Skip to content

Instantly share code, notes, and snippets.

@ziedbentahar
Created April 18, 2024 14:39
return new wafv2.CfnWebACL(this, "webacl", {
defaultAction: {
block: {},
},
scope: "REGIONAL",
visibilityConfig: {
cloudWatchMetricsEnabled: true,
metricName: "metric-for-webapp",
sampledRequestsEnabled: true,
},
name: "webapp-webacl",
rules: [
{
name: "OriginHeaderRule",
priority: 1,
action: {
allow: {},
},
statement: {
byteMatchStatement: {
fieldToMatch: {
singleHeader: { Name: "x-origin-header" },
},
positionalConstraint: "EXACTLY",
searchString: verifiyOriginHeaderSecret
.secretValueFromJson("VerifyOriginHeader")
.unsafeUnwrap(),
textTransformations: [
{
priority: 0,
type: "NONE",
},
],
},
},
visibilityConfig: {
cloudWatchMetricsEnabled: true,
metricName: "metric-for-webapp-origin-header",
sampledRequestsEnabled: true,
},
},
],
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment