Request control match rule

akamai_cloudlets_request_control_match_rule

Build a match rule JSON object for the request control cloudlet.

data "akamai_cloudlets_request_control_match_rule" "my_rc_match_rule" {
  match_rules {
    name       = "my_rc_match_rule"    
    disabled   = false
    allow_deny = "allow"
    matches {
      case_sensitive = false
      match_operator = "contains"
      match_type     = "method"
      negate         = false
      check_ips      = "CONNECTING_IP XFF_HEADERS"
      object_match_value {
        name_case_sensitive = true
        name_has_wildcard   = true
        type                = "simple"
        value = [
          "GET"
        ]
      }
    }
  }

output "my_rc_match_rule" {
  value = data.akamai_cloudlets_request_control_match_rule.my_rc_match_rule
}
Changes to Outputs:
+ my_rc_match_rule = {
      + id          = "12ab3cde4f5g678h901234567i890123j456k789"
      + json        = jsonencode(
            [
              + {
                  + allowDeny = "allow"
                  + matches   = [
                      + {
                          + caseSensitive    = false
                          + checkIPs         = "CONNECTING_IP XFF_HEADERS"
                          + matchOperator    = "contains"
                          + matchType        = "method"
                          + negate           = false
                          + objectMatchValue = {
                              + type  = "simple"
                              + value = [
                                  + "GET",
                                ]
                            }
                        },
                    ]
                  + name      = "my_rc_match_rule"
                  + type      = "igMatchRule"
                },
            ]
        )
      + match_rules = [
          + {
              + allow_deny     = "allow"
              + disabled       = false
              + end            = 0
              + matches        = [
                  + {
                      + case_sensitive     = false
                      + check_ips          = "CONNECTING_IP XFF_HEADERS"
                      + match_operator     = "contains"
                      + match_type         = "method"
                      + match_value        = ""
                      + negate             = false
                      + object_match_value = [
                          + {
                              + name                = ""
                              + name_case_sensitive = true
                              + name_has_wildcard   = true
                              + options             = []
                              + type                = "simple"
                              + value               = [
                                  + "GET",
                                ]
                            },
                        ]
                    },
                ]
              + matches_always = false
              + name           = "my_rc_match_rule"
              + start          = 0
              + type           = "igMatchRule"
            },
        ]
    }

Arguments

Pass a match_rules list with the options that best fit your business case. While the match definitions arguments are optional, expected, at a minimum, are the matches_always and allow_deny arguments.

Use the information in the match options table to build out your rule's matches criteria.

Argument Required Description
matches_always ‚úĒ Whether the rule always matches the rule options set.
allow_deny ‚úĒ The allow or deny settings for requests. Value is one of:
  • allow. Request is sent to your origin when all conditions are true.
  • deny. Request is denied when all conditions are true.
  • denybranded. Request is denied and rerouted according to the settings in the request_control behavior.
name A human-readable name for your rule.
start The start time for the match. Value is UTC through seconds.
end The end time for the match. Value is UTC through seconds.
disabled Whether to disable a rule so it is not evaluated against incoming requests.
matches The match object definitions list.

Match options

The options listed are nested within the matches argument.

All match options are optional.

Argument Description
match_type The type of match used. Value is one of:
  • header
  • hostname
  • path
  • extension
  • query
  • regex
  • cookie
  • deviceCharacteristics
  • clientip
  • continent
  • countrycode
  • regioncode
  • protocol
  • method
  • proxy
match_value A value that reflects your match type, for example, if you set your match type to countrycode, the value would reflect the match country.
match_operator Compares a string expression with a pattern. Value is one of:
  • contains
  • exists
  • equals
case_sensitive Whether the match is case sensitive.
negate Whether to negate the match.
check_ips For clientip, continent, countrycode, proxy, and regioncode match types, the part of the request that defines the part of the request to use as the IP address. Value options:
  • CONNECTING_IP
  • XFF_HEADERS
  • You can use both separated by a space. When both values are included, the connecting IP address is evaluated first.
object_match_value Use when a rule includes more complex match criteria, like multiple value attributes. Value options:
  • name. One of cookie, header, parameter, or query.
  • type. Required. The type of list, either object or simple.
  • name_case_sensitive. Whether the evaluation of the name argument is case sensitive.
  • name_has_wildcard. Whether the name argument includes wildcards.
  • options. If you set the type argument to object, use this to list the values on which to match.
    • value. The values in the incoming request on which to match.
    • value_has_wildcard. Whether the value argument includes wildcards.
    • value_case_sensitive. Whether the evaluation of the value argument is case sensitive.
    • value_escaped. Whether the compared value argument can be an escaped form.
  • value. If you set the type argument to simple, provide the values in the incoming request on which to match.

Attributes

Returned is a jsonencoded list of the match rules defined in your query. Set the output type to capture the result based on your need as you use the return in the policy resource.