Open sterichards opened 1 year ago
Hi @sterichards Did you find any solution to this? Seems like it only support single request type
Hi @sterichards Did you find any solution to this? Seems like it only support single request type
Hello,
No, I didn't find a solution
I had to generate a long list of supported countries and pass them in, omitting what I didn't want
And I had to break the files up into multiple files to get around the 50 limit
So my Terraform looks like this:
geo_match_statement_rules = [
{
name = "disallowed-countries-50"
action = "block"
priority = 50
statement = {
country_codes = split("\n", file("./blocked-country-codes/set-1.txt"))
}
visibility_config = {
cloudwatch_metrics_enabled = true
sampled_requests_enabled = false
metric_name = "disallowed-countries-metric"
}
},
{
name = "disallowed-countries-51"
action = "block"
priority = 51
statement = {
country_codes = split("\n", file("./blocked-country-codes/set-2.txt"))
}
visibility_config = {
cloudwatch_metrics_enabled = true
sampled_requests_enabled = false
metric_name = "disallowed-countries-metric"
}
}
Describe the Feature
When building WAF rules in AWS, it's possible to specify Doesn't match the statement (NOT)
This module only seems to support matches
Expected Behavior
Being able to supply a rule only runs when a statement is not matched
EG - "Does not originate from a country"
Use Case
It would allow to supply a list of countries to allow requests from whilst blocking requests from countries that are not specified
Describe Ideal Solution
A does not match statement
Alternatives Considered
No response
Additional Context
I can't use a block list against countries because it is too large and I get the following error:
'rules.6.member.statement.geoMatchStatement.countryCodes' failed to satisfy constraint: Member must have length less than or equal to 50"