Provides a Cloudflare Zone Lockdown resource. Zone Lockdown allows you to define one or more URLs (with wildcard matching on the domain or path) that will only permit access if the request originates from an IP address that matches a safelist of one or more IP addresses and/or IP ranges.
# Restrict access to these endpoints to requests from a known IP address range.
resource "cloudflare_zone_lockdown" "example" {
zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
paused = "false"
description = "Restrict access to these endpoints to requests from a known IP address range"
urls = [
"api.mysite.com/some/endpoint*",
]
configurations {
target = "ip_range"
value = "192.0.2.0/24"
}
}
configurations
(Block Set, Min: 1) A list of IP addresses or IP ranges to match the request against specified in target, value pairs. (see below for nested schema)urls
(Set of String) A list of simple wildcard patterns to match requests against. The order of the urls is unimportant.zone_id
(String) The zone identifier to target for the resource. Modifying this attribute will force creation of a new resource.description
(String) A description about the lockdown entry. Typically used as a reminder or explanation for the lockdown.paused
(Boolean) Boolean of whether this zone lockdown is currently paused. Defaults to false
.priority
(Number)id
(String) The ID of this resource.configurations
Required:
target
(String) The request property to target. Available values: ip
, ip_range
.value
(String) The value to target. Depends on target's type. IP addresses should just be standard IPv4/IPv6 notation i.e. 192.0.2.1
or 2001:db8::/32
and IP ranges in CIDR format i.e. 192.0.2.0/24
.Import is supported using the following syntax:
$ terraform import cloudflare_zone_lockdown.example <zone_id>/<lockdown_id>