devopsea26
/
devopsea26-cicd-lab
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
4 コミット
1 ブランチ
ツリー: 4f290e7641
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'4f290e7641' から
${ noResults }
devopsea26-cicd-lab/rules.tf

rules.tf 28KB
Raw Blame 履歴

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878 
  1. 

  2. data "akamai_property_rules_builder" "template-tflab_rule_default" {

  3.   rules_v2024_10_21 {

  4.     name      = "default"

  5.     is_secure = var.secure

  6.     comments  = "The Default Rule template contains all the necessary and recommended behaviors. Rules are evaluated from top to bottom and the last matching rule wins."

  7.     behavior {

  8.       origin {

  9.         cache_key_hostname            = "REQUEST_HOST_HEADER"

  10.         compress                      = true

  11.         enable_true_client_ip         = true

  12.         forward_host_header           = "REQUEST_HOST_HEADER"

  13.         hostname                      = var.origin_hostname

  14.         http_port                     = 80

  15.         https_port                    = 443

  16.         ip_version                    = "IPV4"

  17.         min_tls_version               = "DYNAMIC"

  18.         origin_certificate            = ""

  19.         origin_sni                    = true

  20.         origin_type                   = "CUSTOMER"

  21.         ports                         = ""

  22.         tls_version_title             = ""

  23.         true_client_ip_client_setting = false

  24.         true_client_ip_header         = "True-Client-IP"

  25.         verification_mode             = "PLATFORM_SETTINGS"

  26.       }

  27.     }

  28.     children = [

  29.       data.akamai_property_rules_builder.template-tflab_rule_augment_insights.json,

  30.       data.akamai_property_rules_builder.template-tflab_rule_accelerate_delivery.json,

  31.       data.akamai_property_rules_builder.template-tflab_rule_offload_origin.json,

  32.       data.akamai_property_rules_builder.template-tflab_rule_strengthen_security.json,

  33.       data.akamai_property_rules_builder.template-tflab_rule_increase_availability.json,

  34.       data.akamai_property_rules_builder.template-tflab_rule_minimize_payload.json,

  35.       data.akamai_property_rules_builder.template-tflab_rule_add_test_header.json,

  36.     ]

  37.   }

  38. }

  39. 

  40. data "akamai_property_rules_builder" "template-tflab_rule_augment_insights" {

  41.   rules_v2024_10_21 {

  42.     name                  = "Augment insights"

  43.     comments              = "Control the settings related to monitoring and reporting. This gives you additional visibility into your traffic and audiences."

  44.     criteria_must_satisfy = "all"

  45.     children = [

  46.       data.akamai_property_rules_builder.template-tflab_rule_traffic_reporting.json,

  47.       data.akamai_property_rules_builder.template-tflab_rule_m_pulse_rum.json,

  48.       data.akamai_property_rules_builder.template-tflab_rule_geolocation.json,

  49.       data.akamai_property_rules_builder.template-tflab_rule_log_delivery.json,

  50.     ]

  51.   }

  52. }

  53. 

  54. data "akamai_property_rules_builder" "template-tflab_rule_accelerate_delivery" {

  55.   rules_v2024_10_21 {

  56.     name                  = "Accelerate delivery"

  57.     comments              = "Control the settings related to improving the performance of delivering objects to your users."

  58.     criteria_must_satisfy = "all"

  59.     children = [

  60.       data.akamai_property_rules_builder.template-tflab_rule_origin_connectivity.json,

  61.       data.akamai_property_rules_builder.template-tflab_rule_protocol_optimizations.json,

  62.       data.akamai_property_rules_builder.template-tflab_rule_prefetching.json,

  63.       data.akamai_property_rules_builder.template-tflab_rule_adaptive_acceleration.json,

  64.     ]

  65.   }

  66. }

  67. 

  68. data "akamai_property_rules_builder" "template-tflab_rule_offload_origin" {

  69.   rules_v2024_10_21 {

  70.     name                  = "Offload origin"

  71.     comments              = "Control the settings related to caching content at the edge and in the browser. As a result, fewer requests go to your origin, fewer bytes leave your data centers, and your assets are closer to your users."

