f5xc_route Resource - terraform-provider-f5xc

f5xc_route (Resource)

Manages route object in a given namespace. Route object is list of route rules. Each rule has match condition to match incoming requests and actions to take on matching requests. in F5 Distributed Cloud.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Route Resource Example
# Manages route object in a given namespace. Route object is list of route rules. Each rule has match condition to match incoming requests and actions to take on matching requests. in F5 Distributed Cloud.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Route configuration
resource "f5xc_route" "example" {
  name      = "example-route"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Route configuration
  routes {
    match {
      path {
        prefix = "/api/"
      }
    }
    route_destination {
      destinations {
        cluster {
          name      = "api-cluster"
          namespace = "staging"
        }
        weight = 100
      }
    }
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the Route. Must be unique within the namespace

• namespace - Required String
Namespace where the Route will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

• routes - Optional Block
List of routes to match for incoming request
See Routes below for details.

• timeouts - Optional Block

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

---

Routes

A routes block supports the following:

• bot_defense_JavaScript_injection - Optional Block
Bot Defense JavaScript Injection Configuration for inline bot defense deployments
See Bot Defense JavaScript Injection below.

• disable_location_add - Optional Bool
Disables append of x-F5 Distributed Cloud-location = <RE-site-name> at route level, if it is configured at virtual-host level. This configuration is ignored on CE sites

• inherited_bot_defense_JavaScript_injection - Optional Block
Enable this option

• inherited_waf_exclusion - Optional Block
Configuration parameter for inherited WAF exclusion

• match - Optional Block
Match. Route match condition
See Match below.

• request_cookies_to_add - Optional Block
Cookies are key-value pairs to be added to HTTP request being routed towards upstream
See Request Cookies To Add below.

• request_cookies_to_remove - Optional List
List of keys of Cookies to be removed from the HTTP request being sent towards upstream

• request_headers_to_add - Optional Block
Headers are key-value pairs to be added to HTTP requests being sent towards upstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level
See Request Headers To Add below.

• request_headers_to_remove - Optional List
List of keys of Headers to be removed from the HTTP request being sent towards upstream

• response_cookies_to_add - Optional Block
Cookies are name-value pairs along with optional attribute parameters to be added to HTTP response being sent towards downstream
See Response Cookies To Add below.

• response_cookies_to_remove - Optional List
List of name of Cookies to be removed from the HTTP response being sent towards downstream. Entire set-cookie header will be removed

• response_headers_to_add - Optional Block
Headers are key-value pairs to be added to HTTP response being sent towards downstream. Headers specified at this level are applied before headers from the enclosing VirtualHost object level
See Response Headers To Add below.

• response_headers_to_remove - Optional List
List of keys of Headers to be removed from the HTTP response being sent towards downstream

• route_destination - Optional Block
List of destination to choose if the route is match
See Route Destination below.

• route_direct_response - Optional Block
Send this direct response in case of route match action is direct response
See Route Direct Response below.

• route_redirect - Optional Block
Route redirect parameters when match action is redirect
See Route Redirect below.

• service_policy - Optional Block
ServicePolicy configuration details at route level
See Service Policy below.

• waf_exclusion_policy - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See WAF Exclusion Policy below.

• waf_type - Optional Block
WAF instance will be pointing to an app_firewall object
See WAF Type below.

Routes Bot Defense JavaScript Injection

A bot_defense_JavaScript_injection block (within routes) supports the following:

• JavaScript_location - Optional String Defaults to AFTER_HEAD
Possible values are AFTER_HEAD, AFTER_TITLE_END, BEFORE_SCRIPT
[Enum: AFTER_HEAD|AFTER_TITLE_END|BEFORE_SCRIPT] All inside networks. Insert JavaScript after <HEAD> tag Insert JavaScript after </title> tag. Insert JavaScript before first <script> tag

• JavaScript_tags - Optional Block
Select Add item to configure your JavaScript tag. If adding both Bot Adv and Fraud, the Bot JavaScript should be added first
See JavaScript Tags below.

