Skip to content

Commit

Permalink
Allow OR statement inside AND statement (#96)
Browse files Browse the repository at this point in the history 
* Allow OR statement inside AND statement in all places

* add functionality to examples

---------

Co-authored-by: Abdul Wahid <[email protected]>
  • Loading branch information
@reloadedd @Ohid25
reloadedd and Ohid25 authored May 12, 2023
1 parent 486e0d8 commit 240117f
Show file tree
Hide file tree
Showing 2 changed files with 1,265 additions and 9 deletions.
109 changes: 106 additions & 3 deletions examples/wafv2-and-or-rules/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,25 @@ resource "aws_wafv2_ip_set" "custom_ip_set" {
]
}

resource "aws_wafv2_regex_pattern_set" "bad_bots_user_agent" {
name = "BadBotsUserAgent"
description = "Some bots regex pattern set example"
scope = "REGIONAL"

regular_expression {
regex_string = "semrushbot|censysinspect"
}

regular_expression {
regex_string = "blackwidow|acunetix-*"
}

tags = {
Name = "RegexBadBots"
Environment = "WAFv2"
}
}

#####
# Web Application Firewall configuration
#####
Expand Down Expand Up @@ -76,6 +95,7 @@ module "waf" {
field_to_match = {
uri_path = "{}"
}

positional_constraint = "STARTS_WITH"
search_string = "/path/to/match"
priority = 0
Expand Down Expand Up @@ -113,6 +133,7 @@ module "waf" {
field_to_match = {
body = "{}"
}

positional_constraint = "CONTAINS"
search_string = "@hotmail.com"
priority = 0
Expand All @@ -129,8 +150,8 @@ module "waf" {
},
{
### AND rule example with NOT statement
name = "block-specific-uri-path-and-requests-from-nl-gb-and-us"
priority = 2
name = "block-specific-uri-path-and-not-requests-from-nl-gb-and-us"
priority = 4
action = "block"

and_statement = {
Expand All @@ -140,6 +161,7 @@ module "waf" {
field_to_match = {
uri_path = "{}"
}

positional_constraint = "STARTS_WITH"
search_string = "/path/to/match"
priority = 0
Expand All @@ -154,12 +176,13 @@ module "waf" {
{
not_statement = {
regex_pattern_set_reference_statement = {
arn = aws_wafv2_ip_set.custom_regex_pattern_set.arn
arn = aws_wafv2_regex_pattern_set.bad_bots_user_agent.arn
field_to_match = {
single_header = {
name = "user-agent"
}
}

priority = 0
type = "LOWERCASE" # The text transformation type
}
Expand All @@ -173,6 +196,86 @@ module "waf" {
sampled_requests_enabled = false
}
},

{
#### AND rule with OR statement
name = "block-specific-uri"
priority = 5
action = "block"

rate_based_statement = {
aggregate_key_type = "IP"
limit = 123

scope_down_statement = {
and_statement = {
statements = [
{
or_statement = {
statements = [
{
byte_match_statement = {
positional_constraint = "EXACTLY"
search_string = "some.url.com"

field_to_match = {

single_header = {
name = "host"
}
}

priority = 0
type = "NONE"
}

},
{
byte_match_statement = {
positional_constraint = "EXACTLY"
search_string = "some.other.url.com"

field_to_match = {
single_header = {
name = "host"
}
}

priority = 0
type = "NONE"
}

}
]
}
},
{
byte_match_statement = {
positional_constraint = "STARTS_WITH"
search_string = "/whatever"

field_to_match = {

uri_path = "{}"
}

priority = 0
type = "NONE"
}
}

]
}
}
}

visibility_config = {
cloudwatch_metrics_enabled = false
sampled_requests_enabled = false
metric_name = "whatever-metric"

}
}
]

tags = {
Expand Down
Loading

0 comments on commit 240117f

Please sign in to comment.