  72.     criteria_must_satisfy = "all"

  73.     behavior {

  74.       caching {

  75.         behavior = "NO_STORE"

  76.       }

  77.     }

  78.     behavior {

  79.       tiered_distribution {

  80.         enabled = true

  81.       }

  82.     }

  83.     behavior {

  84.       validate_entity_tag {

  85.         enabled = false

  86.       }

  87.     }

  88.     behavior {

  89.       remove_vary {

  90.         enabled = false

  91.       }

  92.     }

  93.     behavior {

  94.       cache_error {

  95.         enabled        = true

  96.         preserve_stale = true

  97.         ttl            = "10s"

  98.       }

  99.     }

  100.     behavior {

  101.       cache_key_query_params {

  102.         behavior = "INCLUDE_ALL_ALPHABETIZE_ORDER"

  103.       }

  104.     }

  105.     behavior {

  106.       prefresh_cache {

  107.         enabled     = true

  108.         prefreshval = 90

  109.       }

  110.     }

  111.     behavior {

  112.       downstream_cache {

  113.         allow_behavior = "LESSER"

  114.         behavior       = "ALLOW"

  115.         send_headers   = "CACHE_CONTROL"

  116.         send_private   = false

  117.       }

  118.     }

  119.     children = [

  120.       data.akamai_property_rules_builder.template-tflab_rule_css_and_java_script.json,

  121.       data.akamai_property_rules_builder.template-tflab_rule_fonts.json,

  122.       data.akamai_property_rules_builder.template-tflab_rule_images.json,

  123.       data.akamai_property_rules_builder.template-tflab_rule_files.json,

  124.       data.akamai_property_rules_builder.template-tflab_rule_other_static_objects.json,

  125.       data.akamai_property_rules_builder.template-tflab_rule_html_pages.json,

  126.       data.akamai_property_rules_builder.template-tflab_rule_redirects.json,

  127.       data.akamai_property_rules_builder.template-tflab_rule_post_responses.json,

  128.       data.akamai_property_rules_builder.template-tflab_rule_graph_ql.json,

  129.       data.akamai_property_rules_builder.template-tflab_rule_uncacheable_objects.json,

  130.     ]

  131.   }

  132. }

  133. 

  134. data "akamai_property_rules_builder" "template-tflab_rule_strengthen_security" {

  135.   rules_v2024_10_21 {

  136.     name                  = "Strengthen security"

  137.     comments              = "Control the settings that minimize the information your website shares with clients and malicious entities to reduce your exposure to threats."

  138.     criteria_must_satisfy = "all"

  139.     children = [

  140.       data.akamai_property_rules_builder.template-tflab_rule_allowed_methods.json,

  141.       data.akamai_property_rules_builder.template-tflab_rule_obfuscate_debug_info.json,

  142.       data.akamai_property_rules_builder.template-tflab_rule_obfuscate_backend_info.json,

  143.       data.akamai_property_rules_builder.template-tflab_rule_hsts.json,

  144.     ]

  145.   }

  146. }

  147. 

  148. data "akamai_property_rules_builder" "template-tflab_rule_increase_availability" {

  149.   rules_v2024_10_21 {

  150.     name                  = "Increase availability"

  151.     comments              = "Control how to respond when your origin or third parties are slow or even down to minimize the negative impact on user experience."

  152.     criteria_must_satisfy = "all"

  153.     children = [

  154.       data.akamai_property_rules_builder.template-tflab_rule_simulate_failover.json,

  155.       data.akamai_property_rules_builder.template-tflab_rule_site_failover.json,

  156.       data.akamai_property_rules_builder.template-tflab_rule_origin_health.json,

  157.       data.akamai_property_rules_builder.template-tflab_rule_script_management.json,

  158.     ]

  159.   }

  160. }

  161. 

  162. data "akamai_property_rules_builder" "template-tflab_rule_minimize_payload" {

  163.   rules_v2024_10_21 {

  164.     name                  = "Minimize payload"

  165.     comments              = "Control the settings that reduce the size of the delivered content and decrease the number of bytes sent by your properties. This allows you to cut down the network overhead of your website or API."

