-
Notifications
You must be signed in to change notification settings - Fork 78
/
wafdmain.tf.go
90 lines (76 loc) · 2.23 KB
/
wafdmain.tf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package src
const WafdMain = `
##############
# NETWORK part
##############
resource "opentelekomcloud_vpc_v1" "vpc" {
name = var.environment
cidr = var.vpc_cidr
shared = true
}
resource "opentelekomcloud_vpc_subnet_v1" "subnet" {
name = var.environment
vpc_id = opentelekomcloud_vpc_v1.vpc.id
cidr = var.subnet_cidr
gateway_ip = var.subnet_gateway_ip
primary_dns = var.subnet_primary_dns
secondary_dns = var.subnet_secondary_dns
}
data "opentelekomcloud_networking_secgroup_v2" "default_secgroup" {
name = "default"
}
####################
# WAFD INSTANCE part
####################
resource "opentelekomcloud_waf_dedicated_instance_v1" "wafd_1" {
name = "wafd_throttling_test"
availability_zone = var.wafd_az
specification = "waf.instance.professional"
flavor = var.wafd_flavor
architecture = var.wafd_arch
vpc_id = opentelekomcloud_vpc_subnet_v1.subnet.vpc_id
subnet_id = opentelekomcloud_vpc_subnet_v1.subnet.network_id
security_group = [
data.opentelekomcloud_networking_secgroup_v2.default_secgroup.id
]
}
##################
# WAFD DOMAIN part
##################
resource "opentelekomcloud_waf_dedicated_policy_v1" "policy_1" {
name = "policy_throttling"
}
resource "opentelekomcloud_waf_dedicated_domain_v1" "domain_1" {
domain = "www.wafd.throttling-test.com"
keep_policy = true
proxy = true
policy_id = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
server {
client_protocol = "HTTP"
server_protocol = "HTTP"
address = "10.1.0.10"
port = 8080
type = "ipv4"
vpc_id = opentelekomcloud_vpc_subnet_v1.subnet.vpc_id
}
}
######################
# WAFD RULES part / 30
######################
resource "opentelekomcloud_waf_dedicated_cc_rule_v1" "rule_cc" {
count = 30
policy_id = opentelekomcloud_waf_dedicated_policy_v1.policy_1.id
mode = 0
url = "/abc_${count.index}"
limit_num = 10
limit_period = 60
lock_time = 10
tag_type = "cookie"
tag_index = "sessionid"
action {
category = "block"
content_type = "application/json"
content = "{\"error\":\"forbidden\"}"
}
}
`