-
Notifications
You must be signed in to change notification settings - Fork 1
/
zone_rules.tf
87 lines (83 loc) · 2.34 KB
/
zone_rules.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
##
# Cloudflare rules
##
resource "cloudflare_ruleset" "b2_request_url_rewrites" {
zone_id = data.cloudflare_zone.dns.id
name = "Backblaze B2 URL Rewrite"
kind = "zone"
phase = "http_request_transform"
rules {
action = "rewrite"
action_parameters {
uri {
path {
expression = "concat(\"/file/${local.b2_public_bucket}\",http.request.uri.path)"
}
}
}
description = "B2 - Add /file/${local.b2_public_bucket} to URL"
expression = "(http.host eq \"${local.b2_domain}\" and not starts_with(http.request.uri.path, \"/file/${local.b2_public_bucket}\"))"
enabled = true
}
}
resource "cloudflare_ruleset" "b2_response_header_rewrites" {
zone_id = data.cloudflare_zone.dns.id
name = "Backblaze HTTP Response Headers"
kind = "zone"
phase = "http_response_headers_transform"
rules {
action = "rewrite"
# !! THESE HEADERS MUST BE IN ALPHABETICAL ORDER !!
action_parameters {
headers {
name = "Access-Control-Allow-Origin"
operation = "set"
value = "*"
}
headers {
name = "ETag"
operation = "set"
expression = "concat(http.response.headers[\"x-bz-content-sha1\"][0],http.response.headers[\"x-bz-upload-timestamp\"][0],http.response.headers[\"x-bz-file-id\"][0])"
}
headers {
name = "x-bz-content-sha1"
operation = "remove"
}
headers {
name = "x-bz-file-id"
operation = "remove"
}
headers {
name = "x-bz-file-name"
operation = "remove"
}
headers {
name = "x-bz-info-large_file_sha1"
operation = "remove"
}
headers {
name = "x-bz-info-s3b-last-modified"
operation = "remove"
}
headers {
name = "x-bz-info-sha256"
operation = "remove"
}
headers {
name = "x-bz-info-src_last_modified_millis"
operation = "remove"
}
headers {
name = "x-bz-server-side-encryption"
operation = "remove"
}
headers {
name = "x-bz-upload-timestamp"
operation = "remove"
}
}
description = "B2 - Remove x-bz-*, add ETag, and set CORS"
expression = "(http.host eq \"${local.b2_domain}\")"
enabled = true
}
}