Routes Bot Defense JavaScript Injection JavaScript Tags

A JavaScript_tags block (within routes.bot_defense_JavaScript_injection) supports the following:

• JavaScript_url - Optional String
Please enter the full URL (include domain and path), or relative path

• tag_attributes - Optional Block
Add the tag attributes you want to include in your JavaScript tag
See Tag Attributes below.

Routes Bot Defense JavaScript Injection JavaScript Tags Tag Attributes

Deeply nested Attributes block collapsed for readability.

Routes Match

A match block (within routes) supports the following:

• headers - Optional Block
Headers. List of (key, value) headers
See Headers below.

• http_method - Optional String Defaults to ANY
See HTTP Methods
Specifies the HTTP method used to access a resource. Any HTTP Method

• incoming_port - Optional Block
Port match of the request can be a range or a specific port
See Incoming Port below.

• path - Optional Block
Path match of the URI can be either be, Prefix match or exact match or regular expression match
See Path below.

• query_params - Optional Block
Query Parameters. List of (key, value) query parameters
See Query Params below.

Routes Match Headers

A headers block (within routes.match) supports the following:

• exact - Optional String
Header value to match exactly

• invert_match - Optional Bool
Invert the result of the match to detect missing header or non-matching value

• name - Optional String
Name. Name of the header

• presence - Optional Bool
If true, check for presence of header

• regex - Optional String
Regex match of the header value in re2 format

Routes Match Incoming Port

An incoming_port block (within routes.match) supports the following:

• no_port_match - Optional Block
Enable this option

• port - Optional Number
Exact Port to match

• port_ranges - Optional String
Port range to match

Routes Match Path

A path block (within routes.match) supports the following:

• path - Optional String
Exact path value to match

• prefix - Optional String
Path prefix to match (e.g. The value / will match on all paths)

• regex - Optional String
Regular expression of path match (e.g. The value .* will match on all paths)

Routes Match Query Params

A query_params block (within routes.match) supports the following:

• exact - Optional String
Exact match value for the query parameter key

• key - Optional String
Query parameter key In the above example, assignee_username is the key

• regex - Optional String
Regex match value for the query parameter key

Routes Request Cookies To Add

A request_cookies_to_add block (within routes) supports the following:

• name - Optional String
Name of the cookie in Cookie header

• overwrite - Optional Bool Defaults to do
Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite

• secret_value - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Secret Value below.

• value - Optional String
Value of the Cookie header

Routes Request Cookies To Add Secret Value

A secret_value block (within routes.request_cookies_to_add) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

Routes Request Cookies To Add Secret Value Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Routes Request Cookies To Add Secret Value Clear Secret Info

Deeply nested Info block collapsed for readability.

Routes Request Headers To Add

A request_headers_to_add block (within routes) supports the following:

• append - Optional Bool Defaults to do
Should the value be appended? If true, the value is appended to existing values. not append

• name - Optional String
Name. Name of the HTTP header

• secret_value - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Secret Value below.

• value - Optional String
Value of the HTTP header

Routes Request Headers To Add Secret Value

A secret_value block (within routes.request_headers_to_add) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

Routes Request Headers To Add Secret Value Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Routes Request Headers To Add Secret Value Clear Secret Info

Deeply nested Info block collapsed for readability.

Routes Response Cookies To Add

A response_cookies_to_add block (within routes) supports the following:

• add_domain - Optional String
Add domain attribute

• add_expiry - Optional String
Add expiry attribute

• add_httponly - Optional Block
Configuration parameter for add httponly

• add_partitioned - Optional Block
Configuration parameter for add partitioned

• add_path - Optional String
Add path attribute

• add_secure - Optional Block
Enable this option

• ignore_domain - Optional Block
Configuration parameter for ignore domain

• ignore_expiry - Optional Block
Configuration parameter for ignore expiry

• ignore_httponly - Optional Block
Configuration parameter for ignore httponly

• ignore_max_age - Optional Block
Configuration parameter for ignore max age

• ignore_partitioned - Optional Block
Configuration parameter for ignore partitioned

• ignore_path - Optional Block
Enable this option

• ignore_samesite - Optional Block
Enable this option

• ignore_secure - Optional Block
Enable this option

• ignore_value - Optional Block
Configuration parameter for ignore value

• max_age_value - Optional Number
Add max age attribute

• name - Optional String
Name of the cookie in Cookie header

• overwrite - Optional Bool Defaults to do
Should the value be overwritten? If true, the value is overwritten to existing values. not overwrite

• samesite_lax - Optional Block
Enable this option

• samesite_none - Optional Block
Enable this option

• samesite_strict - Optional Block
Enable this option

• secret_value - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Secret Value below.

