f5xc_bigip_http_proxy Resource - terraform-provider-f5xc

f5xc_bigip_http_proxy (Resource)

Manages BIG-IP HTTP Proxy in a given namespace. If one already exists, it will give an error. in F5 Distributed Cloud.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Bigip HTTP Proxy Resource Example
# Manages BIG-IP HTTP Proxy in a given namespace. If one already exists, it will give an error. in F5 Distributed Cloud.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Bigip HTTP Proxy configuration
resource "f5xc_bigip_http_proxy" "example" {
  name      = "example-bigip-http-proxy"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Resource-specific configuration
  # Defines various advanced Profile OPTIONS for a Loadbalancer.
  advanced_profile {
    # Configure advanced_profile settings
  }
  # Enable this option
  disable_spec {
    # Configure disable_spec settings
  }
  # Configuration parameter for enable default profile.
  enable_default_profile {
    # Configure enable_default_profile settings
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the BIG-IP HTTP Proxy. Must be unique within the namespace

• namespace - Required String
Namespace where the BIG-IP HTTP Proxy will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

• advanced_profile - Optional Block
Defines various advanced Profile OPTIONS for a Loadbalancer
See Advanced Profile below for details.

• ddos_profile - Optional Block
Configuration parameter for DDOS profile
See DDOS Profile below for details.

• irules - Optional Block
IRules Configuration for downstream connections
See Irules below for details.

• lb_algorithm - Optional Block
Configuration parameter for LB algorithm
See LB Algorithm below for details.

• origin_pools - Optional Block
Configuration parameter for origin pools
See Origin Pools below for details.

• proxy_advertisement - Optional Block
Configuration parameter for proxy advertisement
See Proxy Advertisement below for details.

• proxy_config - Optional Block
HTTP/HTTPS Load Balancer. HTTP/HTTPS Load balancer

• timeouts - Optional Block

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

Advanced Profile

An advanced_profile block supports the following:

• disable_spec - Optional Block
Enable this option

• enable_default_profile - Optional Block
Configuration parameter for enable default profile

DDOS Profile

A ddos_profile block supports the following:

• disable_ddos_mitigation - Optional Block
Enable this option

• enable_ddos_mitigation - Optional Block
Enable this option

Irules

An irules block supports the following:

• irules - Optional Block
OPTIONS for attaching iRules to BIG-IP HTTP Proxy
See Irules below.

Irules Irules

An irules block (within irules) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

LB Algorithm

A lb_algorithm block supports the following:

• round_robin - Optional Block
Configuration parameter for round robin

Origin Pools

An origin_pools block supports the following:

• pools - Optional Block
Origin Pools. List of Origin Pools
See Pools below.

Origin Pools Pools

A pools block (within origin_pools) supports the following:

• name - Optional String
Name. Name of the origin pool

• origin_servers - Optional Block
List of origin Servers for the BIG-IP HTTP Proxy
See Origin Servers below.

• priority - Optional Number
Priority of this origin pool, valid only with multiple origin pools. Value of 0 will make the pool as lowest priority origin pool. When active origin pool is not available, lower priority origin pools are made active as per the increasing priority

• weight - Optional Number
Weight of this origin pool, valid only with multiple origin pools. Value of 0 will disable the pool

Origin Pools Pools Origin Servers

An origin_servers block (within origin_pools.pools) supports the following:

• automatic_port - Optional Block
Enable this option

• health_checks - Optional Block
Configuration parameter for health checks
See Health Checks below.

• lb_port - Optional Block
Enable this option

• origin_servers - Optional Block
List of origin servers for Proxy
See Origin Servers below.

• port - Optional Number
Endpoint service is available on this port

Origin Pools Pools Origin Servers Health Checks

A health_checks block (within origin_pools.pools.origin_servers) supports the following:

• health_check - Optional Block
List of Health Checks. List of Health Checks
See Health Check below.

• healthy_threshold - Optional Number
Number of successful responses before declaring healthy. In other words, this is the number of healthy health checks required before a host is marked healthy. Note that during startup, only a single successful health check is required to mark a host healthy

• interval - Optional Number
Time interval in seconds between two health check requests

• timeout - Optional Number
Timeout in seconds to wait for successful response. In other words, it is the time to wait for a health check response. If the timeout is reached the health check attempt will be considered a failure

• unhealthy_threshold - Optional Number
Number of failed responses before declaring unhealthy. In other words, this is the number of unhealthy health checks required before a host is marked unhealthy. Note that for HTTP health check if a host responds with 503 this threshold is ignored and the host is considered unhealthy immediately

Origin Pools Pools Origin Servers Health Checks Health Check

Deeply nested Check block collapsed for readability.

