| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 |
- data "aws_caller_identity" "current" {}
- resource "aws_wafregional_web_acl" "wafregional_acl" {
- name = "${var.waf_prefix}-generic-owasp-acl"
- metric_name = "${var.waf_prefix}genericowaspacl"
- logging_configuration {
- log_destination = "arn:aws-us-gov:firehose:us-gov-east-1:${data.aws_caller_identity.current.account_id}:deliverystream/aws-waf-logs-splunk"
- }
- default_action {
- type = "ALLOW"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 1
- rule_id = aws_wafregional_rule.restrict_sizes.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 2
- rule_id = aws_wafregional_rule.detect_blacklisted_ips.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 3
- rule_id = aws_wafregional_rule.detect_bad_auth_tokens.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 4
- rule_id = aws_wafregional_rule.mitigate_sqli.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 5
- rule_id = aws_wafregional_rule.mitigate_xss.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 6
- rule_id = aws_wafregional_rule.detect_rfi_lfi_traversal.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 7
- rule_id = aws_wafregional_rule.detect_php_insecure.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 8
- rule_id = aws_wafregional_rule.enforce_csrf.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 9
- rule_id = aws_wafregional_rule.detect_ssi.id
- type = "REGULAR"
- }
- rule {
- action {
- type = "BLOCK"
- }
- priority = 10
- rule_id = aws_wafregional_rule.detect_admin_access.id
- type = "REGULAR"
- }
- }
|
