diff --git a/google_fastly_waf/main.tf b/google_fastly_waf/main.tf index ff2f26e5..99185f1c 100644 --- a/google_fastly_waf/main.tf +++ b/google_fastly_waf/main.tf @@ -310,7 +310,15 @@ resource "sigsci_site" "ngwaf_edge_site" { block_duration_seconds = 86400 agent_anon_mode = "" agent_level = var.ngwaf_agent_level # this setting dictates blocking mode - immediate_block = var.ngwaf_immediate_block + immediate_block = var.ngwaf_baseline_protection ? false : var.ngwaf_immediate_block + + dynamic "attack_threshold" { + for_each = var.ngwaf_baseline_protection ? var.ngwaf_attack_thresholds : [] + content { + interval = attack_threshold.value.interval + threshold = attack_threshold.value.threshold + } + } } resource "sigsci_edge_deployment_service_backend" "ngwaf_edge_service_backend_sync" { diff --git a/google_fastly_waf/variables.tf b/google_fastly_waf/variables.tf index e2af3459..d2952032 100644 --- a/google_fastly_waf/variables.tf +++ b/google_fastly_waf/variables.tf @@ -133,3 +133,32 @@ variable "ngwaf_percent_enabled" { type = number default = 100 } + +variable "ngwaf_baseline_protection" { + type = bool + default = false + description = "When true, disables immediate blocking and enables baseline attack threshold alerts." +} + +variable "ngwaf_attack_thresholds" { + type = list(object({ + interval = number + threshold = number + })) + # To override the default thresholds, pass a custom list. Example: + # ngwaf_attack_thresholds = [ + # { interval = 1, threshold = 50 }, + # { interval = 10, threshold = 200 }, + # { interval = 60, threshold = 1000 }, + # ] + default = [ + { interval = 1, threshold = 10 }, + { interval = 10, threshold = 100 }, + { interval = 60, threshold = 600 }, + ] + description = "Attack threshold configurations applied when ngwaf_baseline_protection is enabled." + validation { + condition = length(var.ngwaf_attack_thresholds) == 3 + error_message = "ngwaf_attack_thresholds must contain exactly 3 entries (one each for the 1, 10, and 60 minute intervals)." + } +}