This terraform module creates a Global Web Application Firewall(WAF) Web Acl to be used with Cloudfront.
Dynamic rules:
- SQL Injection
- Filter requests that contain possible malicious SQL code. The condition includes filters that evaluate the following parts of requests:
- Query string (URL & HTML decode transformation)
- URI (URL & HTML decode transformation)
- Body (URL & HTML decode transformation)
- Filter requests that contain possible malicious SQL code. The condition includes filters that evaluate the following parts of requests:
- Cross Site Scripting
- Filters requests that contain possible malicious scripts. The condition includes filters that evaluate the following parts of requests:
- Query string (URL & HTML decode transformation)
- URI (URL & HTML decode transformation)
- Body (URL & HTML decode transformation)
- Filters requests that contain possible malicious scripts. The condition includes filters that evaluate the following parts of requests:
- IP Blacklist
- Any IP range add here will be restricted to access the service
- Network Blacklist
- Any network range add here will be restricted to access the service
module "waf_acl" {
# source = "git::https://github.com/DNXLabs/terraform-aws-waf.git?ref=0.1.0"
sql_injection = true
cross_site_scripting = true
ip_blacklist = {
enable = true
list = [
"10.0.0.0/24",
"192.168.0.0/16"
]
}
}| Name | Version |
|---|---|
| terraform | >= 0.12.0 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cross_site_scripting | n/a | bool |
"false" |
no |
| ip_blacklist | n/a | object({ |
{ |
no |
| sql_injection | n/a | bool |
"false" |
no |
| Name | Description |
|---|---|
| id | WAF ACL arn to be consumed |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.