diff --git a/Traffic_Policies-Firewall_Policies-HTTP.tf b/Traffic_Policies-Firewall_Policies-HTTP.tf index 02097f5..79f3e76 100644 --- a/Traffic_Policies-Firewall_Policies-HTTP.tf +++ b/Traffic_Policies-Firewall_Policies-HTTP.tf @@ -43,7 +43,7 @@ locals { description = "Redirect any unreviewed AI application to claude.ai instead" enabled = true action = "redirect" - precedence = local.precedence.ai_tools_redirect + precedence = local.precedence_http.ai_tools_redirect filters = ["http"] traffic = "any(app.type.ids[*] in {25}) and any(app.statuses[*] == \"unreviewed\")" redirect_url = "https://claude.ai" @@ -56,7 +56,7 @@ locals { description = "Block Downloading PDF Files for Sales Engineering group" enabled = false action = "block" - precedence = local.precedence.pdf_block + precedence = local.precedence_http.pdf_block filters = ["http"] traffic = "any(http.download.file.types[*] in {\"pdf\"})" identity = "any(identity.saml_attributes[*] == \"groups=${var.okta_sales_eng_saml_group_name}\")" @@ -69,7 +69,7 @@ locals { description = "Block Gambling website according to corporate policies (HTTP)." enabled = true action = "block" - precedence = local.precedence.gambling_block + precedence = local.precedence_http.gambling_block filters = ["http"] traffic = "any(http.request.uri.content_category[*] in {99})" identity = "not(any(identity.saml_attributes[*] == \"groups=${var.okta_contractors_saml_group_name}\")) or not(identity.email == \"${var.okta_bob_user_login}\")" @@ -82,7 +82,7 @@ locals { description = "Log ChatGPT requests" enabled = true action = "allow" - precedence = local.precedence.chatgpt_allow_log + precedence = local.precedence_http.chatgpt_allow_log filters = ["http"] traffic = "any(app.ids[*] == 1199) and any(app_control.controls[*] in {1652})" notification_enabled = false