feature: added geo restricting rules to playground

Author: norberttech

terraform/cloudflare/waf.tf

@@ -6,11 +6,23 @@ resource "cloudflare_ruleset" "playground_bot_protection" {
   phase       = "http_request_firewall_custom"
 
   rules = [
+    {
+      action      = "block"
+      expression  = "(http.request.uri.path contains \"/playground\" and ip.geoip.country in {\"CN\" \"RU\" \"VN\" \"IN\" \"BR\" \"ID\"})"
+      description = "Block playground access from CN, RU, VN, IN, BR, ID"
+      enabled     = true
+    },
     {
       action      = "managed_challenge"
       expression  = "(http.request.uri.path contains \"/playground\")"
       description = "Managed challenge for playground access"
       enabled     = true
+    },
+    {
+      action      = "challenge"
+      expression  = "(http.request.uri.path contains \"/playground\" and cf.threat_score gt 14)"
+      description = "Challenge IPs with bad reputation accessing playground"
+      enabled     = true
     }
   ]
 }