  166.     criteria_must_satisfy = "all"

  167.     children = [

  168.       data.akamai_property_rules_builder.template-tflab_rule_compressible_objects.json,

  169.     ]

  170.   }

  171. }

  172. data "akamai_property_rules_builder" "template-tflab_rule_add_test_header" {

  173.   rules_v2024_10_21 {

  174.     name                  = "Add test header"

  175.     criteria_must_satisfy = "all"

  176.     criterion {

  177.       hostname {

  178.         match_operator = "IS_ONE_OF"

  179.         values         = ["${var.UserID}${var.labname}-test.${var.hostname}", ]

  180.       }

  181.     }

  182.     behavior {

  183.       modify_outgoing_response_header {

  184.         action                   = "ADD"

  185.         custom_header_name       = "X-Test-Environment"

  186.         header_value             = "true"

  187.         standard_add_header_name = "OTHER"

  188.       }

  189.     }

  190.   }

  191. }

  192. 

  193. data "akamai_property_rules_builder" "template-tflab_rule_traffic_reporting" {

  194.   rules_v2024_10_21 {

  195.     name                  = "Traffic reporting"

  196.     comments              = "Identify your main traffic segments so you can granularly zoom in your traffic statistics like hits, bandwidth, offload, response codes, and errors."

  197.     criteria_must_satisfy = "all"

  198.     behavior {

  199.       cp_code {

  200.         value {

  201.           id           = var.cp_code_id

  202.           name         = var.cp_code_name

  203.           products     = ["SPM", ]

  204.         }

  205.       }

  206.     }

  207.   }

  208. }

  209. 

  210. data "akamai_property_rules_builder" "template-tflab_rule_m_pulse_rum" {

  211.   rules_v2024_10_21 {

  212.     name                  = "mPulse RUM"

  213.     comments              = "Collect and analyze real-user data to monitor the performance of your website."

  214.     criteria_must_satisfy = "all"

  215.     behavior {

  216.       m_pulse {

  217.         api_key         = ""

  218.         buffer_size     = ""

  219.         config_override = ""

  220.         enabled         = true

  221.         loader_version  = "V12"

  222.         require_pci     = false

  223.         title_optional  = ""

  224.       }

  225.     }

  226.   }

  227. }

  228. 

  229. data "akamai_property_rules_builder" "template-tflab_rule_geolocation" {

  230.   rules_v2024_10_21 {

  231.     name                  = "Geolocation"

  232.     comments              = "Receive data about a user's geolocation and connection speed in a request header. If you change cached content based on the values of the X-Akamai-Edgescape request header, contact your account representative."

  233.     criteria_must_satisfy = "all"

  234.     criterion {

  235.       request_type {

  236.         match_operator = "IS"

  237.         value          = "CLIENT_REQ"

  238.       }

  239.     }

  240.     behavior {

  241.       edge_scape {

  242.         enabled = false

  243.       }

  244.     }

  245.   }

  246. }

  247. 

  248. data "akamai_property_rules_builder" "template-tflab_rule_log_delivery" {

  249.   rules_v2024_10_21 {

  250.     name                  = "Log delivery"

  251.     comments              = "Specify the level of detail you want to be logged in your Log Delivery Service reports. Log User-Agent Header to obtain detailed information in the Traffic by Browser and OS report."

  252.     criteria_must_satisfy = "all"

  253.     behavior {

  254.       report {

  255.         log_accept_language  = false

  256.         log_cookies          = "OFF"

  257.         log_custom_log_field = false

  258.         log_edge_ip          = false

  259.         log_host             = false

  260.         log_referer          = false

  261.         log_user_agent       = false

  262.         log_x_forwarded_for  = false

  263.       }

  264.     }

  265.   }

  266. }

  267. 

  268. data "akamai_property_rules_builder" "template-tflab_rule_origin_connectivity" {

  269.   rules_v2024_10_21 {

  270.     name                  = "Origin connectivity"

  271.     comments              = "Optimize the connection between edge and origin."

  272.     criteria_must_satisfy = "all"

  273.     behavior {

  274.       dns_async_refresh {

  275.         enabled = true

  276.         timeout = "1h"

  277.       }

  278.     }

  279.     behavior {

  280.       timeout {

  281.         value = "5s"

  282.       }

  283.     }

  284.     behavior {

  285.       read_timeout {

  286.         first_byte_timeout = "20s"

  287.         value              = "120s"

  288.       }

  289.     }

  290.   }

  291. }

  292. 

  293. data "akamai_property_rules_builder" "template-tflab_rule_protocol_optimizations" {

  294.   rules_v2024_10_21 {

  295.     name                  = "Protocol optimizations"

  296.     comments              = "Serve your website using modern and fast protocols."

