diff --git a/terraform/deployments/with-web-application-firewall/main.tf b/terraform/deployments/with-web-application-firewall/main.tf index 6b5e242..3d9469d 100644 --- a/terraform/deployments/with-web-application-firewall/main.tf +++ b/terraform/deployments/with-web-application-firewall/main.tf @@ -38,10 +38,8 @@ resource "azurerm_nginx_deployment" "example" { network_interface { subnet_id = module.prerequisites.subnet_id } - nginx_app_protect { - web_application_firewall_settings { - activation_state = "Enabled" - } + web_application_firewall { + activation_state = "Enabled" } tags = var.tags } @@ -57,6 +55,8 @@ worker_processes auto; worker_rlimit_nofile 8192; pid /run/nginx/nginx.pid; +load_module modules/ngx_http_app_protect_module.so; + events { worker_connections 4000; } @@ -64,11 +64,20 @@ events { error_log /var/log/nginx/error.log error; http { + app_protect_enforcer_address 127.0.0.1:50000; + server { listen 80 default_server; - server_name localhost; + location / { - return 200 'Hello World'; + app_protect_enable on; + app_protect_policy_file /etc/app_protect/conf/NginxDefaultPolicy.tgz; + proxy_pass http://127.0.0.1:80/proxy/$request_uri; + } + + location /proxy { + default_type text/html; + return 200 "Hello World\n"; } } } diff --git a/terraform/deployments/with-web-application-firewall/output.tf b/terraform/deployments/with-web-application-firewall/output.tf index 784ee54..0bba470 100644 --- a/terraform/deployments/with-web-application-firewall/output.tf +++ b/terraform/deployments/with-web-application-firewall/output.tf @@ -2,3 +2,8 @@ output "ip_address" { description = "IP address of NGINXaaS deployment." value = azurerm_nginx_deployment.example.ip_address } + +output "waf_status" { + description = "waf status of NGINXaaS deployment." + value = azurerm_nginx_deployment.example.web_application_firewall[0].status +} \ No newline at end of file diff --git a/terraform/deployments/with-web-application-firewall/variables.tf b/terraform/deployments/with-web-application-firewall/variables.tf index 3fa327a..be81ffa 100644 --- a/terraform/deployments/with-web-application-firewall/variables.tf +++ b/terraform/deployments/with-web-application-firewall/variables.tf @@ -10,7 +10,7 @@ variable "name" { variable "sku" { description = "SKU of NGINXaaS deployment." - default = "standard_Monthly" + default = "standardv2_Monthly" } variable "tags" {