From e76402d9b90fec688bee3d31c3edeaf00277c1e9 Mon Sep 17 00:00:00 2001 From: Chris Banks Date: Tue, 2 Apr 2024 14:04:22 +0100 Subject: [PATCH 1/2] Fix missing denylist in datagovuk vcl_recv. --- modules/datagovuk/datagovuk.vcl.tftpl | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/datagovuk/datagovuk.vcl.tftpl b/modules/datagovuk/datagovuk.vcl.tftpl index fb702e3..8abd6a6 100644 --- a/modules/datagovuk/datagovuk.vcl.tftpl +++ b/modules/datagovuk/datagovuk.vcl.tftpl @@ -39,6 +39,11 @@ backend F_cname_find_eks_${environment}_govuk_digital { sub vcl_recv { ${indent(2, file("${module_path}/../shared/_boundary_headers.vcl.tftpl"))} + # Serve 404 if source IP/netblock is denylisted. + if (table.lookup(ip_address_denylist, client.ip)) { + error 404 "Not Found"; + } + # Require authentication for PURGE requests set req.http.Fastly-Purge-Requires-Auth = "1"; @@ -204,4 +209,4 @@ sub vcl_error { sub vcl_pass { #FASTLY pass -} \ No newline at end of file +} From 50174165f4afa033b041317bccbabf1843768309 Mon Sep 17 00:00:00 2001 From: Chris Banks Date: Tue, 2 Apr 2024 14:38:36 +0100 Subject: [PATCH 2/2] Add missing dictionaries to datagovuk module. --- datagovuk.tf | 4 +++- modules/datagovuk/service.tf | 15 +++++++++++++++ modules/datagovuk/variables.tf | 4 ++++ 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/datagovuk.tf b/datagovuk.tf index 991d14b..449d1ea 100644 --- a/datagovuk.tf +++ b/datagovuk.tf @@ -12,6 +12,8 @@ module "datagovuk-integration" { } secrets = yamldecode(var.datagovuk_integration) + + dictionaries = local.dictionaries } variable "datagovuk_staging" { @@ -44,4 +46,4 @@ module "datagovuk-production" { } secrets = yamldecode(var.datagovuk_production) -} \ No newline at end of file +} diff --git a/modules/datagovuk/service.tf b/modules/datagovuk/service.tf index 04fbb85..bf20a54 100644 --- a/modules/datagovuk/service.tf +++ b/modules/datagovuk/service.tf @@ -58,6 +58,11 @@ resource "fastly_service_vcl" "service" { content = templatefile("${path.module}/${var.vcl_template_file}", local.template_values) } + dynamic "dictionary" { + for_each = var.dictionaries + content { name = dictionary.key } + } + dynamic "condition" { for_each = { for c in lookup(local.template_values, "conditions", []) : c.name => c @@ -161,3 +166,13 @@ resource "fastly_service_vcl" "service" { } } } + +resource "fastly_service_dictionary_items" "items" { + for_each = { + for d in fastly_service_vcl.service.dictionary : d.name => d + } + service_id = fastly_service_vcl.service.id + dictionary_id = each.value.dictionary_id + items = var.dictionaries[each.key] + manage_items = true +} diff --git a/modules/datagovuk/variables.tf b/modules/datagovuk/variables.tf index 9ffe4ed..d3d10bd 100644 --- a/modules/datagovuk/variables.tf +++ b/modules/datagovuk/variables.tf @@ -6,6 +6,10 @@ variable "configuration" { default = {} } +variable "dictionaries" { + default = {} +} + variable "vcl_template_file" { default = "datagovuk.vcl.tftpl" }