|
| 1 | +--- |
| 2 | +layout: "wallarm" |
| 3 | +page_title: "Wallarm: wallarm_rules_settings" |
| 4 | +subcategory: "Common" |
| 5 | +description: |- |
| 6 | + Provides the resource to manage rules settings of the company. |
| 7 | +--- |
| 8 | + |
| 9 | +# wallarm_rules_settings |
| 10 | + |
| 11 | +Provides the resource to manage rules settings of the company. |
| 12 | + |
| 13 | +## Duplicates |
| 14 | +Every client can have only one wallarm_rules_settings resource. |
| 15 | +Unfortunately, terraform doesn't support singleton resources. |
| 16 | +Therefore, you must ensure that there is no more than one resource per client in your configuration. |
| 17 | +Otherwise, the terraform provider will merge them and send them as one resource. Priority for identical fields will be random. |
| 18 | + |
| 19 | +Let's break down the merge rules using the following configuration: |
| 20 | +```hcl |
| 21 | +# default client_id = 1 |
| 22 | +
|
| 23 | +resource "wallarm_rules_settings" "rules_settings1" { |
| 24 | + min_lom_format = 50 |
| 25 | + max_lom_format = 70 |
| 26 | +} |
| 27 | +
|
| 28 | +resource "wallarm_rules_settings" "rules_settings2" { |
| 29 | + min_lom_format = 51 |
| 30 | + max_lom_size = 10000000 |
| 31 | +} |
| 32 | +
|
| 33 | +resource "wallarm_rules_settings" "rules_settings3" { |
| 34 | + client_id = 1 |
| 35 | + min_lom_format = 52 |
| 36 | +} |
| 37 | +
|
| 38 | +resource "wallarm_rules_settings" "rules_settings4" { |
| 39 | + client_id = 2 |
| 40 | + min_lom_format = 53 |
| 41 | +} |
| 42 | +
|
| 43 | +resource "wallarm_rules_settings" "rules_settings5" { |
| 44 | + client_id = 2 |
| 45 | + min_lom_format = 54 |
| 46 | +} |
| 47 | +
|
| 48 | +resource "wallarm_rules_settings" "rules_settings6" { |
| 49 | + client_id = 3 |
| 50 | + min_lom_format = 55 |
| 51 | +} |
| 52 | +``` |
| 53 | + |
| 54 | +The provider will merge them inside and the final configuration will be equivalent to: |
| 55 | +```hcl |
| 56 | +# based on rules_settings1, rules_settings2 and rules_settings3 |
| 57 | +resource "wallarm_rules_settings" "new_rules_settings1" { |
| 58 | + client_id = 1 |
| 59 | + min_lom_format = 51 # random value from 50, 51, 52 |
| 60 | + max_lom_format = 70 |
| 61 | + max_lom_size = 10000000 |
| 62 | +} |
| 63 | +
|
| 64 | +# based on rules_settings3 and rules_settings4 |
| 65 | +resource "wallarm_rules_settings" "new_rules_settings2" { |
| 66 | + client_id = 2 |
| 67 | + min_lom_format = 52 # random value from 52, 53 |
| 68 | +} |
| 69 | +
|
| 70 | +resource "wallarm_rules_settings" "rules_settings5" { |
| 71 | + client_id = 3 |
| 72 | + min_lom_format = 55 |
| 73 | +} |
| 74 | +``` |
| 75 | + |
| 76 | +## Example Usage |
| 77 | + |
| 78 | +```hcl |
| 79 | +# Configure rules settings |
| 80 | +
|
| 81 | +resource "wallarm_rules_settings" "rules_settings" { |
| 82 | + client_id = 123 |
| 83 | + min_lom_format = 50 |
| 84 | + max_lom_format = 54 |
| 85 | + max_lom_size = 10240 |
| 86 | + lom_disabled = false |
| 87 | + lom_compilation_delay = 0 |
| 88 | + rules_snapshot_enabled = true |
| 89 | + rules_snapshot_max_count = 5 |
| 90 | + rules_manipulation_locked = false |
| 91 | + heavy_lom = false |
| 92 | + parameters_count_weight = 6 |
| 93 | + path_variativity_weight = 6 |
| 94 | + pii_weight = 8 |
| 95 | + request_content_weight = 6 |
| 96 | + open_vulns_weight = 9 |
| 97 | + serialized_data_weight = 6 |
| 98 | + risk_score_algo = "maximum" |
| 99 | + pii_fallback = false |
| 100 | +} |
| 101 | +``` |
| 102 | + |
| 103 | +## Argument Reference |
| 104 | + |
| 105 | +* `client_id` - (optional) ID of the client which is a partner for the created tenant. By default, this argument has the value of the current client ID. |
| 106 | +* `min_lom_format` - (optional) Minimal Custom Ruleset format that will be compiled. |
| 107 | +* `max_lom_format` - (optional) Maximum Custom Ruleset format that will be compiled. |
| 108 | +* `max_lom_size` - (optional) Maximum size of Custom Ruleset size in bytes. |
| 109 | +* `lom_disabled` - (optional) Field determining whether Custom Ruleset is compiled. |
| 110 | +* `lom_compilation_delay` - (optional) Delay before Custom Ruleset compilition. |
| 111 | +* `rules_snapshot_enabled` - (optional) Field determining whether rules snapshots are created during Custom Ruleset compilation. |
| 112 | +* `rules_snapshot_max_count` - (optional) Maximum count of rules snapshot stored in wallarm. |
| 113 | +* `rules_manipulation_locked` - (optional) Field determining whether rules might changed. |
| 114 | +* `heavy_lom` - (optional) Field determining whether Custom Ruleset is compiled in special queue for huge rulesets. |
| 115 | +* `parameters_count_weight` - (optional) [Risk Score][1] weight of query and body parameters. The more parameters, the more potential malicious payloads. |
| 116 | +* `path_variativity_weight` - (optional) [Risk Score][1] weight of potential vulnerabilites to BOLA. Variable path parts make the endpoint a potential target of BOLA (IDOR) attacks. |
| 117 | +* `pii_weight` - (optional) [Risk Score][1] weight of parameters with sensitive data. Parameters with sensitive data are always at risk of exposure. |
| 118 | +* `request_content_weight` - (optional) [Risk Score][1] weight of uploading files to server. Attackers may be able to attack servers by uploading files containing malicious code. |
| 119 | +* `open_vulns_weight` - (optional) [Risk Score][1] weight of active vulnerabilities. Active vulnerabilities may result in unauthorized data access or corruption. |
| 120 | +* `serialized_data_weight` - (optional) [Risk Score][1] weight of accepting XML / JSON objects. XML / JSON objects are often used to transfer malicious payloads to attack servers. |
| 121 | +* `risk_score_algo` - (optional) Method of [Risk Score][1] calulation. Specify how the risk score calculation should be performed. Available values: maximum, average. |
| 122 | +* `pii_fallback` - (optional) Field determining whether fallback mechanism for PII detection is active. |
| 123 | + |
| 124 | +[1]: https://docs.wallarm.com/api-discovery/overview/#endpoint-risk-score |
0 commit comments