Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Update gateway_policy.tf
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 17s
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-11-17 15:11:05 +01:00
parent fe801bd24e
commit 0a3942133f
1 changed files with 15 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
gateway_policy.tf
View File

@@ -4,18 +4,16 @@
# POLICY: block_malware # POLICY: block_malware
resource "cloudflare_zero_trust_gateway_policy" "block_malware" { resource "cloudflare_zero_trust_gateway_policy" "block_malware" {
account_id = local.cloudflare_account_id account_id = local.cloudflare_account_id
name = "Block malware" name = "Block malware"
description = "Block known threats based on Cloudflare s threat intelligence" description = "Block known threats based on Cloudflare s threat intelligence"
enabled = true
enabled = true precedence = 10
precedence = 10
# Block all security risks # Block all security risks
filters = ["dns"] filters = ["dns"]
traffic = "any(dns.security_category[*] in {178 80 83 176 175 117 131 134 151 153 68})" traffic = "any(dns.security_category[*] in {178 80 83 176 175 117 131 134 151 153 68})"
action = "block" action = "block"
rule_settings = { rule_settings = {
block_page_enabled = true block_page_enabled = true
@@ -37,18 +35,16 @@ locals {
} }
resource "cloudflare_zero_trust_gateway_policy" "block_ads" { resource "cloudflare_zero_trust_gateway_policy" "block_ads" {
account_id = local.cloudflare_account_id account_id = local.cloudflare_account_id
name = "Block Ads" name = "Block Ads"
description = "Block Ads domains" description = "Block Ads domains"
enabled = true
enabled = true precedence = 11
precedence = 11
# Block domain belonging to lists (defined below) # Block domain belonging to lists (defined below)
filters = ["dns"] filters = ["dns"]
action = "block" traffic = local.ads_ad_filter
traffic = local.ads_ad_filter action = "block"
rule_settings = { rule_settings = {
block_page_enabled = false block_page_enabled = false
@@ -57,11 +53,12 @@ resource "cloudflare_zero_trust_gateway_policy" "block_ads" {
locals { locals {
# The full path of the list holding the domain list # The full path of the list holding the domain list
ads_domain_list_file = fileset("${path.module}/lists/pihole_domain_list.txt", "*.txt") # ads_domain_list_file = file("${path.module}/lists/pihole_domain_list.txt")
ads_domain_list_file = "${path.module}/lists/pihole_domain_list.txt"
# Parse the file and create a list, one item per line # Parse the file and create a list, one item per line
#ads_domain_list = split("\n", file(local.ads_domain_list_file)) #ads_domain_list = split("\n", file(local.ads_domain_list_file))
ads_domain_list = length(local.ads_domain_list_file) > 0 ? split("\n", file(local.ads_domain_list_file)) : [] ads_domain_list = length(file(local.ads_domain_list_file)) > 0 ? split("\n", file(local.ads_domain_list_file)) : []
# Remove empty lines # Remove empty lines
ads_domain_list_clean = [for x in local.ads_domain_list : x if x != ""] ads_domain_list_clean = [for x in local.ads_domain_list : x if x != ""]