Increase rate limit block window from 1 to 5 minutes (#1148)

* Increase rate limit block window from 1 to 5 minutes * Updated to v1.8.1 of container app module This version contains updated WAF Rate Limit logic
DFE-Digital · Jul 10, 2024 · 233a8dd · 233a8dd
1 parent db42880
commit 233a8dd
Show file tree

Hide file tree

Showing 5 changed files with 113 additions and 114 deletions.
diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
diff --git a/terraform/README.md b/terraform/README.md
@@ -137,7 +137,7 @@ No providers.
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.8.0 |
+| <a name="module_azure_container_apps_hosting"></a> [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v1.8.1 |
 | <a name="module_azurerm_key_vault"></a> [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.4.2 |
 | <a name="module_statuscake-tls-monitor"></a> [statuscake-tls-monitor](#module\_statuscake-tls-monitor) | github.com/dfe-digital/terraform-statuscake-tls-monitor | v0.1.4 |
 
@@ -163,7 +163,8 @@ No resources.
 | <a name="input_cdn_frontdoor_host_redirects"></a> [cdn\_frontdoor\_host\_redirects](#input\_cdn\_frontdoor\_host\_redirects) | CDN FrontDoor host redirects `[{ "from" = "example.com", "to" = "www.example.com" }]` | `list(map(string))` | n/a | yes |
 | <a name="input_cdn_frontdoor_origin_fqdn_override"></a> [cdn\_frontdoor\_origin\_fqdn\_override](#input\_cdn\_frontdoor\_origin\_fqdn\_override) | Manually specify the hostname that the CDN Front Door should target. Defaults to the Container App FQDN | `string` | `""` | no |
 | <a name="input_cdn_frontdoor_origin_host_header_override"></a> [cdn\_frontdoor\_origin\_host\_header\_override](#input\_cdn\_frontdoor\_origin\_host\_header\_override) | Manually specify the host header that the CDN sends to the target. Defaults to the recieved host header. Set to null to set it to the host\_name (`cdn_frontdoor_origin_fqdn_override`) | `string` | `""` | no |
-| <a name="input_cdn_frontdoor_rate_limiting_threshold"></a> [cdn\_frontdoor\_rate\_limiting\_threshold](#input\_cdn\_frontdoor\_rate\_limiting\_threshold) | CDN Front Door rate limiting duration in minutes | `number` | n/a | yes |
+| <a name="input_cdn_frontdoor_rate_limiting_duration_in_minutes"></a> [cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes](#input\_cdn\_frontdoor\_rate\_limiting\_duration\_in\_minutes) | CDN Front Door rate limiting duration in minutes | `number` | `5` | no |
+| <a name="input_cdn_frontdoor_rate_limiting_threshold"></a> [cdn\_frontdoor\_rate\_limiting\_threshold](#input\_cdn\_frontdoor\_rate\_limiting\_threshold) | Maximum number of concurrent requests before rate limiting is applied | `number` | n/a | yes |
 | <a name="input_container_apps_allow_ips_inbound"></a> [container\_apps\_allow\_ips\_inbound](#input\_container\_apps\_allow\_ips\_inbound) | Restricts access to the Container Apps by creating a network security group rule that only allow inbound traffic from the provided list of IPs | `list(string)` | `[]` | no |
 | <a name="input_container_command"></a> [container\_command](#input\_container\_command) | Container command | `list(any)` | n/a | yes |
 | <a name="input_container_health_probe_path"></a> [container\_health\_probe\_path](#input\_container\_health\_probe\_path) | Specifies the path that is used to determine the liveness of the Container | `string` | n/a | yes |

diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf
@@ -1,5 +1,5 @@
 module "azure_container_apps_hosting" {
-  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.8.0"
+  source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v1.8.1"
 
   environment    = local.environment
   project_name   = local.project_name
@@ -30,18 +30,19 @@ module "azure_container_apps_hosting" {
   container_max_replicas                 = local.container_max_replicas
   container_scale_http_concurrency       = local.container_scale_http_concurrency
 
-  enable_cdn_frontdoor                      = local.enable_cdn_frontdoor
-  cdn_frontdoor_forwarding_protocol         = local.cdn_frontdoor_forwarding_protocol
-  cdn_frontdoor_origin_host_header_override = local.cdn_frontdoor_origin_host_header_override
-  cdn_frontdoor_origin_fqdn_override        = local.cdn_frontdoor_origin_fqdn_override
-  cdn_frontdoor_health_probe_protocol       = local.cdn_frontdoor_health_probe_protocol
-  cdn_frontdoor_enable_rate_limiting        = local.cdn_frontdoor_enable_rate_limiting
-  cdn_frontdoor_rate_limiting_threshold     = local.cdn_frontdoor_rate_limiting_threshold
-  cdn_frontdoor_host_add_response_headers   = local.cdn_frontdoor_host_add_response_headers
-  cdn_frontdoor_custom_domains              = local.cdn_frontdoor_custom_domains
-  cdn_frontdoor_host_redirects              = local.cdn_frontdoor_host_redirects
-  enable_cdn_frontdoor_health_probe         = local.enable_cdn_frontdoor_health_probe
-  container_apps_allow_ips_inbound          = local.container_apps_allow_ips_inbound
+  enable_cdn_frontdoor                            = local.enable_cdn_frontdoor
+  cdn_frontdoor_forwarding_protocol               = local.cdn_frontdoor_forwarding_protocol
+  cdn_frontdoor_origin_host_header_override       = local.cdn_frontdoor_origin_host_header_override
+  cdn_frontdoor_origin_fqdn_override              = local.cdn_frontdoor_origin_fqdn_override
+  cdn_frontdoor_health_probe_protocol             = local.cdn_frontdoor_health_probe_protocol
+  cdn_frontdoor_enable_rate_limiting              = local.cdn_frontdoor_enable_rate_limiting
+  cdn_frontdoor_rate_limiting_threshold           = local.cdn_frontdoor_rate_limiting_threshold
+  cdn_frontdoor_rate_limiting_duration_in_minutes = local.cdn_frontdoor_rate_limiting_duration_in_minutes
+  cdn_frontdoor_host_add_response_headers         = local.cdn_frontdoor_host_add_response_headers
+  cdn_frontdoor_custom_domains                    = local.cdn_frontdoor_custom_domains
+  cdn_frontdoor_host_redirects                    = local.cdn_frontdoor_host_redirects
+  enable_cdn_frontdoor_health_probe               = local.enable_cdn_frontdoor_health_probe
+  container_apps_allow_ips_inbound                = local.container_apps_allow_ips_inbound
 
   enable_monitoring               = local.enable_monitoring
   monitor_email_receivers         = local.monitor_email_receivers