  297.     criteria_must_satisfy = "all"

  298.     behavior {

  299.       enhanced_akamai_protocol {

  300.         display = ""

  301.       }

  302.     }

  303.     behavior {

  304.       http3 {

  305.         enable = true

  306.       }

  307.     }

  308.     behavior {

  309.       http2 {

  310.         enabled = ""

  311.       }

  312.     }

  313.     behavior {

  314.       allow_transfer_encoding {

  315.         enabled = true

  316.       }

  317.     }

  318.     behavior {

  319.       sure_route {

  320.         enable_custom_key      = false

  321.         enabled                = true

  322.         force_ssl_forward      = false

  323.         race_stat_ttl          = "30m"

  324.         sr_download_link_title = ""

  325.         test_object_url        = "/akamai/sureroute-test-object.html"

  326.         to_host_status         = "INCOMING_HH"

  327.         type                   = "PERFORMANCE"

  328.       }

  329.     }

  330.   }

  331. }

  332. 

  333. data "akamai_property_rules_builder" "template-tflab_rule_prefetching" {

  334.   rules_v2024_10_21 {

  335.     name                  = "Prefetching"

  336.     comments              = "Instruct edge servers to retrieve embedded resources before the browser requests them."

  337.     criteria_must_satisfy = "all"

  338.     children = [

  339.       data.akamai_property_rules_builder.template-tflab_rule_prefetching_objects.json,

  340.       data.akamai_property_rules_builder.template-tflab_rule_prefetchable_objects.json,

  341.     ]

  342.   }

  343. }

  344. 

  345. data "akamai_property_rules_builder" "template-tflab_rule_adaptive_acceleration" {

  346.   rules_v2024_10_21 {

  347.     name                  = "Adaptive acceleration"

  348.     comments              = "Automatically and continuously apply performance optimizations to your website using machine learning."

  349.     criteria_must_satisfy = "all"

  350.     behavior {

  351.       adaptive_acceleration {

  352.         ab_logic                  = "DISABLED"

  353.         enable_brotli_compression = true

  354.         enable_for_noncacheable   = false

  355.         enable_preconnect         = true

  356.         enable_push               = true

  357.         enable_ro                 = false

  358.         preload_enable            = true

  359.         source                    = "mPulse"

  360.         title_http2_server_push   = ""

  361.         title_preconnect          = ""

  362.         title_preload             = ""

  363.         title_ro                  = ""

  364.       }

  365.     }

  366.   }

  367. }

  368. 

  369. data "akamai_property_rules_builder" "template-tflab_rule_prefetching_objects" {

  370.   rules_v2024_10_21 {

  371.     name                  = "Prefetching objects"

  372.     comments              = "Define for which HTML pages prefetching should be enabled."

  373.     criteria_must_satisfy = "all"

  374.     behavior {

  375.       prefetch {

  376.         enabled = true

  377.       }

  378.     }

  379.     children = [

  380.       data.akamai_property_rules_builder.template-tflab_rule_bots.json,

  381.     ]

  382.   }

  383. }

  384. 

  385. data "akamai_property_rules_builder" "template-tflab_rule_prefetchable_objects" {

  386.   rules_v2024_10_21 {

  387.     name                  = "Prefetchable objects"

  388.     comments              = "Define which resources should be prefetched."

  389.     criteria_must_satisfy = "all"

  390.     criterion {

  391.       file_extension {

  392.         match_case_sensitive = false

  393.         match_operator       = "IS_ONE_OF"

  394.         values               = ["css", "js", "jpg", "jpeg", "jp2", "png", "gif", "svg", "svgz", "webp", "eot", "woff", "woff2", "otf", "ttf", ]

  395.       }

  396.     }

  397.     behavior {

  398.       prefetchable {

  399.         enabled = true

  400.       }

  401.     }

  402.   }

  403. }

  404. 

  405. data "akamai_property_rules_builder" "template-tflab_rule_bots" {

  406.   rules_v2024_10_21 {

  407.     name                  = "Bots"

  408.     comments              = "Disable prefetching for specific clients identifying themselves as bots and crawlers. This avoids requesting unnecessary resources from the origin."

