From b7e5ff3b156b37877b61a3269380aa2576521845 Mon Sep 17 00:00:00 2001
From: Mees van Straten <meesvanstraten@gmail.com>
Date: Fri, 9 Jun 2023 10:37:50 +0200
Subject: [PATCH] Add variable for Http body size.

---
 README.md    | 1 +
 main.tf      | 3 +--
 variables.tf | 8 +++++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index f213a0b..5d5505c 100644
--- a/README.md
+++ b/README.md
@@ -3,5 +3,6 @@ This module enables WAFv2 on AWS.
 The following parameters are needed:
 - `scope` For protecting a cloudfront distrubution pick `CLOUDFRONT` or `REGIONAL` for protecting a regional load balancer.
 - `acl_name` The name of the WAF access control list.
+- `http_body_max_size` The maximum size of the http body in bytes.
 
 The example folder contains, well an example.
diff --git a/main.tf b/main.tf
index b7da695..c654098 100644
--- a/main.tf
+++ b/main.tf
@@ -60,8 +60,7 @@ resource "aws_wafv2_web_acl" "rules" {
         field_to_match {
           body {}
         }
-        //Equal to the Default WAF inspection size.
-        size = 16384
+        size = var.http_body_max_size
         text_transformation {
           type     = "NONE"
           priority = 10
diff --git a/variables.tf b/variables.tf
index 4e4a22a..84d1894 100644
--- a/variables.tf
+++ b/variables.tf
@@ -5,6 +5,12 @@ variable "acl_name" {
 
 variable "scope" {
   type        = string
-  default = "CLOUDFRONT"
+  default     = "CLOUDFRONT"
   description = "Scope of the Access Control List, can be CLOUDFRONT or REGIONAL. If CLOUDFRONT is picked the region provider should be set to us-east-1"
 }
+
+variable "http_body_max_size" {
+  type        = number
+  default     = 16384
+  description = "Size of the HTTP body, If this is larger then WAF inspection size it can result in not the entire body being inspected by WAF thus allowing malicious content to pass through"
+}