Module: `waf-rulesets`

Terraform module to manage CloudFlare WAF rulesets.

NOTE: This module is a hard fork of Innovation Norway's terraform module and adapted to Cloud Posse conventions.

Usage

For a complete example, see examples/complete.

For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see test.

module "label" {
  source = "cloudposse/label/null"
  # Cloud Posse recommends pinning every module to a specific version
  # version = "x.x.x"
  namespace  = "eg"
  stage      = "prod"
  name       = "waf"
  attributes = ["cf"]
  delimiter  = "-"
}

module "waf_rulesets" {
  source = "cloudposse/waf-rulesets/cloudflare"
  # Cloud Posse recommends pinning every module to a specific version
  # version = "x.x.x"
  zone = "cloudposse.co"

  rulesets = [
    {
      name        = "OWASP ModSecurity Core Rule Set"
      mode        = "simulate"
      sensitivity = "off"
      rule_groups = [
        {
          name = "OWASP Bad Robots"
          mode = "on"
          rules = [
            {
              id   = "990012" # Rogue web site crawler
              mode = "off"
            },
          ]
        },
      ]
    },
  ]

  context = module.label.context
}

Examples

Here is an example of using this module:

examples/complete - complete example of using this module

Module: waf-rulesets

Usage​

Examples​

Module: `waf-rulesets`

Usage

Examples