  409.     criteria_must_satisfy = "all"

  410.     criterion {

  411.       user_agent {

  412.         match_case_sensitive = false

  413.         match_operator       = "IS_ONE_OF"

  414.         match_wildcard       = true

  415.         values               = ["*bot*", "*crawl*", "*spider*", ]

  416.       }

  417.     }

  418.     behavior {

  419.       prefetch {

  420.         enabled = false

  421.       }

  422.     }

  423.   }

  424. }

  425. 

  426. data "akamai_property_rules_builder" "template-tflab_rule_css_and_java_script" {

  427.   rules_v2024_10_21 {

  428.     name                  = "CSS and JavaScript"

  429.     comments              = "Override the default caching behavior for CSS and JavaScript"

  430.     criteria_must_satisfy = "any"

  431.     criterion {

  432.       file_extension {

  433.         match_case_sensitive = false

  434.         match_operator       = "IS_ONE_OF"

  435.         values               = ["css", "js", ]

  436.       }

  437.     }

  438.     behavior {

  439.       caching {

  440.         behavior        = "MAX_AGE"

  441.         must_revalidate = false

  442.         ttl             = "7d"

  443.       }

  444.     }

  445.   }

  446. }

  447. 

  448. data "akamai_property_rules_builder" "template-tflab_rule_fonts" {

  449.   rules_v2024_10_21 {

  450.     name                  = "Fonts"

  451.     comments              = "Override the default caching behavior for fonts."

  452.     criteria_must_satisfy = "any"

  453.     criterion {

  454.       file_extension {

  455.         match_case_sensitive = false

  456.         match_operator       = "IS_ONE_OF"

  457.         values               = ["eot", "woff", "woff2", "otf", "ttf", ]

  458.       }

  459.     }

  460.     behavior {

  461.       caching {

  462.         behavior        = "MAX_AGE"

  463.         must_revalidate = false

  464.         ttl             = "30d"

  465.       }

  466.     }

  467.   }

  468. }

  469. 

  470. data "akamai_property_rules_builder" "template-tflab_rule_images" {

  471.   rules_v2024_10_21 {

  472.     name                  = "Images"

  473.     comments              = "Override the default caching behavior for images."

  474.     criteria_must_satisfy = "any"

  475.     criterion {

  476.       file_extension {

  477.         match_case_sensitive = false

  478.         match_operator       = "IS_ONE_OF"

  479.         values               = ["jpg", "jpeg", "png", "gif", "webp", "jp2", "ico", "svg", "svgz", ]

  480.       }

  481.     }

  482.     behavior {

  483.       caching {

  484.         behavior        = "MAX_AGE"

  485.         must_revalidate = false

  486.         ttl             = "30d"

  487.       }

  488.     }

  489.   }

  490. }

  491. 

  492. data "akamai_property_rules_builder" "template-tflab_rule_files" {

  493.   rules_v2024_10_21 {

  494.     name                  = "Files"

  495.     comments              = "Override the default caching behavior for files. Files containing Personal Identified Information (PII) should require Edge authentication or not be cached at all."

  496.     criteria_must_satisfy = "any"

  497.     criterion {

  498.       file_extension {

  499.         match_case_sensitive = false

  500.         match_operator       = "IS_ONE_OF"

  501.         values               = ["pdf", "doc", "docx", "odt", ]

  502.       }

  503.     }

  504.     behavior {

  505.       caching {

  506.         behavior        = "MAX_AGE"

  507.         must_revalidate = false

  508.         ttl             = "7d"

  509.       }

  510.     }

  511.   }

  512. }

  513. 

  514. data "akamai_property_rules_builder" "template-tflab_rule_other_static_objects" {

  515.   rules_v2024_10_21 {

  516.     name                  = "Other static objects"

  517.     comments              = "Override the default caching behavior for other static objects."

  518.     criteria_must_satisfy = "any"

  519.     criterion {

  520.       file_extension {

  521.         match_case_sensitive = false

  522.         match_operator       = "IS_ONE_OF"

  523.         values               = ["aif", "aiff", "au", "avi", "bin", "bmp", "cab", "carb", "cct", "cdf", "class", "dcr", "dtd", "exe", "flv", "gcf", "gff", "grv", "hdml", "hqx", "ini", "mov", "mp3", "nc", "pct", "ppc", "pws", "swa", "swf", "txt", "vbs", "w32", "wav", "midi", "wbmp", "wml", "wmlc", "wmls", "wmlsc", "xsd", "zip", "pict", "tif", "tiff", "mid", "jxr", "jar", ]

  524.       }

  525.     }

  526.     behavior {

  527.       caching {

  528.         behavior        = "MAX_AGE"

  529.         must_revalidate = false

  530.         ttl             = "7d"

  531.       }

  532.     }

  533.   }

  534. }

  535. 

  536. data "akamai_property_rules_builder" "template-tflab_rule_html_pages" {

  537.   rules_v2024_10_21 {

  538.     name                  = "HTML pages"

  539.     comments              = "Override the default caching behavior for HTML pages cached on edge servers."

  540.     criteria_must_satisfy = "all"

  541.     criterion {

  542.       file_extension {

  543.         match_case_sensitive = false

  544.         match_operator       = "IS_ONE_OF"

  545.         values               = ["html", "htm", "php", "jsp", "aspx", "EMPTY_STRING", ]

  546.       }

  547.     }

  548.     behavior {

  549.       caching {

  550.         behavior = "NO_STORE"

  551.       }

  552.     }

  553.     behavior {

  554.       cache_key_query_params {

  555.         behavior    = "IGNORE"

  556.         exact_match = true

  557.         parameters  = ["gclid", "fbclid", "utm_source", "utm_campaign", "utm_medium", "utm_content", ]

  558.       }

  559.     }

  560.   }

  561. }

  562. 

  563. data "akamai_property_rules_builder" "template-tflab_rule_redirects" {

  564.   rules_v2024_10_21 {

  565.     name                  = "Redirects"

  566.     comments              = "Configure caching for HTTP redirects. The redirect is cached for the same TTL as a 200 HTTP response when this feature is enabled."

  567.     criteria_must_satisfy = "all"

  568.     behavior {

  569.       cache_redirect {

  570.         enabled = "false"

  571.       }

  572.     }

  573.     behavior {

  574.       chase_redirects {

  575.         enabled = false

  576.       }

  577.     }

  578.   }

  579. }

  580. 

  581. data "akamai_property_rules_builder" "template-tflab_rule_post_responses" {

  582.   rules_v2024_10_21 {

  583.     name                  = "POST responses"

  584.     comments              = "Define when HTTP POST requests should be cached. You should enable it under a criteria match."

  585.     criteria_must_satisfy = "all"

  586.     behavior {

  587.       cache_post {

  588.         enabled = false

  589.       }

  590.     }

  591.   }

  592. }

  593. 

  594. data "akamai_property_rules_builder" "template-tflab_rule_graph_ql" {

  595.   rules_v2024_10_21 {

  596.     name                  = "GraphQL"

  597.     comments              = "Define when your GraphQL queries should be cached."

  598.     criteria_must_satisfy = "all"

  599.     criterion {

  600.       path {

  601.         match_case_sensitive = false

  602.         match_operator       = "MATCHES_ONE_OF"

  603.         normalize            = false

  604.         values               = ["/graphql", ]

  605.       }

  606.     }

  607.     behavior {

  608.       graphql_caching {

  609.         enabled = false

  610.       }

  611.     }

  612.   }

  613. }

  614. 

  615. data "akamai_property_rules_builder" "template-tflab_rule_uncacheable_objects" {

  616.   rules_v2024_10_21 {

  617.     name                  = "Uncacheable objects"

  618.     comments              = "Configure the default client caching behavior for uncacheable content at the edge."

  619.     criteria_must_satisfy = "any"

  620.     criterion {

  621.       cacheability {

  622.         match_operator = "IS_NOT"

  623.         value          = "CACHEABLE"

  624.       }

  625.     }

  626.     criterion {

  627.       hostname {

  628.         match_operator = "IS_ONE_OF"

  629.         values         = ["${var.UserID}${var.labname}-test.${var.hostname}", ]

  630.       }

  631.     } 

  632.     behavior {

  633.       downstream_cache {

  634.         behavior = "BUST"

  635.       }

  636.     }

  637.   }

  638. }

  639. 

  640. data "akamai_property_rules_builder" "template-tflab_rule_allowed_methods" {

  641.   rules_v2024_10_21 {

  642.     name                  = "Allowed methods"

  643.     comments              = "Allow the use of HTTP methods. Consider enabling additional methods under a path match for increased origin security."

  644.     criteria_must_satisfy = "all"

  645.     behavior {

  646.       all_http_in_cache_hierarchy {

  647.         enabled = true

  648.       }

  649.     }

  650.     children = [

  651.       data.akamai_property_rules_builder.template-tflab_rule_post.json,

  652.       data.akamai_property_rules_builder.template-tflab_rule_options.json,

  653.       data.akamai_property_rules_builder.template-tflab_rule_put.json,

  654.       data.akamai_property_rules_builder.template-tflab_rule_delete.json,

  655.       data.akamai_property_rules_builder.template-tflab_rule_patch.json,

  656.     ]

  657.   }

  658. }

  659. 

  660. data "akamai_property_rules_builder" "template-tflab_rule_obfuscate_debug_info" {

  661.   rules_v2024_10_21 {

  662.     name                  = "Obfuscate debug info"

  663.     comments              = "Do not expose back-end information unless the request contains the Pragma debug header."

  664.     criteria_must_satisfy = "all"

  665.     behavior {

  666.       cache_tag_visible {

  667.         behavior = "PRAGMA_HEADER"

  668.       }

  669.     }

  670.   }

  671. }

  672. 

  673. data "akamai_property_rules_builder" "template-tflab_rule_obfuscate_backend_info" {

  674.   rules_v2024_10_21 {

  675.     name                  = "Obfuscate backend info"

  676.     comments              = "Do not expose back-end information unless the request contains an additional secret header. Regularly change the criteria to use a specific unique value for the secret header."

  677.     criteria_must_satisfy = "all"

  678.     criterion {

  679.       request_header {

  680.         header_name                = "X-Akamai-Debug"

  681.         match_case_sensitive_value = true

  682.         match_operator             = "IS_NOT_ONE_OF"

  683.         match_wildcard_name        = false

  684.         match_wildcard_value       = false

  685.         values                     = ["true", ]

  686.       }

  687.     }

  688.     behavior {

  689.       modify_outgoing_response_header {

  690.         action                      = "DELETE"

  691.         custom_header_name          = "X-Powered-By"

  692.         standard_delete_header_name = "OTHER"

  693.       }

  694.     }

  695.     behavior {

  696.       modify_outgoing_response_header {

  697.         action                      = "DELETE"

  698.         custom_header_name          = "Server"

  699.         standard_delete_header_name = "OTHER"

  700.       }

  701.     }

  702.   }

  703. }

  704. 

  705. data "akamai_property_rules_builder" "template-tflab_rule_hsts" {

  706.   rules_v2024_10_21 {

  707.     name                  = "HSTS"

  708.     comments              = "Require all browsers to connect to your site using HTTPS."

  709.     criteria_must_satisfy = "all"

  710.     behavior {

  711.       http_strict_transport_security {

  712.         enable = false

  713.       }

  714.     }

  715.   }

  716. }

  717. 

  718. data "akamai_property_rules_builder" "template-tflab_rule_post" {

  719.   rules_v2024_10_21 {

  720.     name                  = "POST"

  721.     comments              = "Allow use of the POST HTTP request method."

  722.     criteria_must_satisfy = "all"

  723.     behavior {

  724.       allow_post {

  725.         allow_without_content_length = false

  726.         enabled                      = true

  727.       }

  728.     }

  729.   }

  730. }

  731. 

  732. data "akamai_property_rules_builder" "template-tflab_rule_options" {

  733.   rules_v2024_10_21 {

  734.     name                  = "OPTIONS"

  735.     comments              = "Allow use of the OPTIONS HTTP request method."

  736.     criteria_must_satisfy = "all"

  737.     behavior {

  738.       allow_options {

  739.         enabled = true

  740.       }

  741.     }

  742.   }

  743. }

  744. 

  745. data "akamai_property_rules_builder" "template-tflab_rule_put" {

  746.   rules_v2024_10_21 {

  747.     name                  = "PUT"

  748.     comments              = "Allow use of the PUT HTTP request method."

  749.     criteria_must_satisfy = "all"

  750.     behavior {

  751.       allow_put {

  752.         enabled = false

  753.       }

  754.     }

  755.   }

  756. }

  757. 

  758. data "akamai_property_rules_builder" "template-tflab_rule_delete" {

  759.   rules_v2024_10_21 {

  760.     name                  = "DELETE"

  761.     comments              = "Allow use of the DELETE HTTP request method."

