Good day,
I am currently working on some terraform that I would like to use to manage our Cloudflare managed rules at an account level. I am having difficulty understanding how to set the action on the ruleset to be “managed_challenge” rather than the default of “block”.
The terraform below works and will apply the resource to my account however for whatever reason the action = “managed_challenge” in the overrides section is not being applied as the OWASP ruleset is showing block as its OWASP Action in the dashboard.
resource "cloudflare_ruleset" "deploy_cf_managed_rulesets" {
account_id = var.account_id
name = "Cloudflare_Managed_Rulesets"
description = "Account level Cloudflare Managed Rulesets that are applied to all zones."
kind = "root" # "root" == Account level WAF
phase = "http_request_firewall_managed"
rules {
action = "execute"
action_parameters {
id = data.cloudflare_rulesets.owasp_ruleset_id.rulesets[0].id # ID for the Cloudflare OWASP Core Ruleset
overrides {
action = "managed_challenge"
categories {
category = "paranoia-level-3"
status = "disabled"
}
categories {
category = "paranoia-level-4"
status = "disabled"
}
}
}
expression = "(cf.zone.plan eq \"ENT\")" # WAF rules are applied to all zones as (http.host eq \"<ZONE NAME HERE>\") is not set.
description = "Cloudflare OWASP Core Ruleset"
enabled = true
}
}
I’ve been making use of the Cloudflare OWASP Core Ruleset API docs https://developers.cloudflare.com/waf/managed-rules/reference/owasp-core-ruleset/#configuring-the-score-threshold-and-the-action to get myself this far, but I can not sort out how to map the API examples for setting the action and score threshold in terraform.