Skip to content

challenge and js_challenge support for cloudflare_rate_limit #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jdarley opened this issue Nov 28, 2018 · 3 comments
Closed

challenge and js_challenge support for cloudflare_rate_limit #171

jdarley opened this issue Nov 28, 2018 · 3 comments

Comments

@jdarley
Copy link

jdarley commented Nov 28, 2018

I've recently been looking at migrating all of my organization's Cloudflare configuration into a Terraform project to allow us to quickly and easily provision new zones.

We have some rate limits in place which require the challenge and js_challenge actions to be applied to traffic. At present only simulate and ban actions are allowed in the cloudflare_rate_limit.action.mode field the current version of the cloudflare-provider.

Cloudflare's API documentation hints that if the mode is either challenge or js_challenge then cloudflare_rate_limit.action.timeout and cloudflare_rate_limit.action.response should not be provided.

I've made modifications to the cloudflare-provider locally to allow these these new modes and to make timeout optional and have successfully managed to Terraform the rate limit as expected. I would raise a PR, though want to ensure that these two modes weren't explicitly excluded before doing so.

Terraform Version

Terraform v0.11.10

Affected Resource(s)

  • cloudflare_rate_limit

Terraform Configuration Files

resource "cloudflare_rate_limit" "failed_login" {  
  zone = "${cloudflare_zone.example.zone}"  
  threshold = 15  
  period = 60  
  match {  
    request {  
      url_pattern = "${cloudflare_zone.example.zone}/auth/login"  
  schemes = ["HTTP", "HTTPS"]  
      methods = ["_ALL_"]  
    }  
    response {  
      statuses = [400, 401, 403, 429, 500]  
      origin_traffic = false  
  }  
  }  
  action {  
    mode = "js_challenge"  
  }  
  disabled = false  
  description = "Failed Login Throttling"  
}

Expected Behavior

Creation of a Cloudflare rate-limit which applies a JS Challenge to matching traffic.

Actual Behavior

Error: cloudflare_rate_limit.failed_login: expected action.0.mode to be one of [simulate ban], got js_challenge
@jacobbednarz
Copy link
Contributor

Howdy @jdarley! You're spot on regarding the missing mode values, they should be present. IIRC, the reasoning is that the resource was added before those two were acceptable values and it just hasn't been needed since.

Big 👍 to seeing a PR for this!

@jdarley jdarley mentioned this issue Nov 30, 2018
Merged
@jdarley
Copy link
Author

jdarley commented Nov 30, 2018
edited
Loading

I've raised PR 172 which adds the challenge and js_challenge functionality.

@patryk
Copy link

patryk commented Jan 7, 2019

Fixed by #172. Thanks!

@patryk patryk closed this as completed Jan 7, 2019
@jamfish jamfish mentioned this issue Apr 22, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@patryk @jacobbednarz @jdarley