-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathratelimit-rules.tf
79 lines (70 loc) · 1.66 KB
/
ratelimit-rules.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
resource "sigsci_site_rule" "rate-limit-foreign-domains" {
site_short_name = var.sigsci_site
type = "rateLimit"
group_operator = "all"
enabled = true
reason = "Too many attempts for invalid domain"
signal = "site.counting"
expiration = ""
depends_on = [
sigsci_site_signal_tag.domain-request,
sigsci_site_signal_tag.counting
]
conditions {
field = "signal"
operator = "doesNotExist"
type = "multival"
group_operator = "all"
conditions {
field = "signalType"
operator = "equals"
type = "single"
value = "site.domain-request"
}
}
rate_limit = {
duration = 600
interval = 1
threshold = 100
}
actions {
response_code = 429
signal = "site.domain-request"
type = "blockSignal"
}
}
resource "sigsci_site_rule" "suspected-attacker" {
site_short_name = var.sigsci_site
type = "rateLimit"
group_operator = "all"
enabled = true
reason = "Suspected Attacker"
signal = "site.suspected-attacker"
expiration = ""
depends_on = [
sigsci_site_signal_tag.suspected-attacker,
sigsci_site_signal_tag.domain-request
]
conditions {
field = "responseHeader"
operator = "exists"
type = "multival"
group_operator = "all"
conditions {
field = "valueString"
operator = "like"
type = "single"
value = "[4-5][0-9][0-9]"
}
}
rate_limit = {
duration = 600
interval = 1
threshold = 100
}
actions {
response_code = 429
signal = "site.domain-request"
type = "blockSignal"
}
}