rule { name = "tf-jptest-login" priority = 7 action { block {} } statement { rate_based_statement { limit = 100 aggregate_key_type = "IP" scope_down_statement { and_statement { statement { byte_match_statement { field_to_match { uri_path {} } positional_constraint = "CONTAINS" search_string = "login" text_transformation { priority = 1 type = "LOWERCASE" } } } statement { not_statement { statement { or_statement { statement { ip_set_reference_statement { arn = aws_wafv2_ip_set.tf-jptest-local-ips.arn } } statement { regex_pattern_set_reference_statement { arn = aws_wafv2_regex_pattern_set.tf-jptest-good-bots.arn field_to_match { single_header { name = "user-agent" } } text_transformation { priority = 1 type = "LOWERCASE" } } } } } } } } } } } visibility_config { cloudwatch_metrics_enabled = true metric_name = "tf-jptest-login" sampled_requests_enabled = true } }