Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for score_per_period and score_response_header_name #2176

Closed
troymjones opened this issue Jan 24, 2023 · 1 comment · Fixed by #2177
Closed

Add support for score_per_period and score_response_header_name #2176

troymjones opened this issue Jan 24, 2023 · 1 comment · Fixed by #2177
Labels
kind/enhancement Categorizes issue or PR as related to improving an existing feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Milestone
v3.34.0

Comments

@troymjones
Copy link
Contributor

Current Terraform and Cloudflare provider version

Terraform v1.3.7
on darwin_amd64

  • provider registry.terraform.io/cloudflare/cloudflare v3.32.0

Description

Indeed would like to use Terraform to manage Advanced Rate Limiting rules. However, the score_per_period and score_response_header_name are only available via the API. I have opened a PR for adding support for these fields in the cloudflare-go SDK which is a prerequisite for this change to be merged. Additional changes to this PR will be required once that is merged and a new version of the SDK is released.

cloudflare-go PR: cloudflare/cloudflare-go#1182

Use cases

See documentation on score_per_period and score_response_header_name here: https://developers.cloudflare.com/waf/rate-limiting-rules/create-api/#example-d---complexity-based-rate-limiting-rule

Potential Terraform configuration

# HTTP rate limit using header score for an API route
resource "cloudflare_ruleset" "rate_limiting_example" {
  zone_id     = "0da42c8d2132a9ddaf714f9e7c920711"
  name        = "restrict API requests by response header score"
  description = "apply HTTP rate limiting for a route by header score"
  kind        = "zone"
  phase       = "http_ratelimit"

  rules {
    action = "block"
    ratelimit {
      characteristics = [
        "cf.colo.id",
        "http.request.headers[\"x-api-key\"]"
      ]
      period                     = 60
      score_per_period           = 400
      score_response_header_name = "my-score"
      mitigation_timeout         = 600
      counting_expression        = ""
    }

    expression  = "(http.request.uri.path matches \"^/api/\")"
    description = "rate limit for API"
    enabled     = true
  }
}

References

See cloudflare/cloudflare-go#1183
@troymjones troymjones added kind/enhancement Categorizes issue or PR as related to improving an existing feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 24, 2023
@troymjones troymjones mentioned this issue Jan 24, 2023
Merged
@github-actions github-actions bot added this to the v3.34.0 milestone Feb 1, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Feb 7, 2023

This functionality has been released in v3.34.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Categorizes issue or PR as related to improving an existing feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
v3.34.0
1 participant
@troymjones