Azure Question posted in
The official documentation to get you started can be found here.

Azure waf custom terraform configuration is throwing error for match_variables

I’m adding waf configuration to avoid when ever "–BEGIN PUBLIC KEY—" is matching but terraform is throwing error about some required options

  name                = "example-wafpolicy"
  resource_group_name = azurerm_resource_group.rg.name
  location            = "Global"

  custom_rules {
    name     = "MatchPublicKey"
    priority = 1
    rule_type = "MatchRule"
    action   = "Block"

    match_conditions {
      match_variable = "RequestBody"
      operator       = "RegexMatch"
      match_values   = ["--BEGIN PUBLIC KEY---"]
    }
  }

  managed_rules {
    managed_rule_set {
      version = "1.1"
    }
  }
}```

```Too few blocks specified for "match_variables": At least 1 block(s) are expected for "match_variables"Terraform
Unexpected attribute: An attribute named "match_variable" is not expected hereTerraform
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_firewall_policy

    need follow this doc for the solution.

    resource "azurerm_cdn_frontdoor_firewall_policy" "example"

    is the correct resource to use


  2. 0

    Azure waf custom policy configuration is throwoing error for match_variables using terraform

    As per the latest terraform registry you should mention the match_variables within match_conditions and use the variable_name attribute instead of match_variable

    Demo configuration:

    resource "azurerm_cdn_frontdoor_firewall_policy" "example" {
  name                              = "vinaycdnfdwafpolicy"
  resource_group_name               = azurerm_resource_group.example.name
  sku_name                          = azurerm_cdn_frontdoor_profile.example.sku_name
  enabled                           = true
  mode                              = "Prevention"
  redirect_url                      = "https://www.contoso.com"
  custom_block_response_status_code = 403
  custom_block_response_body        = "PGh0bWw+CjxoZWFkZXI+PHRpdGxlPkhlbGxvPC90aXRsZT48L2hlYWRlcj4KPGJvZHk+CkhlbGxvIHdvcmxkCjwvYm9keT4KPC9odG1sPg=="

  custom_rule {
    name                           = "Rule1"
    enabled                        = true
    priority                       = 1
    rate_limit_duration_in_minutes = 1
    rate_limit_threshold           = 10
    type                           = "MatchRule"
    action                         = "Block"

    match_condition {
      match_variable     = "RemoteAddr"
      operator           = "IPMatch"
      negation_condition = false
      match_values       = ["10.0.1.0/24", "10.0.0.0/24"]
    }
  }

  custom_rule {
    name                           = "Rule2"
    enabled                        = true
    priority                       = 2
    rate_limit_duration_in_minutes = 1
    rate_limit_threshold           = 10
    type                           = "MatchRule"
    action                         = "Block"

    match_condition {
      match_variable     = "RemoteAddr"
      operator           = "IPMatch"
      negation_condition = false
      match_values       = ["192.168.1.0/24"]
    }

    match_condition {
      match_variable     = "RequestHeader"
      selector           = "UserAgent"
      operator           = "Contains"
      negation_condition = false
      match_values       = ["windows"]
      transforms         = ["Lowercase", "Trim"]
    }
  }

  managed_rule {
    type    = "DefaultRuleSet"
    version = "1.0"
    action  = "Block"

    exclusion {
      match_variable = "QueryStringArgNames"
      operator       = "Equals"
      selector       = "not_suspicious"
    }

    override {
      rule_group_name = "PHP"

      rule {
        rule_id = "933100"
        enabled = false
        action  = "Block"
      }
    }

    override {
      rule_group_name = "SQLI"

      exclusion {
        match_variable = "QueryStringArgNames"
        operator       = "Equals"
        selector       = "really_not_suspicious"
      }

      rule {
        rule_id = "942200"
        action  = "Block"

        exclusion {
          match_variable = "QueryStringArgNames"
          operator       = "Equals"
          selector       = "innocent"
        }
      }
    }
  }

  managed_rule {
    type    = "Microsoft_BotManagerRuleSet"
    version = "1.0"
    action  = "Log"
  }
}

    Deployment:

    enter image description here

    enter image description here

    Refer:

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_firewall_policy

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search