center */ certificateId?: pulumi.Input; /** * Certificate hosting platform: waf/certificate_service. */ certificatePlatform?: pulumi.Input; /** * Client IP acquisition method. 0: Custom header field, 1: Use the first public IP address in the X-Forwarded-For (XFF) field as the real client IP address. */ clientIpLocation?: pulumi.Input; /** * Maximum client request body size (MB). */ clientMaxBodySize?: pulumi.Input; cloudAccessConfigs?: pulumi.Input[]>; /** * Whether to enable custom bot protection. */ customBotEnable?: pulumi.Input; /** * Custom header. */ customHeaders?: pulumi.Input[]>; /** * Whether to enable custom response. */ customRspEnable?: pulumi.Input; /** * Custom SNI. */ customSni?: pulumi.Input; /** * Set protection mode for exception ALB instances. * 1: Enable protection. The configured protection policies take effect. * 2: Pause protection. Only forwarding is performed without inspection; the configured protection policies do not take effect. * 3: Origin mode. Requests are sent directly to the origin server and are no longer forwarded to the WAF instance. * After configuring exception protection instances, the domain may also have the following protection statuses: * 5: Partially enabled. The default protection mode is enabled, but some exception instances are in paused protection or origin mode. * 6: Partially paused. The default protection mode is paused, but some exception instances are in enabled protection or origin mode. * 7: Partially origin. The default protection mode is origin mode, but some exception instances are in enabled protection or paused protection. */ defenceMode?: pulumi.Input; /** * Data leakage protection enabled */ dlpEnable?: pulumi.Input; /** * Protected domain information. Supports wildcard and exact domains */ domain: pulumi.Input; /** * User-defined redirection enabled. 0: Off, 1: On */ enableCustomRedirect?: pulumi.Input; /** * Whether to enable HTTP/2.0. 0: Disabled, 1: Enabled. */ enableHttp2?: pulumi.Input; /** * IPv6 request protection supported. 0: Off, 1: On */ enableIpv6?: pulumi.Input; /** * Whether to enable SNI configuration. 0: Off, 1: On. */ enableSni?: pulumi.Input; /** * Persistent connection reuse count */ keepAliveRequest?: pulumi.Input; /** * Persistent connection keep-alive time (seconds) */ keepAliveTimeout?: pulumi.Input; /** * Load balancing algorithm type. wrr: Weighted round robin, wlc: Weighted least connections, sh: Source address hash. */ lbAlgorithm?: pulumi.Input; /** * Project name. */ projectName?: pulumi.Input; /** * Protocol following enabled. 0: Off, 1: On */ protocolFollow?: pulumi.Input; /** * Access port information */ protocolPorts?: pulumi.Input; /** * Access protocol type: supports HTTP/HTTPS */ protocols?: pulumi.Input[]>; /** * Proxy configuration enabled. 0: Off, 1: On */ proxyConfig?: pulumi.Input; /** * Connection timeout between WAF and backend server (seconds). */ proxyConnectTimeout?: pulumi.Input; /** * Number of reusable WAF origin persistent connections. */ proxyKeepAlive?: pulumi.Input; /** * Idle persistent connection timeout (seconds) */ proxyKeepAliveTimeout?: pulumi.Input; /** * Timeout for WAF to read response from backend server (seconds). */ proxyReadTimeout?: pulumi.Input; /** * WAF origin retry count. */ proxyRetry?: pulumi.Input; /** * Timeout for WAF to transmit request to backend server (seconds). */ proxyWriteTimeout?: pulumi.Input; /** * CNAME access origin method. 0: Private network origin, 1: Public network origin. */ publicRealServer?: pulumi.Input; /** * Cipher suite */ sslCiphers?: pulumi.Input[]>; /** * TLS protocol version. For example: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 */ sslProtocols?: pulumi.Input[]>; /** * Whether to enable managed bot protection. */ systemBotEnable?: pulumi.Input; /** * Whether to enable anti-tampering. */ tamperProofEnable?: pulumi.Input; /** * Log service enabled. 0: Off, 1: On */ tlsEnable?: pulumi.Input; /** * Log field configuration details */ tlsFieldsConfig?: pulumi.Input; /** * VPC ID。 */ vpcId?: pulumi.Input; /** * WAF protection enabled */ wafEnable?: pulumi.Input; /** * Allowlist request protection enabled */ wafWhiteReqEnable?: pulumi.Input; /** * Whether to enable allowlist protection. */ whiteEnable?: pulumi.Input; /** * Field allowlist protection enabled */ whiteFieldEnable?: pulumi.Input; }