Configure Wordpress specific rules on Cloudflare via Terraform

Confgure WordPress specific performance, redirect (www to non-www, or non-www to www), and WAF (security)

Credits

• https://www.kazimer.com/how-to-protect-wordpress-with-Cloudflare-firewall-rules/
• https://gridpane.com/blog/cloudflare-firewall-rules-for-securing-wordpress-websites/

Requirements

Name	Version
aws	~> 5.2
cloudflare	~> 4.7

Providers

Name	Version
cloudflare	~> 4.7

Modules

No modules.

Resources

Name	Type
cloudflare_argo.this	resource
cloudflare_filter.bad_bots	resource
cloudflare_filter.block_other_malicious_calls	resource
cloudflare_filter.wpadmin_country_restricted	resource
cloudflare_filter.wpadmin_ip_restricted	resource
cloudflare_firewall_rule.block_other_malicious_calls	resource
cloudflare_firewall_rule.wpadmin_country_restricted	resource
cloudflare_firewall_rule.wpadmin_ip_restricted	resource
cloudflare_page_rule.redirect_to_www	resource
cloudflare_page_rule.redirect_www_to_root_doman	resource
cloudflare_zone_settings_override.this	resource
cloudflare_zones.this	data source

Inputs

Name	Description	Type	Default	Required
argo_tiered_caching	Enable or disable Argo tiered caching	bool	false	no
automatic_https_rewrites	value	string	"on"	no
brotli	https://blog.cloudflare.com/brotli-compression-using-a-reduced-dictionary/	string	"on"	no
cache_level	value	string	"aggressive"	no
cf_api_token	value	string	n/a	yes
challenge_ttl	value	string	1800	no
domain_name	value	string	n/a	yes
early_hints	https://blog.cloudflare.com/early-hints/	string	"on"	no
email_obfuscation	value	string	"on"	no
hotlink_protection	value	string	"on"	no
http3	https://blog.cloudflare.com/http3-the-past-present-and-future/	string	"on"	no
minify	value	object({ css = string js = string html = string })	{ "css": "on", "html": "on", "js": "off" }	no
redirect_to_www	value	bool	false	no
security_header	value	object({ enabled = bool preload = bool include_subdomains = bool nosniff = bool max_age = number })	{ "enabled": true, "include_subdomains": true, "max_age": 2630000, "nosniff": true, "preload": true }	no
security_level	value	string	"medium"	no
tls_settings	General SSL/TLS settings	object({ ssl = string tls_1_3 = string min_tls_version = string automatic_https_rewrites = string opportunistic_encryption = string always_use_https = string })	{ "always_use_https": "on", "automatic_https_rewrites": "on", "min_tls_version": "1.2", "opportunistic_encryption": "on", "ssl": "strict", "tls_1_3": "on" }	no
waf_allowed_countries	List of allowed countries. i.e.: ["UK", "US"]	list(any)	[]	no
waf_allowed_ip	List of allowed IPs	string	""	no
waf_block_bad_bots	Determins if a filter to block bad bots calls is implemented or not	bool	false	no
waf_block_other_malicious_calls	Determins if a filter to block other malicious calls is implemented or not	bool	false	no
waf_wpadmin_country_restricted	Determins if wp-admin is restricted by country access	bool	false	no
waf_wpadmin_ip_restricted	Determins if wp-admin is restricted by IP access	bool	false	no

Outputs

No outputs.