From 7798e72ef97c11cd54acedf4a1afe43ec47cd955 Mon Sep 17 00:00:00 2001 From: pritchyspritch <47423802+pritchyspritch@users.noreply.github.com> Date: Fri, 15 Nov 2024 17:27:35 +0000 Subject: [PATCH] Tf azure cdn redirect --- 001-http-redirect/README.md | 38 ++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/001-http-redirect/README.md b/001-http-redirect/README.md index 91d71eb..86ce504 100644 --- a/001-http-redirect/README.md +++ b/001-http-redirect/README.md @@ -8,9 +8,11 @@ The best implementation is to utilise a HTTP redirect to the central security.tx ``` See below for various implementation examples: -- [Node.js Express.js](#nodejs-expressjs) -- [Node.js 'http'](#nodejs-http) -- [Python Flask](#python-flask) +- [001-http-redirect](#001-http-redirect) + - [Node.js Express.js](#nodejs-expressjs) + - [Node.js 'http'](#nodejs-http) + - [Python Flask](#python-flask) + - [Azure CDN Terraform](#azure-cdn-terraform) Additionally, see [002-faas-edge-code](../002-faas-edge-code) for code to implement at your CDN edge to perform the HTTP redirect. @@ -79,3 +81,33 @@ def securitytxt(): if __name__ == "__main__": app.run(host="0.0.0.0", port=int(os.getenv("PORT", "3000"))) ``` + +## Azure CDN Terraform + +``` +resource "azurerm_cdn_frontdoor_rule" "security_txt_rule" { + depends_on = [] + name = "securitytxtredirect" + cdn_frontdoor_rule_set_id = azurerm_cdn_frontdoor_rule_set..id + order = 1 + behavior_on_match = "Continue" + + actions { + + conditions { + url_filename_condition { + operator = "BeginsWith" + match_values = ["security.txt", "/.well-known/security.txt"] + transforms = ["Lowercase"] + } + } + + url_redirect_action { + redirect_type = "Found" + redirect_protocol = "Https" + destination_hostname = "vulnerability-reporting.service.security.gov.uk" + destination_path = "/.well-known/security.txt" + } + } +} +``` \ No newline at end of file