Open alifiroozi80 opened 5 months ago
Voting for Prioritization
Volunteering to Work on This Issue
@alifiroozi80 If I understand your requirements correctly, the managed_rule_group
block supports a rule_action_override
block argument is what you need. The Manage Rule example in the aws_wafv2_web_acl
resource doc provides an example to override the SizeRestrictions_QUERYSTRING
action to count. So your desired configuration might look something like what's below. Please test it out and close the issue if it works.
resource "aws_wafv2_web_acl" "herohunt_waf_acl" {
[...]
rule {
name = "AWSManagedRulesCommonRuleSet"
priority = 0
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
rule_action_override {
name = "CrossSiteScripting_URIPATH"
action_to_use {
allow {}
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWSManagedRulesCommonRuleSet"
sampled_requests_enabled = false
}
}
[...]
}
Hello Folks I've already implemented WAF in my infrastructure with the console. Now, I want to do it with Terraform.
Here is an example rule:
That managed rule contains a bunch of rules itself. And each one of them has a default action.
The console allows me to change either of those rules action.
For instance, I don't want to change the default action for any of them except
CrossSiteScripting_URIPATH
in this rule. I want to change its action (only that one) toAllow
.It's possible in the console, but I can't do such a thing in Terraform.
Now, I have to exclude that rule from managed rules and then create a custom rule to allow what the excluded rule would have blocked, which is ridiculous.
I am writing to ask for your support with this as well.
Many thanks in advance.