Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

forwarded_ip_config support for geo_match_statement #14725

Closed
cisnerosk opened this issue Aug 18, 2020 · 3 comments · Fixed by #14685
Closed

forwarded_ip_config support for geo_match_statement #14725

cisnerosk opened this issue Aug 18, 2020 · 3 comments · Fixed by #14685
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/wafv2 Issues and PRs that pertain to the wafv2 service.
Milestone
v3.3.0

Comments

@cisnerosk
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS Supported X-Forwarded-For in AWS WAFv2. I am able to set this up via the AWS console. In my situation am experimenting with a way to have an or statement that says

if a request matches at least of the or statements:

  1. originates from a country in: COUNTRY by source IP address
    OR
  2. originates from a country in: COUNTRY by IP address in header, header filed name X-Forwarded-For and the fallback action for missing IP address to be "no-match"

Please let me know if this is sufficient information. Running aws provider version 2.68, terraform version 12.27.

New or Affected Resource(s)

  • aws_wafv2_web_acl

Potential Terraform Configuration

resource "aws_wafv2_web_acl" "example" {
  name        = "or-statement-geo-match-example"
  description = "Example of an or statement with geo match statement."
  scope       = "REGIONAL"

  default_action {
    block {}
  }

  rule {
        name = "rule1"
        priority = 1

        action {
            block {}
        }

        statement {
            or_statement {
                statement {
                    geo_match_statement {
                        country_codes = ["COUNTRY"]
                    }
                },
                statement {
                    geo_match_statement {
                        country_codes = ["COUNTRY"]
                    }
                      forwarded_ip_config {
                          header_name = "X-Forwarded-For"
                          fallback_behavior = "NO-MATCH"
                      }
                }
        }
        visibility_config {
            cloudwatch_metrics_enabled = true
            metric_name = "or-statement-geo-match-example"
            sampled_requests_enabled = true 
        }
    }
}

References

https://aws.amazon.com/about-aws/whats-new/2020/07/support-x-forwarded-for-header-available-aws-waf/
@cisnerosk cisnerosk added the enhancement Requests to existing resources that expand the functionality or scope. label Aug 18, 2020
@ghost ghost added the service/wafv2 Issues and PRs that pertain to the wafv2 service. label Aug 18, 2020
@cisnerosk cisnerosk mentioned this issue Aug 18, 2020
Closed
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Aug 18, 2020
@anGie44 anGie44 removed the needs-triage Waiting for first response or review from a maintainer. label Aug 18, 2020
@anGie44 anGie44 mentioned this issue Aug 18, 2020
Merged
@anGie44 anGie44 added this to the v3.3.0 milestone Aug 20, 2020
@anGie44
Copy link
Contributor

anGie44 commented Aug 20, 2020

This feature has been merged and will release with v3.3.0 of the Terraform AWS Provider, likely out later this evening (EST).

@ghost
Copy link

ghost commented Aug 20, 2020

This has been released in version 3.3.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Sep 19, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Sep 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/wafv2 Issues and PRs that pertain to the wafv2 service.
Projects
None yet
Milestone
v3.3.0
2 participants
@anGie44 @cisnerosk