  762.     criteria_must_satisfy = "all"

  763.     behavior {

  764.       allow_delete {

  765.         enabled = false

  766.       }

  767.     }

  768.   }

  769. }

  770. 

  771. data "akamai_property_rules_builder" "template-tflab_rule_patch" {

  772.   rules_v2024_10_21 {

  773.     name                  = "PATCH"

  774.     comments              = "Allow use of the PATCH HTTP request method."

  775.     criteria_must_satisfy = "all"

  776.     behavior {

  777.       allow_patch {

  778.         enabled = false

  779.       }

  780.     }

  781.   }

  782. }

  783. 

  784. data "akamai_property_rules_builder" "template-tflab_rule_simulate_failover" {

  785.   rules_v2024_10_21 {

  786.     name                  = "Simulate failover"

  787.     comments              = "Simulate an origin connection problem and test the site failover configuration on the CDN staging network."

  788.     criteria_must_satisfy = "all"

  789.     criterion {

  790.       content_delivery_network {

  791.         match_operator = "IS"

  792.         network        = "STAGING"

  793.       }

  794.     }

  795.     criterion {

  796.       request_header {

  797.         header_name                = "breakconnection"

  798.         match_case_sensitive_value = true

  799.         match_operator             = "IS_ONE_OF"

  800.         match_wildcard_name        = false

  801.         match_wildcard_value       = false

  802.         values                     = ["Your-Secret-Here", ]

  803.       }

  804.     }

  805.     behavior {

  806.       break_connection {

  807.         enabled = true

  808.       }

  809.     }

  810.   }

  811. }

  812. 

  813. data "akamai_property_rules_builder" "template-tflab_rule_site_failover" {

  814.   rules_v2024_10_21 {

  815.     name                  = "Site failover"

  816.     comments              = "Specify how edge servers respond when the origin is not available."

  817.     criteria_must_satisfy = "any"

  818.     criterion {

  819.       origin_timeout {

  820.         match_operator = "ORIGIN_TIMED_OUT"

  821.       }

  822.     }

  823.     behavior {

  824.       fail_action {

  825.         enabled = false

  826.       }

  827.     }

  828.   }

  829. }

  830. 

  831. data "akamai_property_rules_builder" "template-tflab_rule_origin_health" {

  832.   rules_v2024_10_21 {

  833.     name                  = "Origin health"

  834.     comments              = "Monitor the health of your origin by tracking unsuccessful IP connection attempts."

  835.     criteria_must_satisfy = "all"

  836.     behavior {

  837.       health_detection {

  838.         maximum_reconnects = 3

  839.         retry_count        = 3

  840.         retry_interval     = "10s"

  841.       }

  842.     }

  843.   }

  844. }

  845. 

  846. data "akamai_property_rules_builder" "template-tflab_rule_script_management" {

  847.   rules_v2024_10_21 {

  848.     name                  = "Script management"

  849.     comments              = "Enable Script Management to minimize performance and availability impacts from third-party JavaScripts."

  850.     criteria_must_satisfy = "all"

  851.     behavior {

  852.       script_management {

  853.         enabled = false

  854.       }

  855.     }

  856.   }

  857. }

  858. 

  859. data "akamai_property_rules_builder" "template-tflab_rule_compressible_objects" {

  860.   rules_v2024_10_21 {

  861.     name                  = "Compressible objects"

  862.     comments              = "Serve gzip compressed content for text-based formats."

  863.     criteria_must_satisfy = "all"

  864.     criterion {

  865.       content_type {

  866.         match_case_sensitive = false

  867.         match_operator       = "IS_ONE_OF"

  868.         match_wildcard       = true

  869.         values               = ["application/*javascript*", "application/*json*", "application/*xml*", "application/text*", "application/vnd-ms-fontobject", "application/vnd.microsoft.icon", "application/x-font-opentype", "application/x-font-truetype", "application/x-font-ttf", "application/xml*", "font/eot*", "font/eot", "font/opentype", "font/otf", "image/svg+xml", "image/vnd.microsoft.icon", "image/x-icon", "text/*", "application/octet-stream*", "application/x-font-eot*", "font/ttf", "application/font-ttf", "application/font-sfnt", "application/x-tgif", ]

  870.       }

  871.     }

  872.     behavior {

  873.       gzip_response {

  874.         behavior = "ALWAYS"

  875.       }

  876.     }

  877.   }

  878. }