resource "akamai_appsec_custom_rule" "blockme_header_rule" {
  config_id = akamai_appsec_configuration.config.config_id
  custom_rule = jsonencode(
    {
      "conditions" : [
        {
          "positiveMatch" : true,
          "type" : "requestMethodMatch",
          "value" : [
            "GET"
          ]
        },
        {
          "positiveMatch" : true,
          "type" : "pathMatch",
          "value" : [
            "/*"
          ],
          "valueCase" : false,
          "valueIgnoreSegment" : true,
          "valueNormalize" : true,
          "valueWildcard" : true
        },
        {
          "name" : [
            "blockme",
            "Blockme",
            "blockMe",
            "BlockMe"
          ],
          "nameWildcard" : true,
          "positiveMatch" : true,
          "type" : "requestHeaderMatch",
          "value" : [
            "1",
            "yes",
            "true"
          ],
          "valueCase" : false,
          "valueWildcard" : true
        }
      ],
      "name" : "blockme header",
      "operation" : "AND",
      "tag" : [
        "tflab"
      ]
    }
  )
}

output "custom_rule_id" {
  value = akamai_appsec_custom_rule.blockme_header_rule.custom_rule_id
}

resource "akamai_appsec_custom_rule_action" "custom_rule_action" {
  config_id          = akamai_appsec_configuration.config.config_id
  security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
  custom_rule_id     = akamai_appsec_custom_rule.blockme_header_rule.custom_rule_id
  custom_rule_action = "deny"
}