• value - Optional String
Value of the Cookie header

Routes Response Cookies To Add Secret Value

A secret_value block (within routes.response_cookies_to_add) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

Routes Response Cookies To Add Secret Value Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Routes Response Cookies To Add Secret Value Clear Secret Info

Deeply nested Info block collapsed for readability.

Routes Response Headers To Add

A response_headers_to_add block (within routes) supports the following:

• append - Optional Bool Defaults to do
Should the value be appended? If true, the value is appended to existing values. not append

• name - Optional String
Name. Name of the HTTP header

• secret_value - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Secret Value below.

• value - Optional String
Value of the HTTP header

Routes Response Headers To Add Secret Value

A secret_value block (within routes.response_headers_to_add) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

Routes Response Headers To Add Secret Value Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Routes Response Headers To Add Secret Value Clear Secret Info

Deeply nested Info block collapsed for readability.

Routes Route Destination

A route_destination block (within routes) supports the following:

• auto_host_rewrite - Optional Bool
Indicates that during forwarding, the host header will be swapped with the hostname of the upstream host chosen by the cluster

• buffer_policy - Optional Block
Some upstream applications are not capable of handling streamed data. This config enables buffering the entire request before sending to upstream application. We can specify the maximum buffer size and buffer interval with this config
See Buffer Policy below.

• cors_policy - Optional Block
Cross-Origin Resource Sharing requests configuration specified at Virtual-host or Route level. Route level configuration takes precedence. An example of an Cross origin HTTP request GET /resources/public-data/ HTTP/1.1 Host: bar.other User-Agent: Mozilla/5.0 (Macintosh; U; Intel macOS X 10.5
See CORS Policy below.

• csrf_policy - Optional Block
To mitigate CSRF attack , the policy checks where a request is coming from to determine if the request’s origin is the same as its destination.the policy relies on two pieces of information used in determining if a request originated from the same host. 1. The origin that caused the user agent to
See CSRF Policy below.

• destinations - Optional Block
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured
See Destinations below.

• do_not_retract_cluster - Optional Block
Enable this option

• endpoint_subsets - Optional Block
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that an endpoint must match in order to be selected by the load balancer Labels field of endpoint object’s metadata is used for subset

• hash_policy - Optional Block
Specifies a list of hash policies to use for ring hash load balancing. Each hash policy is evaluated individually and the combined result is used to route the request
See Hash Policy below.

• host_rewrite - Optional String
Indicates that during forwarding, the host header will be swapped with this value

• mirror_policy - Optional Block
MirrorPolicy is used for shadowing traffic from one cluster to another. The approach used is ‘fire and forget’, meaning it will not wait for the shadow cluster to respond before returning the response from the primary cluster. All normal statistics are collected for the shadow cluster making
See Mirror Policy below.

• prefix_rewrite - Optional String
prefix_rewrite indicates that during forwarding, the matched prefix (or path) should be swapped with its value. When using regex path matching, the entire path (not including the query string) will be swapped with this value. This option allows application URLs to

• priority - Optional String Defaults to DEFAULT
Possible values are DEFAULT, HIGH
[Enum: DEFAULT|HIGH] Priority routing for each request. Different connection pools are used based on the priority selected for the request. Also, circuit-breaker configuration at destination cluster is chosen based on selected priority

• query_params - Optional Block
Handling of incoming query parameters in simple route
See Query Params below.

• regex_rewrite - Optional Block
RegexMatchRewrite describes how to match a string and then produce a new string using a regular expression and a substitution string
See Regex Rewrite below.

• retract_cluster - Optional Block
Enable this option

• retry_policy - Optional Block
Retry policy configuration for route destination
See Retry Policy below.