Origin Pools Pools Origin Servers Health Checks Health Check TCP Health Check

Deeply nested Check block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers

An origin_servers block (within origin_pools.pools.origin_servers) supports the following:

• k8s_service - Optional Block
Specify origin server with K8S service name and site information
See K8S Service below.

• private_ip - Optional Block
Specify origin server with private or public IP address and site information
See Private IP below.

• public_ip - Optional Block
Specify origin server with public IP address
See Public IP below.

• public_name - Optional Block
Specify origin server with public DNS name
See Public Name below.

Origin Pools Pools Origin Servers Origin Servers K8S Service

Deeply nested Service block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers K8S Service Site Locator

Deeply nested Locator block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers K8S Service Site Locator Site

Deeply nested Site block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers K8S Service Site Locator Virtual Site

Deeply nested Site block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers K8S Service Snat Pool

Deeply nested Pool block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers K8S Service Snat Pool Snat Pool

Deeply nested Pool block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Private IP

Deeply nested IP block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Private IP Segment

Deeply nested Segment block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Private IP Site Locator

Deeply nested Locator block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Private IP Site Locator Site

Deeply nested Site block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Private IP Site Locator Virtual Site

Deeply nested Site block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Private IP Snat Pool

Deeply nested Pool block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Private IP Snat Pool Snat Pool

Deeply nested Pool block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Public IP

Deeply nested IP block collapsed for readability.

Origin Pools Pools Origin Servers Origin Servers Public Name

Deeply nested Name block collapsed for readability.

Proxy Advertisement

A proxy_advertisement block supports the following:

• advertise_custom - Optional Block
Defines a way to advertise a VIP on specific sites
See Advertise Custom below.

• do_not_advertise - Optional Block
Configuration parameter for do not advertise

Proxy Advertisement Advertise Custom

An advertise_custom block (within proxy_advertisement) supports the following:

• advertise_where - Optional Block
Where should this load balancer be available
See Advertise Where below.

Proxy Advertisement Advertise Custom Advertise Where

An advertise_where block (within proxy_advertisement.advertise_custom) supports the following:

• advertise_on_public - Optional Block
Defines a way to advertise a load balancer on public. If optional public_ip is provided, it will only be advertised on RE sites where that public_ip is available
See Advertise On Public below.

• port - Optional Number
Port to Listen

• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-’

• site - Optional Block
Defines a reference to a CE site along with network type and an optional IP address where a load balancer could be advertised
See Site below.

• use_default_port - Optional Block
Enable this option

• virtual_network - Optional Block
Parameters to advertise on a given virtual network
See Virtual Network below.

• virtual_site - Optional Block
Defines a reference to a customer site virtual site along with network type where a load balancer could be advertised
See Virtual Site below.

• virtual_site_with_vip - Optional Block
Defines a reference to a customer site virtual site along with network type and IP where a load balancer could be advertised
See Virtual Site With VIP below.

• vk8s_service - Optional Block
Defines a reference to a RE site or virtual site where a load balancer could be advertised in the vK8s service network
See Vk8s Service below.

Proxy Advertisement Advertise Custom Advertise Where Advertise On Public

Deeply nested Public block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Advertise On Public Public IP

Deeply nested IP block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Site

A site block (within proxy_advertisement.advertise_custom.advertise_where) supports the following:

• ip - Optional String
Use given IP address as VIP on the site

• network - Optional String Defaults to SITE_NETWORK_INSIDE_AND_OUTSIDE
Possible values are SITE_NETWORK_INSIDE_AND_OUTSIDE, SITE_NETWORK_INSIDE, SITE_NETWORK_OUTSIDE, SITE_NETWORK_SERVICE, SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP, SITE_NETWORK_IP_FABRIC
[Enum: SITE_NETWORK_INSIDE_AND_OUTSIDE|SITE_NETWORK_INSIDE|SITE_NETWORK_OUTSIDE|SITE_NETWORK_SERVICE|SITE_NETWORK_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_INSIDE_AND_OUTSIDE_WITH_INTERNET_VIP|SITE_NETWORK_IP_FABRIC] Defines network types to be used on site All inside and outside networks. All inside and outside networks with internet VIP support. All inside networks

• site - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Site below.

Proxy Advertisement Advertise Custom Advertise Where Site Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Network

Deeply nested Network block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Network Virtual Network

Deeply nested Network block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site With VIP

Deeply nested VIP block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Virtual Site With VIP Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Vk8s Service

Deeply nested Service block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Vk8s Service Site

Deeply nested Site block collapsed for readability.

