From f3e6f73ae3cd14b9073d88bd75b9ee2eaf534f48 Mon Sep 17 00:00:00 2001 From: lvalentine6 Date: Sat, 25 Oct 2025 20:42:46 +0900 Subject: [PATCH] =?UTF-8?q?refactor:=20=EB=B9=84=EC=9A=A9=20=EC=B5=9C?= =?UTF-8?q?=EC=A0=81=ED=99=94=EB=A5=BC=20=EC=9C=84=ED=95=9C=20=EA=B8=B0?= =?UTF-8?q?=EC=A1=B4=20WAF=20=EA=B7=9C=EC=B9=99=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- terraform/common/waf/main.tf | 99 ------------------------------------ 1 file changed, 99 deletions(-) diff --git a/terraform/common/waf/main.tf b/terraform/common/waf/main.tf index af8906d..44f8e4f 100644 --- a/terraform/common/waf/main.tf +++ b/terraform/common/waf/main.tf @@ -183,25 +183,6 @@ resource "aws_wafv2_web_acl" "this" { } } - rule { - name = "Rate-Limit-Rule" - priority = 20 - action { - block {} - } - statement { - rate_based_statement { - limit = var.request_threshold - aggregate_key_type = "IP" - } - } - visibility_config { - cloudwatch_metrics_enabled = true - metric_name = "rate-limit-rule" - sampled_requests_enabled = true - } - } - # AWS Managed Core Rule Set rule { name = "AWS-Managed-Core-Rule-Set" @@ -222,86 +203,6 @@ resource "aws_wafv2_web_acl" "this" { } } - # Scanners & Probes Protection - rule { - name = "AWS-Managed-Known-Bad-Inputs-Rule-Set" - priority = 40 - override_action { - none {} - } - statement { - managed_rule_group_statement { - vendor_name = "AWS" - name = "AWSManagedRulesKnownBadInputsRuleSet" - } - } - visibility_config { - cloudwatch_metrics_enabled = true - metric_name = "aws-managed-bad-inputs" - sampled_requests_enabled = true - } - } - - # Reputation Lists Protection - rule { - name = "AWS-Managed-Amazon-IP-Reputation-List" - priority = 50 - override_action { - none {} - } - statement { - managed_rule_group_statement { - vendor_name = "AWS" - name = "AWSManagedRulesAmazonIpReputationList" - } - } - visibility_config { - cloudwatch_metrics_enabled = true - metric_name = "aws-managed-ip-rep" - sampled_requests_enabled = true - } - } - - # Anonymous IP list - rule { - name = "AWS-Managed-Anonymous-IP-List" - priority = 70 - override_action { - none {} - } - statement { - managed_rule_group_statement { - vendor_name = "AWS" - name = "AWSManagedRulesAnonymousIpList" - } - } - visibility_config { - cloudwatch_metrics_enabled = true - metric_name = "aws-managed-anonymous-ip" - sampled_requests_enabled = true - } - } - - # SQL database - rule { - name = "AWS-Managed-SQLi-Rule-Set" - priority = 80 - override_action { - none {} - } - statement { - managed_rule_group_statement { - vendor_name = "AWS" - name = "AWSManagedRulesSQLiRuleSet" - } - } - visibility_config { - cloudwatch_metrics_enabled = true - metric_name = "aws-managed-sql-db" - sampled_requests_enabled = true - } - } - visibility_config { cloudwatch_metrics_enabled = true metric_name = "${var.project_name}-web-acl"