From 5eccdca33691b34ee3335f40ae14f74fc3ecca4c Mon Sep 17 00:00:00 2001
From: Hubert Cornet <hcornet@noreply@tips-of-mine.fr>
Date: Mon, 17 Nov 2025 13:14:06 +0100
Subject: [PATCH] Update gateway_policy.tf

---
 gateway_policy.tf | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/gateway_policy.tf b/gateway_policy.tf
index f13b570..475292e 100644
--- a/gateway_policy.tf
+++ b/gateway_policy.tf
@@ -2,6 +2,26 @@
 # CLOUDFLARE : Gateway : Policy
 # =============================================================================
 
+#
+resource "cloudflare_zero_trust_gateway_policy" "block_malware" {
+  account_id = local.cloudflare_account_id
+
+  name        = "Block malware"
+  description = "Block known threats based on Cloudflare’s threat intelligence"
+
+  enabled    = true
+  precedence = 10
+
+  # Block all security risks
+  filters = ["dns"]
+  traffic = "any(dns.security_category[*] in {178 80 83 176 175 117 131 134 151 153 68})"
+  action  = "block"
+
+  rule_settings {
+    block_page_enabled = true
+  }
+}
+
 # 
 #resource "cloudflare_zero_trust_gateway_policy" "example_zero_trust_gateway_policy" {
 #  account_id = local.cloudflare_account_id