• spdy_config - Optional Block
Request headers of such upgrade looks like below ‘connection’, ‘Upgrade’ ‘upgrade’, ‘SPDY/3.1’ Configuration to allow UPGRADE of connection to SPDY and any additional tuning With configuration to allow SPDY upgrade, ADC will produce following response ‘HTTP/1.1 101 Switching Protocols ‘Upgrade’
See Spdy Config below.

• timeout - Optional Number
Specifies the timeout for the route in milliseconds. This timeout includes all retries. For server-side streaming, configure this field with higher value or leave it un-configured for infinite timeout

• web_socket_config - Optional Block
Configuration to allow WebSocket Request headers of such upgrade looks like below ‘connection’, ‘Upgrade’ ‘upgrade’, ‘WebSocket’ With configuration to allow WebSocket upgrade, ADC will produce following response ‘HTTP/1.1 101 Switching Protocols ‘Upgrade’: ‘WebSocket’ ‘Connection’: ‘Upgrade’
See Web Socket Config below.

Routes Route Destination Buffer Policy

A buffer_policy block (within routes.route_destination) supports the following:

• disabled - Optional Bool
Disable buffering for a particular route. This is useful when virtual-host has buffering, but we need to disable it on a specific route. The value of this field is ignored for virtual-host

• max_request_bytes - Optional Number
The maximum request size that the filter will buffer before the connection manager will stop buffering and return a RequestEntityTooLarge (413) response

Routes Route Destination CORS Policy

A cors_policy block (within routes.route_destination) supports the following:

• allow_credentials - Optional Bool
Specifies whether the resource allows credentials

• allow_headers - Optional String
Specifies the content for the access-control-allow-headers header

• allow_methods - Optional String
Specifies the content for the access-control-allow-methods header

• allow_origin - Optional List
Specifies the origins that will be allowed to do CORS requests. An origin is allowed if either allow_origin or allow_origin_regex match

• allow_origin_regex - Optional List
Specifies regex patterns that match allowed origins. An origin is allowed if either allow_origin or allow_origin_regex match

• disabled - Optional Bool
Disable the CorsPolicy for a particular route. This is useful when virtual-host has CorsPolicy, but we need to disable it on a specific route. The value of this field is ignored for virtual-host

• expose_headers - Optional String
Specifies the content for the access-control-expose-headers header

• maximum_age - Optional Number
Specifies the content for the access-control-max-age header in seconds. This indicates the maximum number of seconds the results can be cached A value of -1 will disable caching. Maximum permitted value is 86400 seconds (24 hours)

Routes Route Destination CSRF Policy

A csrf_policy block (within routes.route_destination) supports the following:

• all_load_balancer_domains - Optional Block
Configuration parameter for all load balancer domains

• custom_domain_list - Optional Block
List of domain names used for Host header matching
See Custom Domain List below.

• disabled - Optional Block
Enable this option

Routes Route Destination CSRF Policy Custom Domain List

Deeply nested List block collapsed for readability.

Routes Route Destination Destinations

A destinations block (within routes.route_destination) supports the following:

• cluster - Optional Block
Indicates the upstream cluster to which the request should be sent. If the cluster does not exist ServiceUnavailable response will be sent
See Cluster below.

• endpoint_subsets - Optional Block
Upstream cluster may be configured to divide its endpoints into subsets based on metadata attached to the endpoints. Routes may then specify the metadata that an endpoint must match in order to be selected by the load balancer Labels field of endpoint object’s metadata is used for subset

• priority - Optional Number
Priority of this cluster, valid only with multiple destinations are configured. Value of 0 will make the cluster as lowest priority upstream cluster Priority of 1 means highest priority and is considered active. When active cluster is not available, lower priority clusters are made active as per

• weight - Optional Number
When requests have to distributed among multiple upstream clusters, multiple destinations are configured, each having its own cluster and weight. Traffic is distributed among clusters based on the weight configured

Routes Route Destination Destinations Cluster

A cluster block (within routes.route_destination.destinations) supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

Routes Route Destination Hash Policy

A hash_policy block (within routes.route_destination) supports the following:

• cookie - Optional Block
Two types of cookie affinity: 1. Passive. Takes a cookie that’s present in the cookies header and hashes on its value. 2. Generated. Generates and sets a cookie with an expiration (TTL) on the first request from the client in its response to the client, based on the endpoint the request gets
See Cookie below.

