Home Explore Help
Register Sign In
AFS
/
xdr-terraform-modules
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 7e3737ba35
Branches Tags
xdr-terraform-m...
/
base
/
customer_portal
/
waf.tf

waf.tf 930 B
History Raw

12345678910111213141516171819202122 
  1. module "waf" {
    2. 

  2.   source = "../../submodules/wafv2"
    3. 

  3. 

  4.   # Custom to resource
    5. 

  5.   allowed_ips = [ ] # bypasses filters, so should not be needed/used unless warranted. We previously did var.admin_remote_ipset, but that seems like a bad idea
    6. 

  6.   additional_blocked_ips = [ ] # NOTE: There is a standard list in the submodule
    7. 

  7.   admin_ips = concat(var.zscalar_ips, var.admin_ips)
    8. 

  8.   resource_arn = aws_alb.portal.arn
    9. 

  9.   fqdns = keys(module.public_dns_record.forward) # first entry in list will be the WAF name
    10. 

  10. 

  11.   excluded_rules_AWSManagedRulesCommonRuleSet = [
    12. 

  12.     "SizeRestrictions_BODY",
    13. 

  13.     "GenericRFI_BODY",             # Blocks portal lambda MSOCI-2060
    14. 

  14.     "CrossSiteScripting_BODY",     # Blocks portal API MSOCI-2121
    15. 

  15.   ]
    16. 

  16. 

  17.   # These are passed through and should be the same for module
    18. 

  18.   tags = merge(var.standard_tags, var.tags)
    19. 

  19.   aws_partition = var.aws_partition
    20. 

  20.   aws_region = var.aws_region
    21. 

  21.   aws_account_id = var.aws_account_id
    22. 

  22. }
    23.