PolicyConfig

class oci.waas.models.PolicyConfig(**kwargs)

Bases: object

The configuration details for the WAAS policy.

CIPHER_GROUP_DEFAULT = 'DEFAULT'

A constant which can be used with the cipher_group property of a PolicyConfig. This constant has a value of "DEFAULT"

CLIENT_ADDRESS_HEADER_CLIENT_IP = 'CLIENT_IP'

A constant which can be used with the client_address_header property of a PolicyConfig. This constant has a value of "CLIENT_IP"

CLIENT_ADDRESS_HEADER_TRUE_CLIENT_IP = 'TRUE_CLIENT_IP'

A constant which can be used with the client_address_header property of a PolicyConfig. This constant has a value of "TRUE_CLIENT_IP"

CLIENT_ADDRESS_HEADER_X_CLIENT_IP = 'X_CLIENT_IP'

A constant which can be used with the client_address_header property of a PolicyConfig. This constant has a value of "X_CLIENT_IP"

CLIENT_ADDRESS_HEADER_X_FORWARDED_FOR = 'X_FORWARDED_FOR'

A constant which can be used with the client_address_header property of a PolicyConfig. This constant has a value of "X_FORWARDED_FOR"

CLIENT_ADDRESS_HEADER_X_REAL_IP = 'X_REAL_IP'

A constant which can be used with the client_address_header property of a PolicyConfig. This constant has a value of "X_REAL_IP"

TLS_PROTOCOLS_TLS_V1 = 'TLS_V1'

A constant which can be used with the tls_protocols property of a PolicyConfig. This constant has a value of "TLS_V1"

TLS_PROTOCOLS_TLS_V1_1 = 'TLS_V1_1'

A constant which can be used with the tls_protocols property of a PolicyConfig. This constant has a value of "TLS_V1_1"

TLS_PROTOCOLS_TLS_V1_2 = 'TLS_V1_2'

A constant which can be used with the tls_protocols property of a PolicyConfig. This constant has a value of "TLS_V1_2"

TLS_PROTOCOLS_TLS_V1_3 = 'TLS_V1_3'

A constant which can be used with the tls_protocols property of a PolicyConfig. This constant has a value of "TLS_V1_3"

__init__(**kwargs)

Initializes a new PolicyConfig object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:
  • certificate_id (str) -- The value to assign to the certificate_id property of this PolicyConfig.
  • is_https_enabled (bool) -- The value to assign to the is_https_enabled property of this PolicyConfig.
  • is_https_forced (bool) -- The value to assign to the is_https_forced property of this PolicyConfig.
  • tls_protocols (list[str]) -- The value to assign to the tls_protocols property of this PolicyConfig. Allowed values for items in this list are: "TLS_V1", "TLS_V1_1", "TLS_V1_2", "TLS_V1_3", 'UNKNOWN_ENUM_VALUE'. Any unrecognized values returned by a service will be mapped to 'UNKNOWN_ENUM_VALUE'.
  • is_origin_compression_enabled (bool) -- The value to assign to the is_origin_compression_enabled property of this PolicyConfig.
  • is_behind_cdn (bool) -- The value to assign to the is_behind_cdn property of this PolicyConfig.
  • client_address_header (str) -- The value to assign to the client_address_header property of this PolicyConfig. Allowed values for this property are: "X_FORWARDED_FOR", "X_CLIENT_IP", "X_REAL_IP", "CLIENT_IP", "TRUE_CLIENT_IP", 'UNKNOWN_ENUM_VALUE'. Any unrecognized values returned by a service will be mapped to 'UNKNOWN_ENUM_VALUE'.
  • is_cache_control_respected (bool) -- The value to assign to the is_cache_control_respected property of this PolicyConfig.
  • is_response_buffering_enabled (bool) -- The value to assign to the is_response_buffering_enabled property of this PolicyConfig.
  • cipher_group (str) -- The value to assign to the cipher_group property of this PolicyConfig. Allowed values for this property are: "DEFAULT", 'UNKNOWN_ENUM_VALUE'. Any unrecognized values returned by a service will be mapped to 'UNKNOWN_ENUM_VALUE'.
certificate_id

Gets the certificate_id of this PolicyConfig. The OCID of the SSL certificate to use if HTTPS is supported.

