Terraform configuration examples

The following Terraform configuration examples address common scenarios for managing, configuring, and using WAF content scanning.

For more information, refer to the Terraform Cloudflare provider documentation ↗.

If you are using the Cloudflare API, refer to Common API calls.

Enable WAF content scanning

Use the cloudflare_content_scanning resource to enable content scanning for a zone. For example:

resource "cloudflare_content_scanning" "zone_content_scanning_example" {
  zone_id = "<ZONE_ID>"
  enabled = true
}

Configure a custom scan expression

Use the cloudflare_content_scanning_expression resource to add a custom scan expression. For example:

resource "cloudflare_content_scanning_expression" "my_custom_scan_expression" {
  zone_id = <ZONE_ID>
  payload = "lookup_json_string(http.request.body.raw, \"file\")"
}

For more information, refer to Custom scan expressions.

Add a custom rule to block malicious uploads

This example adds a custom rule that blocks requests with one or more content objects considered malicious by using one of the content scanning fields in the rule expression.

To use the cf.waf.content_scan.has_malicious_obj field you must enable content scanning.

Note

Terraform code snippets below refer to the v4 SDK only.

resource "cloudflare_ruleset" "zone_custom_firewall_malicious_uploads" {
  zone_id     = "<ZONE_ID>"
  name        = "Phase entry point ruleset for custom rules in my zone"
  description = ""
  kind        = "zone"
  phase       = "http_request_firewall_custom"

  rules {
    ref         = "block_malicious_uploads"
    description = "Block requests uploading malicious content objects"
    expression  = "(cf.waf.content_scan.has_malicious_obj and http.request.uri.path eq \"/upload.php\")"
    action      = "block"
  }
}

More resources

For additional Terraform configuration examples, refer to WAF custom rules configuration using Terraform.