Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom Block Response #56

Merged
merged 16 commits into from
May 17, 2022
Merged

Custom Block Response #56

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
158c862
[Block] custom_response http status code.
rsmets May 14, 2022
67b3ab1
[README] updated with input info.
rsmets May 14, 2022
76ea15c
[Variable] definition typo in type fix.
rsmets May 14, 2022
f359974
[Formatting]
rsmets May 14, 2022
70baae9
[Custom Response] handling on per rules basis with dynamic block defi…
rsmets May 16, 2022
3e22c64
[Formatting] main.tf
rsmets May 16, 2022
d76604b
[make] validate.
rsmets May 16, 2022
e091118
[make] changelog
rsmets May 16, 2022
b4c561b
[README] updated to list custom responses capabilities.
rsmets May 16, 2022
0766d35
[Custom Response Bodies] supported for multiplexed custom body defini…
rsmets May 16, 2022
1cc10e7
[Examples] fix.
rsmets May 17, 2022
a451063
[Custom Response] block variable input.
rsmets May 17, 2022
68d6460
[Examples] typo fix.
rsmets May 17, 2022
8eae1b6
[refactor] response_key to custom_response_body_key to better match u…
rsmets May 17, 2022
b4ff784
[Variable] typo fix.
rsmets May 17, 2022
128d9be
[Changelog]
rsmets May 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,8 @@ No modules.
| <a name="input_rules"></a> [rules](#input\_rules) | List of WAF rules. | `any` | `[]` | no |
| <a name="input_scope"></a> [scope](#input\_scope) | Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider. | `string` | `"REGIONAL"` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | A map of tags (key-value pairs) passed to resources. | `map(string)` | `{}` | no |
| <a name="input_visibility_config"></a> [visibility\_config](#input\_visibility\_config) | Visibility config for WAFv2 web acl. https://www.terraform.io/docs/providers/aws/r/wafv2_web_acl.html#visibility-configuration | `map(string)` | `{}` | no |
| <a name="input_visibility_config"></a> [visibility\_config](#input\_visibility\_config) | Visibility config for WAFv2 web acl. https://www.terraform.io/docs/providers/aws/r/wafv2_web_acl.
| <a name="custom_response_code"></a> [custom\_response\_code](#input\_custom\_response\_code) | A custom HTTP response status code for block actions. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#custom-response | `number` | 403 | no |

## Outputs

Expand Down
12 changes: 10 additions & 2 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ resource "aws_wafv2_web_acl" "main" {

dynamic "block" {
for_each = var.allow_default_action ? [] : [1]
content {}
content {
custom_response {
response_code = var.custom_response_code
Copy link
Contributor

@Ohid25 Ohid25 May 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
response_code = var.custom_response_code
response_code = lookup(rule.custom_response, 403)

Instead of using a variable, a lookup function should be used since these arguments are filled in via the rules variable. This would eliminate the need to create a standalone variable for this.

Also, from the docs you sent I can see that there are two other arguments that can be used here based on terraform docs:

    "Block": {
     "CustomResponse": {
      "CustomResponseBodyKey": "CustomResponseBodyKey1",
      "ResponseCode": 404,
      "ResponseHeaders": [
       {
        "Name": "BlockActionHeader1Name",
        "Value": "BlockActionHeader1Value"
       }
      ]
     }

Can you please add these too?

}
}
}
}

Expand All @@ -43,7 +47,11 @@ resource "aws_wafv2_web_acl" "main" {

dynamic "block" {
for_each = lookup(rule.value, "action", {}) == "block" ? [1] : []
content {}
content {
custom_response {
response_code = var.custom_response_code
}
}
}
}
}
Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,3 +86,9 @@ variable "description" {
description = "A friendly description of the WebACL"
default = null
}

variable "custom_response_code" {
type = number
description = "The HTTP response code for non managed rule group statements block actions."
default = 403
}