Proxy Advertisement Advertise Custom Advertise Where Vk8s Service Virtual Site

Deeply nested Site block collapsed for readability.

Proxy Config

A proxy_config block supports the following:

• domains - Optional List
List of domains (host/authority header) that will be matched to loadbalancer. Wildcard hosts are supported in the suffix or prefix form Domain search order: 1. Exact domain names: “

• http - Optional Block
HTTP Choice. Choice for selecting HTTP proxy
See HTTP below.

• https - Optional Block
Choice for selecting HTTP proxy with bring your own certificates
See HTTPS below.

• https_auto_cert - Optional Block
Choice for selecting HTTP proxy with bring your own certificates
See HTTPS Auto Cert below.

Proxy Config HTTP

A http block (within proxy_config) supports the following:

• dns_volterra_managed - Optional Bool
DNS records for domains will be managed automatically by F5 Distributed Cloud. As a prerequisite, the domain must be delegated to F5 Distributed Cloud using Delegated domain feature or a DNS CNAME record should be created in your DNS provider’s portal

• port - Optional Number
HTTP port to Listen

• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-‘

Proxy Config HTTPS

A https block (within proxy_config) supports the following:

• add_hsts - Optional Bool
Add HTTP Strict-Transport-Security response header

• append_server_name - Optional String
Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is

• coalescing_options - Optional Block
TLS connection coalescing configuration (not compatible with mTLS)
See Coalescing Options below.

• connection_idle_timeout - Optional Number
The idle timeout for downstream connections. The idle timeout is defined as the period in which there are no active requests. When the idle timeout is reached the connection will be closed

• default_header - Optional Block
Configuration parameter for default header

• default_loadbalancer - Optional Block
Configuration parameter for default loadbalancer

• disable_path_normalize - Optional Block
Enable this option

• enable_path_normalize - Optional Block
Enable this option

• http_protocol_options - Optional Block
HTTP protocol configuration OPTIONS for downstream connections
See HTTP Protocol Options below.

• http_redirect - Optional Bool
HTTP Redirect to HTTPS. Redirect HTTP traffic to HTTPS

• non_default_loadbalancer - Optional Block
Configuration parameter for non default loadbalancer

• pass_through - Optional Block
Configuration parameter for pass through

• port - Optional Number
HTTPS port to Listen

• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-’

• server_name - Optional String
Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header

• tls_cert_params - Optional Block
Configuration parameter for TLS cert params
See TLS Cert Params below.

• tls_parameters - Optional Block
Configuration parameter for TLS parameters
See TLS Parameters below.

Proxy Config HTTPS Coalescing Options

A coalescing_options block (within proxy_config.https) supports the following:

• default_coalescing - Optional Block
Configuration parameter for default coalescing

• strict_coalescing - Optional Block
Configuration parameter for strict coalescing

Proxy Config HTTPS HTTP Protocol Options

A http_protocol_options block (within proxy_config.https) supports the following:

• http_protocol_enable_v1_only - Optional Block
HTTP/1.1 Protocol OPTIONS for downstream connections
See HTTP Protocol Enable V1 Only below.

• http_protocol_enable_v1_v2 - Optional Block
Configuration parameter for HTTP protocol enable v1 v2

• http_protocol_enable_v2_only - Optional Block
Configuration parameter for HTTP protocol enable v2 only

Proxy Config HTTPS HTTP Protocol Options HTTP Protocol Enable V1 Only

Deeply nested Only block collapsed for readability.

Proxy Config HTTPS HTTP Protocol Options HTTP Protocol Enable V1 Only Header Transformation

Deeply nested Transformation block collapsed for readability.

Proxy Config HTTPS TLS Cert Params

A tls_cert_params block (within proxy_config.https) supports the following:

• certificates - Optional Block
Select one or more certificates with any domain names
See Certificates below.

• no_mtls - Optional Block
Enable this option

• tls_config - Optional Block
Defines various OPTIONS to configure TLS configuration parameters
See TLS Config below.

• use_mtls - Optional Block
Validation context for downstream client TLS connections
See Use mTLS below.

Proxy Config HTTPS TLS Cert Params Certificates

A certificates block (within proxy_config.https.tls_cert_params) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

Proxy Config HTTPS TLS Cert Params TLS Config

Deeply nested Config block collapsed for readability.

Proxy Config HTTPS TLS Cert Params TLS Config Custom Security

Deeply nested Security block collapsed for readability.

Proxy Config HTTPS TLS Cert Params Use mTLS

Deeply nested mTLS block collapsed for readability.

Proxy Config HTTPS TLS Cert Params Use mTLS CRL

Deeply nested CRL block collapsed for readability.