Returns:The certificate_id of this PolicyConfig.
Return type:str
cipher_group

Gets the cipher_group of this PolicyConfig. The cipher group - DEFAULT: Cipher group supports TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3 protocols. It has the following ciphers enabled: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Allowed values for this property are: "DEFAULT", 'UNKNOWN_ENUM_VALUE'. Any unrecognized values returned by a service will be mapped to 'UNKNOWN_ENUM_VALUE'.

Returns:The cipher_group of this PolicyConfig.
Return type:str
client_address_header

Gets the client_address_header of this PolicyConfig. The HTTP header used to pass the client IP address from the CDN if isBehindCdn is enabled. This feature consumes the header and its value as the true client IP address. It does not create the header. Using trusted chains (for example X-Client-Ip: 11.1.1.1, 13.3.3.3), the last IP address in the list will be used as true client IP address. In case of multiple headers with the same name, the first one will be used. If the header is not present it will use the connecting IP address as the true client IP address. It's assumed that CDN sets the correct client IP address and prevents spoofing.

  • X_FORWARDED_FOR: Corresponds to X-Forwarded-For header name.
  • X_CLIENT_IP: Corresponds to X-Client-Ip header name.
  • X_REAL_IP: Corresponds to X-Real-Ip header name.
  • CLIENT_IP: Corresponds to Client-Ip header name.
  • TRUE_CLIENT_IP: Corresponds to True-Client-Ip header name.

Allowed values for this property are: "X_FORWARDED_FOR", "X_CLIENT_IP", "X_REAL_IP", "CLIENT_IP", "TRUE_CLIENT_IP", 'UNKNOWN_ENUM_VALUE'. Any unrecognized values returned by a service will be mapped to 'UNKNOWN_ENUM_VALUE'.

Returns:The client_address_header of this PolicyConfig.
Return type:str
is_behind_cdn

Gets the is_behind_cdn of this PolicyConfig. Enable or disable the use of CDN. It allows to specify true client IP address if clients do not connect directly to us.

Returns:The is_behind_cdn of this PolicyConfig.
Return type:bool
is_cache_control_respected

Gets the is_cache_control_respected of this PolicyConfig. Enable or disable automatic content caching based on the response cache-control header. This feature enables the origin to act as a proxy cache. Caching policies are usually defined using cache-control header. For example cache-control: max-age=120 means that the returned resource is valid for 120 seconds. Caching rules will overwrite this setting.

Returns:The is_cache_control_respected of this PolicyConfig.
Return type:bool
is_https_enabled

Gets the is_https_enabled of this PolicyConfig. Enable or disable HTTPS support. If true, a certificateId is required. If unspecified, defaults to false.

Returns:The is_https_enabled of this PolicyConfig.
Return type:bool
is_https_forced

Gets the is_https_forced of this PolicyConfig. Force HTTP to HTTPS redirection. If unspecified, defaults to false.

Returns:The is_https_forced of this PolicyConfig.
Return type:bool
is_origin_compression_enabled

Gets the is_origin_compression_enabled of this PolicyConfig. Enable or disable GZIP compression of origin responses. If enabled, the header Accept-Encoding: gzip is sent to origin, otherwise - empty Accept-Encoding: header is used.

Returns:The is_origin_compression_enabled of this PolicyConfig.
Return type:bool
is_response_buffering_enabled

Gets the is_response_buffering_enabled of this PolicyConfig. Enable or disable buffering of responses from the origin. Buffering improves overall stability in case of network issues, but slightly increases Time To First Byte.

Returns:The is_response_buffering_enabled of this PolicyConfig.
Return type:bool
tls_protocols

Gets the tls_protocols of this PolicyConfig. A list of allowed TLS protocols. Only applicable when HTTPS support is enabled. It affects client's connection to the edge nodes. The most secure TLS version will be chosen. - TLS_V1: corresponds to TLS 1.0 specification.

  • TLS_V1_1: corresponds to TLS 1.1 specification.
  • TLS_V1_2: corresponds to TLS 1.2 specification.
  • TLS_V1_3: corresponds to TLS 1.3 specification.

Enabled TLS protocols must go in a row. For example if TLS_v1_1 and TLS_V1_3 are enabled, TLS_V1_2 must be enabled too.

Allowed values for items in this list are: "TLS_V1", "TLS_V1_1", "TLS_V1_2", "TLS_V1_3", 'UNKNOWN_ENUM_VALUE'. Any unrecognized values returned by a service will be mapped to 'UNKNOWN_ENUM_VALUE'.

Returns:The tls_protocols of this PolicyConfig.
Return type:list[str]