From c870a30c0749250a579cca0273a33fb94eadcaaa Mon Sep 17 00:00:00 2001
From: Hubert Cornet <hcornet@noreply@tips-of-mine.fr>
Date: Mon, 17 Nov 2025 12:22:11 +0100
Subject: [PATCH] Update gateway_policy.tf

---
 gateway_policy.tf | 222 +++++++++++++++++++++++-----------------------
 1 file changed, 111 insertions(+), 111 deletions(-)

diff --git a/gateway_policy.tf b/gateway_policy.tf
index 6845f24..f13b570 100644
--- a/gateway_policy.tf
+++ b/gateway_policy.tf
@@ -3,118 +3,118 @@
 # =============================================================================
 
 # 
-resource "cloudflare_zero_trust_gateway_policy" "example_zero_trust_gateway_policy" {
-  account_id = local.cloudflare_account_id
-  action = "allow"
-  name = "block bad websites"
-  description = "Block bad websites based on their host name."
-  device_posture = "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})"
-  enabled = true
+#resource "cloudflare_zero_trust_gateway_policy" "example_zero_trust_gateway_policy" {
+#  account_id = local.cloudflare_account_id
+#  action = "allow"
+#  name = "block bad websites"
+#  description = "Block bad websites based on their host name."
+#  device_posture = "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})"
+#  enabled = true
 #  expiration = {
 #    expires_at = "2026-01-01T05:20:20Z"
 #    duration = 10
 #  }
-  filters = ["http"]
-  identity = "any(identity.groups.name[*] in {\"finance\"})"
-  precedence = 0
-  rule_settings = {
-    add_headers = {
-      My-Next-Header = ["foo", "bar"]
-      X-Custom-Header-Name = ["somecustomvalue"]
-    }
-    allow_child_bypass = true
-    audit_ssh = {
-      command_logging = false
-    }
-    biso_admin_controls = {
-      copy = "remote_only"
-      dcp = true
-      dd = true
-      dk = true
-      download = "enabled"
-      dp = false
-      du = true
-      keyboard = "enabled"
-      paste = "enabled"
-      printing = "enabled"
-      upload = "enabled"
-      version = "v1"
-    }
-    block_page = {
-      target_uri = "https://example.com"
-      include_context = true
-    }
-    block_page_enabled = true
-    block_reason = "This website is a security risk"
-    bypass_parent_rule = false
-    check_session = {
-      duration = "300s"
-      enforce = true
-    }
-    dns_resolvers = {
-      ipv4 = [{
-        ip = "2.2.2.2"
-        port = 5053
-        route_through_private_network = true
-        vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
-      }]
-      ipv6 = [{
-        ip = "2001:DB8::"
-        port = 5053
-        route_through_private_network = true
-        vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
-      }]
-    }
-    egress = {
-      ipv4 = "192.0.2.2"
-      ipv4_fallback = "192.0.2.3"
-      ipv6 = "2001:DB8::/64"
-    }
-    ignore_cname_category_matches = true
-    insecure_disable_dnssec_validation = false
-    ip_categories = true
-    ip_indicator_feeds = true
-    l4override = {
-      ip = "1.1.1.1"
-      port = 0
-    }
-    notification_settings = {
-      enabled = true
-      include_context = true
-      msg = "msg"
-      support_url = "support_url"
-    }
-    override_host = "example.com"
-    override_ips = ["1.1.1.1", "2.2.2.2"]
-    payload_log = {
-      enabled = true
-    }
-    quarantine = {
-      file_types = ["exe"]
-    }
-    redirect = {
-      target_uri = "https://example.com"
-      include_context = true
-      preserve_path_and_query = true
-    }
-    resolve_dns_internally = {
-      fallback = "none"
-      view_id = "view_id"
-    }
-    resolve_dns_through_cloudflare = true
-    untrusted_cert = {
-      action = "error"
-    }
-  }
-  schedule = {
-    time_zone = "Europe/Paris"
-    mon = "08:00-12:30,13:30-17:00"
-    thu = "08:00-12:30,13:30-17:00"
-    tue = "08:00-12:30,13:30-17:00"
-    wed = "08:00-12:30,13:30-17:00"
-    fri = "08:00-12:30,13:30-17:00"
-    sat = "08:00-12:30,13:30-17:00"
-    sun = "08:00-12:30,13:30-17:00"
-  }
-  traffic = "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
-}
\ No newline at end of file
+#  filters = ["http"]
+#  identity = "any(identity.groups.name[*] in {\"finance\"})"
+#  precedence = 0
+#  rule_settings = {
+#    add_headers = {
+#      My-Next-Header = ["foo", "bar"]
+#      X-Custom-Header-Name = ["somecustomvalue"]
+#    }
+#    allow_child_bypass = true
+#    audit_ssh = {
+#      command_logging = false
+#    }
+#    biso_admin_controls = {
+#      copy = "remote_only"
+#      dcp = true
+#      dd = true
+#      dk = true
+#      download = "enabled"
+#      dp = false
+#      du = true
+#      keyboard = "enabled"
+#      paste = "enabled"
+#      printing = "enabled"
+#      upload = "enabled"
+#      version = "v1"
+#    }
+#    block_page = {
+#      target_uri = "https://example.com"
+#      include_context = true
+#    }
+#    block_page_enabled = true
+#    block_reason = "This website is a security risk"
+#    bypass_parent_rule = false
+#    check_session = {
+#      duration = "300s"
+#      enforce = true
+#    }
+#    dns_resolvers = {
+#      ipv4 = [{
+#        ip = "2.2.2.2"
+#        port = 5053
+#        route_through_private_network = true
+#        vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+#      }]
+#      ipv6 = [{
+#        ip = "2001:DB8::"
+#        port = 5053
+#        route_through_private_network = true
+#        vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+#      }]
+#    }
+#    egress = {
+#      ipv4 = "192.0.2.2"
+#      ipv4_fallback = "192.0.2.3"
+#      ipv6 = "2001:DB8::/64"
+#    }
+#    ignore_cname_category_matches = true
+#    insecure_disable_dnssec_validation = false
+#    ip_categories = true
+#    ip_indicator_feeds = true
+#    l4override = {
+#      ip = "1.1.1.1"
+#      port = 0
+#    }
+#    notification_settings = {
+#      enabled = true
+#      include_context = true
+#      msg = "msg"
+#      support_url = "support_url"
+#    }
+#    override_host = "example.com"
+#    override_ips = ["1.1.1.1", "2.2.2.2"]
+#    payload_log = {
+#      enabled = true
+#    }
+#    quarantine = {
+#      file_types = ["exe"]
+#    }
+#    redirect = {
+#      target_uri = "https://example.com"
+#      include_context = true
+#      preserve_path_and_query = true
+#    }
+#    resolve_dns_internally = {
+#      fallback = "none"
+#      view_id = "view_id"
+#    }
+#    resolve_dns_through_cloudflare = true
+#    untrusted_cert = {
+#      action = "error"
+#    }
+#  }
+#  schedule = {
+#    time_zone = "Europe/Paris"
+#    mon = "08:00-12:30,13:30-17:00"
+#    thu = "08:00-12:30,13:30-17:00"
+#    tue = "08:00-12:30,13:30-17:00"
+#    wed = "08:00-12:30,13:30-17:00"
+#    fri = "08:00-12:30,13:30-17:00"
+#    sat = "08:00-12:30,13:30-17:00"
+#    sun = "08:00-12:30,13:30-17:00"
+#  }
+#  traffic = "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
+#}
\ No newline at end of file