-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathngwaf.tf
56 lines (51 loc) · 1.48 KB
/
ngwaf.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#######################################################################
## sigsci site and ngwaf@edge config
#######################################################################
resource "sigsci_site" "demo_site" {
display_name = var.site_name
short_name = var.site_name
agent_level = "block"
}
# deploy a managed ngwaf@edge agent on the fastly side
resource "sigsci_edge_deployment" "ngwaf_edge_demo" {
site_short_name = sigsci_site.demo_site.short_name
}
# link the varnish service to the ngwaf@edge agent backend
resource "sigsci_edge_deployment_service" "ngwaf_edge_demo_link" {
site_short_name = sigsci_edge_deployment.ngwaf_edge_demo.site_short_name
fastly_sid = fastly_service_vcl.demo_service.id
activate_version = true
percent_enabled = 100
}
# create a list
resource "sigsci_corp_list" "sanctioned-countries" {
name = "Sanctioned Countries"
type = "country"
description = "List of Sanctioned Countries"
entries = [
"RU",
"CU",
"KP",
"IR"
]
}
# block traffic using the list
resource "sigsci_corp_rule" "sanctions" {
depends_on = [sigsci_corp_list.sanctioned-countries]
reason = "sanctions"
enabled = true
corp_scope = "global"
type = "request"
expiration = ""
requestlogging = "sampled"
group_operator = "any"
conditions {
type = "single"
field = "country"
operator = "inList"
value = "corp.sanctioned-countries"
}
actions {
type = "block"
}
}