Skip to content

Instantly share code, notes, and snippets.

@ziedbentahar
Created April 18, 2024 14:39

Revisions

  1. ziedbentahar created this gist Apr 18, 2024.
    43 changes: 43 additions & 0 deletions web-acl.ts
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,43 @@
    return new wafv2.CfnWebACL(this, "webacl", {
    defaultAction: {
    block: {},
    },
    scope: "REGIONAL",
    visibilityConfig: {
    cloudWatchMetricsEnabled: true,
    metricName: "metric-for-webapp",
    sampledRequestsEnabled: true,
    },
    name: "webapp-webacl",
    rules: [
    {
    name: "OriginHeaderRule",
    priority: 1,
    action: {
    allow: {},
    },
    statement: {
    byteMatchStatement: {
    fieldToMatch: {
    singleHeader: { Name: "x-origin-header" },
    },
    positionalConstraint: "EXACTLY",
    searchString: verifiyOriginHeaderSecret
    .secretValueFromJson("VerifyOriginHeader")
    .unsafeUnwrap(),
    textTransformations: [
    {
    priority: 0,
    type: "NONE",
    },
    ],
    },
    },
    visibilityConfig: {
    cloudWatchMetricsEnabled: true,
    metricName: "metric-for-webapp-origin-header",
    sampledRequestsEnabled: true,
    },
    },
    ],
    });