Proxy Config HTTPS TLS Cert Params Use mTLS Trusted CA

Deeply nested CA block collapsed for readability.

Proxy Config HTTPS TLS Cert Params Use mTLS Xfcc Options

Deeply nested Options block collapsed for readability.

Proxy Config HTTPS TLS Parameters

A tls_parameters block (within proxy_config.https) supports the following:

• no_mtls - Optional Block
Enable this option

• tls_certificates - Optional Block
Users can add one or more certificates that share the same set of domains. For example, domain.com and *.domain.com - but use different signature algorithms
See TLS Certificates below.

• tls_config - Optional Block
Defines various OPTIONS to configure TLS configuration parameters
See TLS Config below.

• use_mtls - Optional Block
Validation context for downstream client TLS connections
See Use mTLS below.

Proxy Config HTTPS TLS Parameters TLS Certificates

A tls_certificates block (within proxy_config.https.tls_parameters) supports the following:

• certificate_url - Optional String
TLS certificate. Certificate or certificate chain in PEM format including the PEM headers

• custom_hash_algorithms - Optional Block
Specifies the hash algorithms to be used
See Custom Hash Algorithms below.

• description_spec - Optional String
Description. Description for the certificate

• disable_ocsp_stapling - Optional Block
Configuration parameter for disable OCSP stapling

• private_key - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Private Key below.

• use_system_defaults - Optional Block
Configuration parameter for use system defaults

Proxy Config HTTPS TLS Parameters TLS Certificates Custom Hash Algorithms

Deeply nested Algorithms block collapsed for readability.

Proxy Config HTTPS TLS Parameters TLS Certificates Private Key

Deeply nested Key block collapsed for readability.

Proxy Config HTTPS TLS Parameters TLS Certificates Private Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Proxy Config HTTPS TLS Parameters TLS Certificates Private Key Clear Secret Info

Deeply nested Info block collapsed for readability.

Proxy Config HTTPS TLS Parameters TLS Config

A tls_config block (within proxy_config.https.tls_parameters) supports the following:

• custom_security - Optional Block
Defines TLS protocol config including min/max versions and allowed ciphers
See Custom Security below.

• default_security - Optional Block
Enable this option

• low_security - Optional Block
Enable this option

• medium_security - Optional Block
Enable this option

Proxy Config HTTPS TLS Parameters TLS Config Custom Security

Deeply nested Security block collapsed for readability.

Proxy Config HTTPS TLS Parameters Use mTLS

An use_mtls block (within proxy_config.https.tls_parameters) supports the following:

• client_certificate_optional - Optional Bool
Client certificate is optional. If the client has provided a certificate, the load balancer will verify it. If certification verification fails, the connection will be terminated

• crl - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See CRL below.

• no_crl - Optional Block
Enable this option

• trusted_ca - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See Trusted CA below.

• trusted_ca_url - Optional String
Upload a Root CA Certificate specifically for this Load Balancer

• xfcc_disabled - Optional Block
Enable this option

• xfcc_options - Optional Block
X-Forwarded-Client-Cert header elements to be added to requests
See Xfcc Options below.

Proxy Config HTTPS TLS Parameters Use mTLS CRL

Deeply nested CRL block collapsed for readability.

Proxy Config HTTPS TLS Parameters Use mTLS Trusted CA

Deeply nested CA block collapsed for readability.

Proxy Config HTTPS TLS Parameters Use mTLS Xfcc Options

Deeply nested Options block collapsed for readability.

Proxy Config HTTPS Auto Cert

A https_auto_cert block (within proxy_config) supports the following:

• add_hsts - Optional Bool
Add HTTP Strict-Transport-Security response header

• append_server_name - Optional String
Define the header value for the header name “server”. If header value is already present, it is not overwritten and passed as-is

• coalescing_options - Optional Block
TLS connection coalescing configuration (not compatible with mTLS)
See Coalescing Options below.

• default_header - Optional Block
Configuration parameter for default header

• default_loadbalancer - Optional Block
Configuration parameter for default loadbalancer

• disable_path_normalize - Optional Block
Enable this option

• enable_path_normalize - Optional Block
Enable this option

• http_protocol_options - Optional Block
HTTP protocol configuration OPTIONS for downstream connections
See HTTP Protocol Options below.

