Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Update gateway_policy.tf
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 23s
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-11-17 12:22:11 +01:00
parent 66a517b6fc
commit c870a30c07
1 changed files with 111 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
gateway_policy.tf
View File

@@ -3,118 +3,118 @@
# ============================================================================= # =============================================================================
# #
resource "cloudflare_zero_trust_gateway_policy" "example_zero_trust_gateway_policy" { #resource "cloudflare_zero_trust_gateway_policy" "example_zero_trust_gateway_policy" {
account_id = local.cloudflare_account_id # account_id = local.cloudflare_account_id
action = "allow" # action = "allow"
name = "block bad websites" # name = "block bad websites"
description = "Block bad websites based on their host name." # description = "Block bad websites based on their host name."
device_posture = "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})" # device_posture = "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})"
enabled = true # enabled = true
# expiration = { # expiration = {
# expires_at = "2026-01-01T05:20:20Z" # expires_at = "2026-01-01T05:20:20Z"
# duration = 10 # duration = 10
# } # }
filters = ["http"] # filters = ["http"]
identity = "any(identity.groups.name[*] in {\"finance\"})" # identity = "any(identity.groups.name[*] in {\"finance\"})"
precedence = 0 # precedence = 0
rule_settings = { # rule_settings = {
add_headers = { # add_headers = {
My-Next-Header = ["foo", "bar"] # My-Next-Header = ["foo", "bar"]
X-Custom-Header-Name = ["somecustomvalue"] # X-Custom-Header-Name = ["somecustomvalue"]
} # }
allow_child_bypass = true # allow_child_bypass = true
audit_ssh = { # audit_ssh = {
command_logging = false # command_logging = false
} # }
biso_admin_controls = { # biso_admin_controls = {
copy = "remote_only" # copy = "remote_only"
dcp = true # dcp = true
dd = true # dd = true
dk = true # dk = true
download = "enabled" # download = "enabled"
dp = false # dp = false
du = true # du = true
keyboard = "enabled" # keyboard = "enabled"
paste = "enabled" # paste = "enabled"
printing = "enabled" # printing = "enabled"
upload = "enabled" # upload = "enabled"
version = "v1" # version = "v1"
} # }
block_page = { # block_page = {
target_uri = "https://example.com" # target_uri = "https://example.com"
include_context = true # include_context = true
} # }
block_page_enabled = true # block_page_enabled = true
block_reason = "This website is a security risk" # block_reason = "This website is a security risk"
bypass_parent_rule = false # bypass_parent_rule = false
check_session = { # check_session = {
duration = "300s" # duration = "300s"
enforce = true # enforce = true
} # }
dns_resolvers = { # dns_resolvers = {
ipv4 = [{ # ipv4 = [{
ip = "2.2.2.2" # ip = "2.2.2.2"
port = 5053 # port = 5053
route_through_private_network = true # route_through_private_network = true
vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" # vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
}] # }]
ipv6 = [{ # ipv6 = [{
ip = "2001:DB8::" # ip = "2001:DB8::"
port = 5053 # port = 5053
route_through_private_network = true # route_through_private_network = true
vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415" # vnet_id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
}] # }]
} # }
egress = { # egress = {
ipv4 = "192.0.2.2" # ipv4 = "192.0.2.2"
ipv4_fallback = "192.0.2.3" # ipv4_fallback = "192.0.2.3"
ipv6 = "2001:DB8::/64" # ipv6 = "2001:DB8::/64"
} # }
ignore_cname_category_matches = true # ignore_cname_category_matches = true
insecure_disable_dnssec_validation = false # insecure_disable_dnssec_validation = false
ip_categories = true # ip_categories = true
ip_indicator_feeds = true # ip_indicator_feeds = true
l4override = { # l4override = {
ip = "1.1.1.1" # ip = "1.1.1.1"
port = 0 # port = 0
} # }
notification_settings = { # notification_settings = {
enabled = true # enabled = true
include_context = true # include_context = true
msg = "msg" # msg = "msg"
support_url = "support_url" # support_url = "support_url"
} # }
override_host = "example.com" # override_host = "example.com"
override_ips = ["1.1.1.1", "2.2.2.2"] # override_ips = ["1.1.1.1", "2.2.2.2"]
payload_log = { # payload_log = {
enabled = true # enabled = true
} # }
quarantine = { # quarantine = {
file_types = ["exe"] # file_types = ["exe"]
} # }
redirect = { # redirect = {
target_uri = "https://example.com" # target_uri = "https://example.com"
include_context = true # include_context = true
preserve_path_and_query = true # preserve_path_and_query = true
} # }
resolve_dns_internally = { # resolve_dns_internally = {
fallback = "none" # fallback = "none"
view_id = "view_id" # view_id = "view_id"
} # }
resolve_dns_through_cloudflare = true # resolve_dns_through_cloudflare = true
untrusted_cert = { # untrusted_cert = {
action = "error" # action = "error"
} # }
} # }
schedule = { # schedule = {
time_zone = "Europe/Paris" # time_zone = "Europe/Paris"
mon = "08:00-12:30,13:30-17:00" # mon = "08:00-12:30,13:30-17:00"
thu = "08:00-12:30,13:30-17:00" # thu = "08:00-12:30,13:30-17:00"
tue = "08:00-12:30,13:30-17:00" # tue = "08:00-12:30,13:30-17:00"
wed = "08:00-12:30,13:30-17:00" # wed = "08:00-12:30,13:30-17:00"
fri = "08:00-12:30,13:30-17:00" # fri = "08:00-12:30,13:30-17:00"
sat = "08:00-12:30,13:30-17:00" # sat = "08:00-12:30,13:30-17:00"
sun = "08:00-12:30,13:30-17:00" # sun = "08:00-12:30,13:30-17:00"
} # }
traffic = "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10" # traffic = "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
} #}