Define Firewall rules using filter expressions for more control over how traffic is matched to the rule. A filter expression permits selecting traffic by multiple criteria allowing greater freedom in rule creation.
Filter expressions needs to be created first before using Firewall Rule.
resource "cloudflare_filter" "wordpress" {
zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
description = "Wordpress break-in attempts that are outside of the office"
expression = "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.src ne 192.0.2.1"
}
resource "cloudflare_firewall_rule" "wordpress" {
zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
description = "Block wordpress break-in attempts"
filter_id = cloudflare_filter.wordpress.id
action = "block"
}
action
(String) The action to apply to a matched request. Available values: block
, challenge
, allow
, js_challenge
, managed_challenge
, log
, bypass
.filter_id
(String) The identifier of the Filter to use for determining if the Firewall Rule should be triggered.zone_id
(String) The zone identifier to target for the resource. Modifying this attribute will force creation of a new resource.description
(String) A description of the rule to help identify it.paused
(Boolean) Whether this filter based firewall rule is currently paused.priority
(Number) The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.products
(Set of String) List of products to bypass for a request when the bypass action is used. Available values: zoneLockdown
, uaBlock
, bic
, hot
, securityLevel
, rateLimit
, waf
.id
(String) The ID of this resource.Import is supported using the following syntax:
$ terraform import cloudflare_firewall_rule.example <zone_id>/<firewall_rule_id>