forked from williamoverton/Fastly-Training-Demos
/
main.step2
135 lines (107 loc) · 3.75 KB
/
main.step2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Configure the Fastly Provider
provider "fastly" {
api_key = var.FASTLY_API_KEY
}
#### Fastly VCL Service - Start
resource "fastly_service_vcl" "frontend-vcl-service" {
name = "Frontend VCL Service - NGWAF edge deploy ${var.USER_DOMAIN_NAME}"
domain {
name = var.USER_DOMAIN_NAME
comment = "Frontend VCL Service - NGWAF edge deploy"
}
backend {
address = var.USER_VCL_SERVICE_BACKEND_HOSTNAME
name = "vcl_service_origin"
port = 443
use_ssl = true
ssl_cert_hostname = var.USER_VCL_SERVICE_BACKEND_HOSTNAME
ssl_sni_hostname = var.USER_VCL_SERVICE_BACKEND_HOSTNAME
override_host = var.USER_VCL_SERVICE_BACKEND_HOSTNAME
}
# Dictionary for NGWAF Edge deployment
dictionary {
name = var.Edge_Security_dictionary
force_destroy = true
}
#### NGWAF Dynamic Snippets - MANAGED BY FASTLY - Start
dynamicsnippet {
name = "ngwaf_config_init"
type = "init"
priority = 0
}
dynamicsnippet {
name = "ngwaf_config_miss"
type = "miss"
priority = 9000
}
dynamicsnippet {
name = "ngwaf_config_pass"
type = "pass"
priority = 9000
}
dynamicsnippet {
name = "ngwaf_config_deliver"
type = "deliver"
priority = 9000
}
#### NGWAF Dynamic Snippets - MANAGED BY FASTLY - End
force_destroy = true
}
resource "fastly_service_dictionary_items" "edge_security_dictionary_items" {
for_each = {
for d in fastly_service_vcl.frontend-vcl-service.dictionary : d.name => d if d.name == var.Edge_Security_dictionary
}
service_id = fastly_service_vcl.frontend-vcl-service.id
dictionary_id = each.value.dictionary_id
items = {
Enabled: "0"
}
}
resource "fastly_service_dynamic_snippet_content" "ngwaf_config_init" {
for_each = {
for d in fastly_service_vcl.frontend-vcl-service.dynamicsnippet : d.name => d if d.name == "ngwaf_config_init"
}
service_id = fastly_service_vcl.frontend-vcl-service.id
snippet_id = each.value.snippet_id
content = "### Fastly managed ngwaf_config_init"
manage_snippets = false
}
resource "fastly_service_dynamic_snippet_content" "ngwaf_config_miss" {
for_each = {
for d in fastly_service_vcl.frontend-vcl-service.dynamicsnippet : d.name => d if d.name == "ngwaf_config_miss"
}
service_id = fastly_service_vcl.frontend-vcl-service.id
snippet_id = each.value.snippet_id
content = "### Fastly managed ngwaf_config_miss"
manage_snippets = false
}
resource "fastly_service_dynamic_snippet_content" "ngwaf_config_pass" {
for_each = {
for d in fastly_service_vcl.frontend-vcl-service.dynamicsnippet : d.name => d if d.name == "ngwaf_config_pass"
}
service_id = fastly_service_vcl.frontend-vcl-service.id
snippet_id = each.value.snippet_id
content = "### Fastly managed ngwaf_config_pass"
manage_snippets = false
}
resource "fastly_service_dynamic_snippet_content" "ngwaf_config_deliver" {
for_each = {
for d in fastly_service_vcl.frontend-vcl-service.dynamicsnippet : d.name => d if d.name == "ngwaf_config_deliver"
}
service_id = fastly_service_vcl.frontend-vcl-service.id
snippet_id = each.value.snippet_id
content = "### Fastly managed ngwaf_config_deliver"
manage_snippets = false
}
#### Fastly VCL Service - End
output "live_waf_love_ngwaf_edge_deploy" {
value = <<tfmultiline
#### Click the URL to go to the Fastly VCL service ####
https://cfg.fastly.com/${fastly_service_vcl.frontend-vcl-service.id}
#### Send a test request with curl. ####
curl -i "https://${var.USER_DOMAIN_NAME}/anything/whydopirates?likeurls=theargs" -d foo=bar
#### Send an test as traversal with curl. ####
curl -i "https://${var.USER_DOMAIN_NAME}/anything/myattackreq?i=../../../../etc/passwd" -d foo=bar
tfmultiline
description = "Output hints on what to do next."
}