This terraform module creates a Global Web Application Firewall(WAF) Web Acl to be used with Cloudfront.
Dynamic rules:
- SQL Injection
- Filter requests that contain possible malicious SQL code. The condition includes filters that evaluate the following parts of requests:
- Query string (URL & HTML decode transformation)
- URI (URL & HTML decode transformation)
- Body (URL & HTML decode transformation)
- Filter requests that contain possible malicious SQL code. The condition includes filters that evaluate the following parts of requests:
- Cross Site Scripting
- Filters requests that contain possible malicious scripts. The condition includes filters that evaluate the following parts of requests:
- Query string (URL & HTML decode transformation)
- URI (URL & HTML decode transformation)
- Body (URL & HTML decode transformation)
- Filters requests that contain possible malicious scripts. The condition includes filters that evaluate the following parts of requests:
- IP Blacklist
- Any IP range add here will be restricted to access the service
- Network Blacklist
- Any network range add here will be restricted to access the service
module "waf_acl" {
# source = "git::https://github.com/DNXLabs/terraform-aws-waf.git?ref=0.1.0"
sql_injection = true
cross_site_scripting = true
ip_blacklist = {
enable = true
list = [
"10.0.0.0/24",
"192.168.0.0/16"
]
}
}
Name | Version |
---|---|
terraform | >= 0.12.0 |
Name | Version |
---|---|
aws | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cross_site_scripting | n/a | bool |
"false" |
no |
ip_blacklist | n/a | object({ |
{ |
no |
sql_injection | n/a | bool |
"false" |
no |
Name | Description |
---|---|
id | WAF ACL arn to be consumed |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.