Add variable for Http body size.

kabisa · Jun 9, 2023 · b7e5ff3 · b7e5ff3
1 parent 6b88183
commit b7e5ff3
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -3,5 +3,6 @@ This module enables WAFv2 on AWS.
 The following parameters are needed:
 - `scope` For protecting a cloudfront distrubution pick `CLOUDFRONT` or `REGIONAL` for protecting a regional load balancer.
 - `acl_name` The name of the WAF access control list.
+- `http_body_max_size` The maximum size of the http body in bytes.
 
 The example folder contains, well an example.
diff --git a/main.tf b/main.tf
@@ -60,8 +60,7 @@ resource "aws_wafv2_web_acl" "rules" {
         field_to_match {
           body {}
         }
-        //Equal to the Default WAF inspection size.
-        size = 16384
+        size = var.http_body_max_size
         text_transformation {
           type     = "NONE"
           priority = 10

diff --git a/variables.tf b/variables.tf
@@ -5,6 +5,12 @@ variable "acl_name" {
 
 variable "scope" {
   type        = string
-  default = "CLOUDFRONT"
+  default     = "CLOUDFRONT"
   description = "Scope of the Access Control List, can be CLOUDFRONT or REGIONAL. If CLOUDFRONT is picked the region provider should be set to us-east-1"
 }
+
+variable "http_body_max_size" {
+  type        = number
+  default     = 16384
+  description = "Size of the HTTP body, If this is larger then WAF inspection size it can result in not the entire body being inspected by WAF thus allowing malicious content to pass through"
+}