Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloudflare - Account WAF Feature #3018

Closed
LukeDCDS opened this issue Dec 19, 2023 · 2 comments
Closed

Cloudflare - Account WAF Feature #3018

LukeDCDS opened this issue Dec 19, 2023 · 2 comments
Labels
kind/enhancement Categorizes issue or PR as related to improving an existing feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@LukeDCDS
Copy link

Current Terraform and Cloudflare provider version

Terraform version 4.19.0

Description

There's no feature to add Account WAF to cloudflare accounts.

I think adding this will eliminate the need to reiterate through cloudflare zones via an array, provided the correct license is active

https://blog.cloudflare.com/account-waf/

Use cases

Using Account WAF to deploy a set of baseline rules across large number of zones.

Ease of use and deployment.

Potential Terraform configuration

# A hypothetical resource for managing Account WAF settings
resource "cloudflare_account_waf" "example" {
  account_id = var.account_id

  # Settings for the WAF configuration at the account level
  waf_settings {
    # Enable or disable WAF
    enabled = true

    # Action to take when a WAF rule is triggered
    default_action = "challenge"

    # Anomaly score threshold
    anomaly_score_threshold = 50

    # Configure individual rules or rule groups
    rule {
      id      = "100001"
      action  = "block"
      enabled = true
    }

    rule {
      id      = "100002"
      action  = "challenge"
      enabled = true
    }

    # Override settings for specific domains within the account
    domain_overrides {
      domain = "example.com"
      action = "simulate"
    }

    domain_overrides {
      domain = "anotherexample.com"
      action = "block"
    }
  }
}
...

References

No response
@LukeDCDS LukeDCDS added kind/enhancement Categorizes issue or PR as related to improving an existing feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Dec 19, 2023
@github-actions GitHub Actions
Copy link
Contributor

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@jacobbednarz
Copy link
Member

managing the WAF configuration at the account level is already supported through the cloudflare_ruleset resource.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to improving an existing feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jacobbednarz @LukeDCDS