• header_name - Optional String
The name or key of the request header that will be used to obtain the hash key

• source_ip - Optional Bool
Hash based on source IP address

• terminal - Optional Bool
Terminal. Specify if its a terminal policy

Routes Route Destination Hash Policy Cookie

A cookie block (within routes.route_destination.hash_policy) supports the following:

• add_httponly - Optional Block
Configuration parameter for add httponly

• add_secure - Optional Block
Enable this option

• ignore_httponly - Optional Block
Configuration parameter for ignore httponly

• ignore_samesite - Optional Block
Enable this option

• ignore_secure - Optional Block
Enable this option

• name - Optional String
The name of the cookie that will be used to obtain the hash key. If the cookie is not present and TTL below is not set, no hash will be produced

• path - Optional String
The name of the path for the cookie. If no path is specified here, no path will be set for the cookie

• samesite_lax - Optional Block
Enable this option

• samesite_none - Optional Block
Enable this option

• samesite_strict - Optional Block
Enable this option

• ttl - Optional Number
If specified, a cookie with the TTL will be generated if the cookie is not present. If the TTL is present and zero, the generated cookie will be a session cookie. TTL value is in milliseconds

Routes Route Destination Mirror Policy

A mirror_policy block (within routes.route_destination) supports the following:

• cluster - Optional Block
Specifies the cluster to which the requests will be mirrored. The cluster object referred here must be present
See Cluster below.

• percent - Optional Block
Fraction used where sampling percentages are needed. Example sampled requests
See Percent below.

Routes Route Destination Mirror Policy Cluster

A cluster block (within routes.route_destination.mirror_policy) supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

Routes Route Destination Mirror Policy Percent

A percent block (within routes.route_destination.mirror_policy) supports the following:

• denominator - Optional String Defaults to HUNDRED
Possible values are HUNDRED, TEN_THOUSAND, MILLION
[Enum: HUNDRED|TEN_THOUSAND|MILLION] Denominator used in fraction where sampling percentages are needed. Example sampled requests Use hundred as denominator Use ten thousand as denominator Use million as denominator

• numerator - Optional Number
Sampled parts per denominator. If denominator was 10000, then value of 5 will be 5 in 10000

Routes Route Destination Query Params

A query_params block (within routes.route_destination) supports the following:

• remove_all_params - Optional Block
Configuration parameter for remove all params

• replace_params - Optional String

• retain_all_params - Optional Block
Configuration parameter for retain all params

Routes Route Destination Regex Rewrite

A regex_rewrite block (within routes.route_destination) supports the following:

• pattern - Optional String
The regular expression used to find portions of a string that should be replaced

• substitution - Optional String
The string that should be substituted into matching portions of the subject string during a substitution operation to produce a new string

Routes Route Destination Retry Policy

A retry_policy block (within routes.route_destination) supports the following:

• back_off - Optional Block
Specifies parameters that control retry back off
See Back Off below.

• num_retries - Optional Number Defaults to 1
Specifies the allowed number of retries. Retries can be done any number of times. An exponential back-off algorithm is used between each retry

• per_try_timeout - Optional Number
Specifies a non-zero timeout per retry attempt. In milliseconds

• retriable_status_codes - Optional List
HTTP status codes that should trigger a retry in addition to those specified by retry_on

• retry_condition - Optional List
Specifies the conditions under which retry takes place. Retries can be on different types of condition depending on application requirements. For example, network failure, all 5xx response codes, idempotent 4xx response codes, etc The possible values are ‘5xx’ : Retry will be done if the

Routes Route Destination Retry Policy Back Off

A back_off block (within routes.route_destination.retry_policy) supports the following:

• base_interval - Optional Number
Specifies the base interval between retries in milliseconds

• max_interval - Optional Number Defaults to 10
Specifies the maximum interval between retries in milliseconds. This parameter is optional, but must be greater than or equal to the base_interval if set. The times the base_interval

Routes Route Destination Spdy Config

A spdy_config block (within routes.route_destination) supports the following:

