{"id":20901570,"url":"https://github.com/willfarrell/terraform-waf-module","last_synced_at":"2025-12-28T22:26:26.519Z","repository":{"id":142528801,"uuid":"192241320","full_name":"willfarrell/terraform-waf-module","owner":"willfarrell","description":"OWASP WAF","archived":false,"fork":false,"pushed_at":"2025-02-05T18:40:04.000Z","size":1727,"stargazers_count":2,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-05T19:51:41.349Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/willfarrell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-16T22:09:14.000Z","updated_at":"2025-02-05T18:39:38.000Z","dependencies_parsed_at":null,"dependency_job_id":"f2f9cdef-caaa-4b22-9c5f-bc1c17044456","html_url":"https://github.com/willfarrell/terraform-waf-module","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-waf-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-waf-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-waf-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/willfarrell%2Fterraform-waf-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/willfarrell","download_url":"https://codeload.github.com/willfarrell/terraform-waf-module/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243292840,"owners_count":20268126,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T11:36:03.562Z","updated_at":"2025-12-28T22:26:21.497Z","avatar_url":"https://github.com/willfarrell.png","language":"HCL","readme":"# Web Application Firewall (WAF)\nTo be used with CloudFront, ALB, API Gateway.\n\n## Setup\n\n### Module\n```hcl-terraform\n\nmodule \"waf_cdn\" {\n  source        = \"git@github.com:willfarrell/terraform-waf-module?ref=v0.0.2\"\n  type          = \"edge\"\n  name          = \"${local.workspace[\"name\"]}\"\n  defaultAction = \"${var.defaultAction}\"\n\n  ipAdminListId = \"${aws_waf_ipset.admin.id}\"\n  ipWhiteListId = \"${aws_waf_ipset.white.id}\"\n  \n  logging_bucket = \"${local.workspace[\"name\"]}-${local.workspace[\"env\"]}-edge-logs\"\n  \n  providers = {\n    aws = \"aws.edge\"\n  }\n}\n\nmodule \"waf_alb\" {\n  source        = \"git@github.com:willfarrell/terraform-waf-module?ref=v0.0.2\"\n  type          = \"regional\"\n  name          = \"${local.workspace[\"name\"]}\"\n  defaultAction = \"${var.defaultAction}\"\n\n  ipAdminListId = \"${aws_wafregional_ipset.admin.id}\"\n  ipWhiteListId = \"${aws_wafregional_ipset.white.id}\"\n  \n  logging_bucket = \"${local.workspace[\"name\"]}-${local.workspace[\"env\"]}-${local.workspace[\"region\"]}-logs\"\n}\n\n\nresource \"aws_ssm_parameter\" \"bad-bot\" {\n  name        = \"/config/waf/ipset/bad-bot\"\n  description = \"IP Set ID of the bad bot / honeypot blacklist\"\n  type        = \"String\"\n  value       = \"${module.waf.ipset_bad-bot_id}\"\n}\n\n```\n\n### IP Lists\n```hcl-terraform\nresource \"aws_waf_ipset\" \"white\" {\n  name = \"${var.name}-override-white-ipset\"\n}\n\nresource \"aws_wafregional_ipset\" \"white\" {\n  name = \"${var.name}-override-white-ipset\"\n}\n\n```\n\n## Input\n- **scope:** Type of WAF. `REGIONAL` or `CLOUDFRONT`. [Default: `CLOUDFRONT`]\n- **name:** application name\n- **defaultAction:** Firewall permission. Set to `ALLOW` for the public to gain access [Default: DENY]\n\nSee `variables.tf` for extended list of OWASP inputs that can be configured.\n\n## Output\n- **id:** aws_waf_web_acl id\n\n## Rules\n\n```bash\nACL\n|- Blacklist Group\n|  |- Bad Bot Rule\n|  |- Blacklist Rule\n|  |- HTTP Flood Rule           # ** Requires Manual Enabling **\n|  |- Reputation List Rule\n|  |- Scanner Probes Rule\n|- OWASP Group\n|  |- Admin Url Rule\n|  |- Auth Token Rule\n|  |- CSRF Rule\n|  |- Paths Rule\n|  |- Server Side Include Rule\n|  |- Size Restriction Rule\n|  |- SQL Injection Rule\n|  |- XSS Rule\n|- Whitelist Rule\n\n\n```\n\nFor Classic WAF see `\u003c=v0.0.4`.\n\n## Sources\n- [AWS WAF Sample](https://github.com/awslabs/aws-waf-sample)\n- [AWS WAF Security Automations](https://aws.amazon.com/solutions/aws-waf-security-automations)\n- [AWS WAF to Mitigate OWASP's Top 10 Web Application Vulnerabilities](https://aws.amazon.com/about-aws/whats-new/2017/07/use-aws-waf-to-mitigate-owasps-top-10-web-application-vulnerabilities/)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fterraform-waf-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillfarrell%2Fterraform-waf-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillfarrell%2Fterraform-waf-module/lists"}