Skip to content

Commit

Permalink
more examples (ansible-collections#821)
Browse files Browse the repository at this point in the history
wafv2_web_acl: more examples

SUMMARY
Closes: ansible-collections#819

More examples
Ref to official documentation for managed rules

ISSUE TYPE

Docs Pull Request

COMPONENT NAME

wafv2_wab_acl

Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
  • Loading branch information
markuman authored Dec 10, 2021
1 parent 08f95cc commit 9790a36
Showing 1 changed file with 55 additions and 1 deletion.
56 changes: 55 additions & 1 deletion plugins/modules/wafv2_web_acl.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@
rules:
description:
- The Rule statements used to identify the web requests that you want to allow, block, or count.
- For a list of managed rules see U(https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).
type: list
elements: dict
suboptions:
Expand Down Expand Up @@ -111,7 +112,7 @@
metric_name: blub
rules:
- name: zwei
priority: 2
priority: 0
action:
block: {}
visibility_config:
Expand All @@ -137,6 +138,59 @@
managed_rule_group_statement:
vendor_name: AWS
name: AWSManagedRulesAdminProtectionRuleSet
# AWS Managed Bad Input Rule Set
# but allow PROPFIND_METHOD used e.g. by webdav
- name: bad_input_protect_whitelist_webdav
priority: 2
override_action:
none: {}
visibility_config:
sampled_requests_enabled: yes
cloud_watch_metrics_enabled: yes
metric_name: bad_input_protect
statement:
managed_rule_group_statement:
vendor_name: AWS
name: AWSManagedRulesKnownBadInputsRuleSet
excluded_rules:
- name: PROPFIND_METHOD
# Rate Limit example. 1500 req/5min
# counted for two domains via or_statement. login.mydomain.tld and api.mydomain.tld
- name: rate_limit_example
priority: 3
action:
block: {}
visibility_config:
sampled_requests_enabled: yes
cloud_watch_metrics_enabled: yes
metric_name: mydomain-ratelimit
statement:
rate_based_statement:
limit: 1500
aggregate_key_type: IP
scope_down_statement:
or_statement:
statements:
- byte_match_statement:
search_string: login.mydomain.tld
positional_constraint: CONTAINS
field_to_match:
single_header:
name: host
text_transformations:
- type: LOWERCASE
priority: 0
- byte_match_dtatement:
search_string: api.mydomain.tld
positional_constraint: CONTAINS
field_to_match:
single_header:
name: host
text_transformations:
- type: LOWERCASE
priority: 0
tags:
A: B
C: D
Expand Down

0 comments on commit 9790a36

Please sign in to comment.