• http_redirect - Optional Bool
HTTP Redirect to HTTPS. Redirect HTTP traffic to HTTPS

• no_mtls - Optional Block
Enable this option

• non_default_loadbalancer - Optional Block
Configuration parameter for non default loadbalancer

• pass_through - Optional Block
Configuration parameter for pass through

• port - Optional Number
HTTPS port to Listen

• port_ranges - Optional String
A string containing a comma separated list of port ranges. Each port range consists of a single port or two ports separated by ’-’

• server_name - Optional String
Define the header value for the header name “server”. This will overwrite existing values, if any, for the server header

• tls_config - Optional Block
Defines various OPTIONS to configure TLS configuration parameters
See TLS Config below.

• use_mtls - Optional Block
Validation context for downstream client TLS connections
See Use mTLS below.

Proxy Config HTTPS Auto Cert Coalescing Options

A coalescing_options block (within proxy_config.https_auto_cert) supports the following:

• default_coalescing - Optional Block
Configuration parameter for default coalescing

• strict_coalescing - Optional Block
Configuration parameter for strict coalescing

Proxy Config HTTPS Auto Cert HTTP Protocol Options

Deeply nested Options block collapsed for readability.

Proxy Config HTTPS Auto Cert HTTP Protocol Options HTTP Protocol Enable V1 Only

Deeply nested Only block collapsed for readability.

Proxy Config HTTPS Auto Cert HTTP Protocol Options HTTP Protocol Enable V1 Only Header Transformation

Deeply nested Transformation block collapsed for readability.

Proxy Config HTTPS Auto Cert TLS Config

A tls_config block (within proxy_config.https_auto_cert) supports the following:

• custom_security - Optional Block
Defines TLS protocol config including min/max versions and allowed ciphers
See Custom Security below.

• default_security - Optional Block
Enable this option

• low_security - Optional Block
Enable this option

• medium_security - Optional Block
Enable this option

Proxy Config HTTPS Auto Cert TLS Config Custom Security

Deeply nested Security block collapsed for readability.

Proxy Config HTTPS Auto Cert Use mTLS

An use_mtls block (within proxy_config.https_auto_cert) supports the following:

• crl - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See CRL below.

• no_crl - Optional Block
Enable this option

• trusted_ca_url - Optional String
Upload a Root CA Certificate specifically for this Load Balancer

• xfcc_disabled - Optional Block
Enable this option

• xfcc_options - Optional Block
X-Forwarded-Client-Cert header elements to be added to requests
See Xfcc Options below.

Proxy Config HTTPS Auto Cert Use mTLS CRL

Deeply nested CRL block collapsed for readability.

Proxy Config HTTPS Auto Cert Use mTLS Trusted CA

Deeply nested CA block collapsed for readability.

Proxy Config HTTPS Auto Cert Use mTLS Xfcc Options

Deeply nested Options block collapsed for readability.

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
`name`	String	Name of the referenced object
`namespace`	String	Namespace containing the referenced object
`tenant`	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
`LOWER_CASE`	Convert to lowercase
`UPPER_CASE`	Convert to uppercase
`BASE64_DECODE`	Decodebase64 content
`NORMALIZE_PATH`	Normalize URL path
`REMOVE_WHITESPACE`	Remove whitespace characters
`URL_DECODE`	Decode URL-encoded characters
`TRIM_LEFT`	Trim leading whitespace
`TRIM_RIGHT`	Trim trailing whitespace
`TRIM`	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
`ANY`	Match any HTTP method
`GET`	HTTP GET request
`HEAD`	HTTP HEAD request
`POST`	HTTP POST request
`PUT`	HTTP PUT request
`DELETE`	HTTP DELETE request
`CONNECT`	HTTP CONNECT request
`OPTIONS`	HTTP OPTIONS request
`TRACE`	HTTP TRACE request
`PATCH`	HTTP PATCH request
`COPY`	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
`TLS_FINGERPRINT_NONE`	No fingerprint matching
`ANY_MALICIOUS_FINGERPRINT`	Match any known malicious fingerprint
`ADWARE`	Adware-associated fingerprints
`DRIDEX`	Dridex malware fingerprints
`GOOTKIT`	Gootkit malware fingerprints
`RANSOMWARE`	Ransomware-associated fingerprints
`TRICKBOT`	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
`SPAM_SOURCES`	Known spam sources
`WINDOWS_EXPLOITS`	Windows exploit sources
`WEB_ATTACKS`	Web attack sources
`BOTNETS`	Known botnet IPs
`SCANNERS`	Network scanner IPs
`REPUTATION`	Poor reputation IPs
`PHISHING`	Phishing-related IPs
`PROXY`	Anonymous proxy IPs
`MOBILE_THREATS`	Mobile threat sources
`TOR_PROXY`	Tor exit nodes
`DENIAL_OF_SERVICE`	DoS attack sources
`NETWORK`	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_bigip_http_proxy.example system/example