• use_spdy - Optional Bool
Specifies that the HTTP client connection to this route is allowed to upgrade to a SPDY connection

Routes Route Destination Web Socket Config

A web_socket_config block (within routes.route_destination) supports the following:

• use_websocket - Optional Bool
Specifies that the HTTP client connection to this route is allowed to upgrade to a WebSocket connection

Routes Route Direct Response

A route_direct_response block (within routes) supports the following:

• response_body_encoded - Optional String
Response body to send. Currently supported URL schemes is string:/// for which message should be encoded in base64 format. The message can be either plain text or HTML

• response_code - Optional Number
Response Code. Response code to send

Routes Route Redirect

A route_redirect block (within routes) supports the following:

• host_redirect - Optional String
Swap host part of incoming URL in redirect URL

• path_redirect - Optional String
swap path part of incoming URL in redirect URL

• prefix_rewrite - Optional String
In Redirect response, the matched prefix (or path) should be swapped with this value. This option allows redirect URLs be dynamically created based on the request

• proto_redirect - Optional String
Swap protocol part of incoming URL in redirect URL The protocol can be swapped with either HTTP or HTTPS When incoming-proto option is specified, swapping of protocol is not done

• remove_all_params - Optional Block
Configuration parameter for remove all params

• replace_params - Optional String

• response_code - Optional Number
The HTTP status code to use in the redirect response

• retain_all_params - Optional Block
Configuration parameter for retain all params

Routes Service Policy

A service_policy block (within routes) supports the following:

• disable_spec - Optional Bool
disable service policy at route level, if it is configured at virtual-host level

Routes WAF Exclusion Policy

A waf_exclusion_policy block (within routes) supports the following:

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

Routes WAF Type

A waf_type block (within routes) supports the following:

• app_firewall - Optional Block
List of references to the app_firewall configuration objects
See App Firewall below.

• disable_waf - Optional Block
Configuration parameter for disable WAF

• inherit_waf - Optional Block
Configuration parameter for inherit WAF

Routes WAF Type App Firewall

An app_firewall block (within routes.waf_type) supports the following:

• app_firewall - Optional Block
References to an Application Firewall configuration object
See App Firewall below.

Routes WAF Type App Firewall App Firewall

An app_firewall block (within routes.waf_type.app_firewall) supports the following:

• kind - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. ‘route’)

• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name

• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace

• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant

• uid - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

---

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
name	String	Name of the referenced object
namespace	String	Namespace containing the referenced object
tenant	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
LOWER_CASE	Convert to lowercase
UPPER_CASE	Convert to uppercase
BASE64_DECODE	Decodebase64 content
NORMALIZE_PATH	Normalize URL path
REMOVE_WHITESPACE	Remove whitespace characters
URL_DECODE	Decode URL-encoded characters
TRIM_LEFT	Trim leading whitespace
TRIM_RIGHT	Trim trailing whitespace
TRIM	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
ANY	Match any HTTP method
GET	HTTP GET request
HEAD	HTTP HEAD request
POST	HTTP POST request
PUT	HTTP PUT request
DELETE	HTTP DELETE request
CONNECT	HTTP CONNECT request
OPTIONS	HTTP OPTIONS request
TRACE	HTTP TRACE request
PATCH	HTTP PATCH request
COPY	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
TLS_FINGERPRINT_NONE	No fingerprint matching
ANY_MALICIOUS_FINGERPRINT	Match any known malicious fingerprint
ADWARE	Adware-associated fingerprints
DRIDEX	Dridex malware fingerprints
GOOTKIT	Gootkit malware fingerprints
RANSOMWARE	Ransomware-associated fingerprints
TRICKBOT	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
SPAM_SOURCES	Known spam sources
WINDOWS_EXPLOITS	Windows exploit sources
WEB_ATTACKS	Web attack sources
BOTNETS	Known botnet IPs
SCANNERS	Network scanner IPs
REPUTATION	Poor reputation IPs
PHISHING	Phishing-related IPs
PROXY	Anonymous proxy IPs
MOBILE_THREATS	Mobile threat sources
TOR_PROXY	Tor exit nodes
DENIAL_OF_SERVICE	DoS attack sources
NETWORK	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_route.example system/example