Merge pull request 'Fix CF ruleset import id + depends_on' (#4) from wizard/crowdsec-fix2 into master
Some checks failed
ci/woodpecker/push/default Pipeline failed
Some checks failed
ci/woodpecker/push/default Pipeline failed
This commit is contained in:
commit
1406d8a391
1 changed files with 5 additions and 1 deletions
|
|
@ -107,7 +107,7 @@ resource "cloudflare_list" "crowdsec_captcha" {
|
||||||
# (currently disabled) skip rule preserved verbatim below it.
|
# (currently disabled) skip rule preserved verbatim below it.
|
||||||
import {
|
import {
|
||||||
to = cloudflare_ruleset.crowdsec
|
to = cloudflare_ruleset.crowdsec
|
||||||
id = "fd2c5dd4efe8fe38958944e74d0ced6d/106a1342bc88454ea59c47ad3431fe0e"
|
id = "zone/fd2c5dd4efe8fe38958944e74d0ced6d/106a1342bc88454ea59c47ad3431fe0e"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_ruleset" "crowdsec" {
|
resource "cloudflare_ruleset" "crowdsec" {
|
||||||
|
|
@ -116,6 +116,10 @@ resource "cloudflare_ruleset" "crowdsec" {
|
||||||
kind = "zone"
|
kind = "zone"
|
||||||
phase = "http_request_firewall_custom"
|
phase = "http_request_firewall_custom"
|
||||||
|
|
||||||
|
# The WAF rules reference the IP lists by name ($crowdsec_ban / $crowdsec_captcha),
|
||||||
|
# so the lists must exist before this ruleset is created/updated.
|
||||||
|
depends_on = [cloudflare_list.crowdsec_ban, cloudflare_list.crowdsec_captcha]
|
||||||
|
|
||||||
# CrowdSec ban — evaluated FIRST so a banned IP is blocked before anything else.
|
# CrowdSec ban — evaluated FIRST so a banned IP is blocked before anything else.
|
||||||
rules {
|
rules {
|
||||||
action = "block"
|
action = "block"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue