github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #148 from openappsec/orianelou-new-policy-files

Browse Source 
Orianelou new policy files
This commit is contained in:
WrightNed 2024-06-19 16:18:41 +03:00 committed by GitHub
commit 81b1aec487
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 1004 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
config/k8s/latest/open-appsec-k8s-default-config-v1beta2.yaml Normal file
View File

@ -0,0 +1,126 @@
# open-appsec default declarative configuration file
# based on schema version: "v1beta2"
# more information on declarative configuration: https://docs.openappsec.io
apiVersion: openappsec.io/v1beta2
kind: Policy
metadata:
name: default-policy
spec:
default:
# start in detect-learn and move to prevent-learn based on learning progress
mode: detect-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
customResponses: default-web-user-response
triggers:
- default-log-trigger
specificRules:
- host: www.example.com
# this is an example for specific rule, adjust the values as required for the protected app
mode: detect-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
triggers:
- default-log-trigger
---
apiVersion: openappsec.io/v1beta2
kind: ThreatPreventionPractice
metadata:
name: default-threat-prevention-practice
spec:
practiceMode: inherited
webAttacks:
overrideMode: inherited
minimumConfidence: high
intrusionPrevention:
# intrusion prevention (IPS) requires "Premium Edition"
overrideMode: inherited
maxPerformanceImpact: medium
minSeverityLevel: medium
minCveYear: 2016
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
fileSecurity:
# file security requires "Premium Edition"
overrideMode: inherited
minSeverityLevel: medium
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
snortSignatures:
# you must specify snort signatures in configmap or file to activate snort inspection
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
openapiSchemaValidation: # schema validation requires "Premium Edition"
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
antiBot: # antibot requires "Premium Edition"
overrideMode: inherited
injectedUris: []
validatedUris: []
---
apiVersion: openappsec.io/v1beta2
kind: AccessControlPractice
metadata:
name: default-access-control-practice
spec:
practiceMode: inherited
rateLimit:
# specify one or more rules below to use rate limiting
overrideMode: inherited
rules: []
---
apiVersion: openappsec.io/v1beta2
kind: LogTrigger
metadata:
name: default-log-trigger
spec:
accessControlLogging:
allowEvents: false
dropEvents: true
appsecLogging:
detectEvents: true
preventEvents: true
allWebRequests: false
extendedLogging:
urlPath: true
urlQuery: true
httpHeaders: false
requestBody: false
additionalSuspiciousEventsLogging:
enabled: true
minSeverity: high
responseBody: false
responseCode: true
logDestination:
cloud: true
logToAgent: false
stdout:
format: json
---
apiVersion: openappsec.io/v1beta2
kind: CustomResponse
metadata:
name: default-web-user-response
spec:
mode: response-code-only
httpResponseCode: 403

126
config/k8s/latest/open-appsec-k8s-prevent-config-v1beta2.yaml Normal file
View File

@ -0,0 +1,126 @@
# open-appsec default declarative configuration file
# based on schema version: "v1beta2"
# more information on declarative configuration: https://docs.openappsec.io
apiVersion: openappsec.io/v1beta2
kind: Policy
metadata:
name: default-policy
spec:
default:
# start in prevent-learn
mode: prevent-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
customResponses: default-web-user-response
triggers:
- default-log-trigger
specificRules:
- host: www.example.com
# this is an example for specific rule, adjust the values as required for the protected app
mode: prevent-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
triggers:
- default-log-trigger
---
apiVersion: openappsec.io/v1beta2
kind: ThreatPreventionPractice
metadata:
name: default-threat-prevention-practice
spec:
practiceMode: inherited
webAttacks:
overrideMode: inherited
minimumConfidence: high
intrusionPrevention:
# intrusion prevention (IPS) requires "Premium Edition"
overrideMode: inherited
maxPerformanceImpact: medium
minSeverityLevel: medium
minCveYear: 2016
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
fileSecurity:
# file security requires "Premium Edition"
overrideMode: inherited
minSeverityLevel: medium
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
snortSignatures:
# you must specify snort signatures in configmap or file to activate snort inspection
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
openapiSchemaValidation: # schema validation requires "Premium Edition"
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
antiBot: # antibot requires "Premium Edition"
overrideMode: inherited
injectedUris: []
validatedUris: []
---
apiVersion: openappsec.io/v1beta2
kind: AccessControlPractice
metadata:
name: default-access-control-practice
spec:
practiceMode: inherited
rateLimit:
# specify one or more rules below to use rate limiting
overrideMode: inherited
rules: []
---
apiVersion: openappsec.io/v1beta2
kind: LogTrigger
metadata:
name: default-log-trigger
spec:
accessControlLogging:
allowEvents: false
dropEvents: true
appsecLogging:
detectEvents: true
preventEvents: true
allWebRequests: false
extendedLogging:
urlPath: true
urlQuery: true
httpHeaders: false
requestBody: false
additionalSuspiciousEventsLogging:
enabled: true
minSeverity: high
responseBody: false
responseCode: true
logDestination:
cloud: true
logToAgent: false
stdout:
format: json
---
apiVersion: openappsec.io/v1beta2
kind: CustomResponse
metadata:
name: default-web-user-response
spec:
mode: response-code-only
httpResponseCode: 403

13
config/k8s/v1beta1/open-appsec-k8s-default-config-v1beta1.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: openappsec.io/v1beta1
kind: Policy
metadata:
name: open-appsec-best-practice-policy
spec:
default:
mode: detect-learn
practices: [appsec-best-practice]
triggers: [appsec-log-trigger]
custom-response: 403-forbidden
source-identifiers: ""
trusted-sources: ""
exceptions: []

13
config/k8s/v1beta1/open-appsec-k8s-prevent-config-v1beta1.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: openappsec.io/v1beta1
kind: Policy
metadata:
name: open-appsec-best-practice-policy
spec:
default:
mode: prevent-learn
practices: [appsec-best-practice]
triggers: [appsec-log-trigger]
custom-response: 403-forbidden
source-identifiers: ""
trusted-sources: ""
exceptions: []

126
config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml Normal file
View File

@ -0,0 +1,126 @@
# open-appsec default declarative configuration file
# based on schema version: "v1beta2"
# more information on declarative configuration: https://docs.openappsec.io
apiVersion: openappsec.io/v1beta2
kind: Policy
metadata:
name: default-policy
spec:
default:
# start in detect-learn and move to prevent-learn based on learning progress
mode: detect-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
customResponses: default-web-user-response
triggers:
- default-log-trigger
specificRules:
- host: www.example.com
# this is an example for specific rule, adjust the values as required for the protected app
mode: detect-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
triggers:
- default-log-trigger
---
apiVersion: openappsec.io/v1beta2
kind: ThreatPreventionPractice
metadata:
name: default-threat-prevention-practice
spec:
practiceMode: inherited
webAttacks:
overrideMode: inherited
minimumConfidence: high
intrusionPrevention:
# intrusion prevention (IPS) requires "Premium Edition"
overrideMode: inherited
maxPerformanceImpact: medium
minSeverityLevel: medium
minCveYear: 2016
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
fileSecurity:
# file security requires "Premium Edition"
overrideMode: inherited
minSeverityLevel: medium
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
snortSignatures:
# you must specify snort signatures in configmap or file to activate snort inspection
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
openapiSchemaValidation: # schema validation requires "Premium Edition"
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
antiBot: # antibot requires "Premium Edition"
overrideMode: inherited
injectedUris: []
validatedUris: []
---
apiVersion: openappsec.io/v1beta2
kind: AccessControlPractice
metadata:
name: default-access-control-practice
spec:
practiceMode: inherited
rateLimit:
# specify one or more rules below to use rate limiting
overrideMode: inherited
rules: []
---
apiVersion: openappsec.io/v1beta2
kind: LogTrigger
metadata:
name: default-log-trigger
spec:
accessControlLogging:
allowEvents: false
dropEvents: true
appsecLogging:
detectEvents: true
preventEvents: true
allWebRequests: false
extendedLogging:
urlPath: true
urlQuery: true
httpHeaders: false
requestBody: false
additionalSuspiciousEventsLogging:
enabled: true
minSeverity: high
responseBody: false
responseCode: true
logDestination:
cloud: true
logToAgent: false
stdout:
format: json
---
apiVersion: openappsec.io/v1beta2
kind: CustomResponse
metadata:
name: default-web-user-response
spec:
mode: response-code-only
httpResponseCode: 403

126
config/k8s/v1beta2/open-appsec-k8s-prevent-config-v1beta2.yaml Normal file
View File

@ -0,0 +1,126 @@
# open-appsec default declarative configuration file
# based on schema version: "v1beta2"
# more information on declarative configuration: https://docs.openappsec.io
apiVersion: openappsec.io/v1beta2
kind: Policy
metadata:
name: default-policy
spec:
default:
# start in prevent-learn
mode: prevent-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
customResponses: default-web-user-response
triggers:
- default-log-trigger
specificRules:
- host: www.example.com
# this is an example for specific rule, adjust the values as required for the protected app
mode: prevent-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
triggers:
- default-log-trigger
---
apiVersion: openappsec.io/v1beta2
kind: ThreatPreventionPractice
metadata:
name: default-threat-prevention-practice
spec:
practiceMode: inherited
webAttacks:
overrideMode: inherited
minimumConfidence: high
intrusionPrevention:
# intrusion prevention (IPS) requires "Premium Edition"
overrideMode: inherited
maxPerformanceImpact: medium
minSeverityLevel: medium
minCveYear: 2016
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
fileSecurity:
# file security requires "Premium Edition"
overrideMode: inherited
minSeverityLevel: medium
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
snortSignatures:
# you must specify snort signatures in configmap or file to activate snort inspection
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
openapiSchemaValidation: # schema validation requires "Premium Edition"
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
antiBot: # antibot requires "Premium Edition"
overrideMode: inherited
injectedUris: []
validatedUris: []
---
apiVersion: openappsec.io/v1beta2
kind: AccessControlPractice
metadata:
name: default-access-control-practice
spec:
practiceMode: inherited
rateLimit:
# specify one or more rules below to use rate limiting
overrideMode: inherited
rules: []
---
apiVersion: openappsec.io/v1beta2
kind: LogTrigger
metadata:
name: default-log-trigger
spec:
accessControlLogging:
allowEvents: false
dropEvents: true
appsecLogging:
detectEvents: true
preventEvents: true
allWebRequests: false
extendedLogging:
urlPath: true
urlQuery: true
httpHeaders: false
requestBody: false
additionalSuspiciousEventsLogging:
enabled: true
minSeverity: high
responseBody: false
responseCode: true
logDestination:
cloud: true
logToAgent: false
stdout:
format: json
---
apiVersion: openappsec.io/v1beta2
kind: CustomResponse
metadata:
name: default-web-user-response
spec:
mode: response-code-only
httpResponseCode: 403

62
config/linux/latest/detect/local_policy.yaml Normal file
View File

@ -0,0 +1,62 @@
policies:
default:
triggers:
- appsec-default-log-trigger
mode: detect-learn
practices:
- webapp-default-practice
custom-response: appsec-default-web-user-response
specific-rules: []
practices:
- name: webapp-default-practice
openapi-schema-validation:
configmap: []
override-mode: detect-learn
snort-signatures:
configmap: []
override-mode: detect-learn
web-attacks:
max-body-size-kb: 1000000
max-header-size-bytes: 102400
max-object-depth: 40
max-url-size-bytes: 32768
minimum-confidence: critical
override-mode: detect-learn
protections:
csrf-protection: inactive
error-disclosure: inactive
non-valid-http-methods: false
open-redirect: inactive
anti-bot:
injected-URIs: []
validated-URIs: []
override-mode: detect-learn
log-triggers:
- name: appsec-default-log-trigger
access-control-logging:
allow-events: false
drop-events: true
additional-suspicious-events-logging:
enabled: true
minimum-severity: high
response-body: false
appsec-logging:
all-web-requests: false
detect-events: true
prevent-events: true
extended-logging:
http-headers: false
request-body: false
url-path: false
url-query: false
log-destination:
cloud: true
stdout:
format: json
custom-responses:
- name: appsec-default-web-user-response
mode: response-code-only
http-response-code: 403

62
config/linux/latest/prevent/local_policy.yaml Normal file
View File

@ -0,0 +1,62 @@
policies:
default:
triggers:
- appsec-default-log-trigger
mode: prevent-learn
practices:
- webapp-default-practice
custom-response: appsec-default-web-user-response
specific-rules: []
practices:
- name: webapp-default-practice
openapi-schema-validation:
configmap: []
override-mode: prevent-learn
snort-signatures:
configmap: []
override-mode: prevent-learn
web-attacks:
max-body-size-kb: 1000000
max-header-size-bytes: 102400
max-object-depth: 40
max-url-size-bytes: 32768
minimum-confidence: critical
override-mode: prevent-learn
protections:
csrf-protection: inactive
error-disclosure: inactive
non-valid-http-methods: false
open-redirect: inactive
anti-bot:
injected-URIs: []
validated-URIs: []
override-mode: prevent-learn
log-triggers:
- name: appsec-default-log-trigger
access-control-logging:
allow-events: false
drop-events: true
additional-suspicious-events-logging:
enabled: true
minimum-severity: high
response-body: false
appsec-logging:
all-web-requests: false
detect-events: true
prevent-events: true
extended-logging:
http-headers: false
request-body: false
url-path: false
url-query: false
log-destination:
cloud: true
stdout:
format: json
custom-responses:
- name: appsec-default-web-user-response
mode: response-code-only
http-response-code: 403

62
config/linux/v1beta1/detect/local_policy.yaml Normal file
View File

@ -0,0 +1,62 @@
policies:
default:
triggers:
- appsec-default-log-trigger
mode: detect-learn
practices:
- webapp-default-practice
custom-response: appsec-default-web-user-response
specific-rules: []
practices:
- name: webapp-default-practice
openapi-schema-validation:
configmap: []
override-mode: detect-learn
snort-signatures:
configmap: []
override-mode: detect-learn
web-attacks:
max-body-size-kb: 1000000
max-header-size-bytes: 102400
max-object-depth: 40
max-url-size-bytes: 32768
minimum-confidence: critical
override-mode: detect-learn
protections:
csrf-protection: inactive
error-disclosure: inactive
non-valid-http-methods: false
open-redirect: inactive
anti-bot:
injected-URIs: []
validated-URIs: []
override-mode: detect-learn
log-triggers:
- name: appsec-default-log-trigger
access-control-logging:
allow-events: false
drop-events: true
additional-suspicious-events-logging:
enabled: true
minimum-severity: high
response-body: false
appsec-logging:
all-web-requests: false
detect-events: true
prevent-events: true
extended-logging:
http-headers: false
request-body: false
url-path: false
url-query: false
log-destination:
cloud: true
stdout:
format: json
custom-responses:
- name: appsec-default-web-user-response
mode: response-code-only
http-response-code: 403

62
config/linux/v1beta1/prevent/local_policy.yaml Normal file
View File

@ -0,0 +1,62 @@
policies:
default:
triggers:
- appsec-default-log-trigger
mode: prevent-learn
practices:
- webapp-default-practice
custom-response: appsec-default-web-user-response
specific-rules: []
practices:
- name: webapp-default-practice
openapi-schema-validation:
configmap: []
override-mode: prevent-learn
snort-signatures:
configmap: []
override-mode: prevent-learn
web-attacks:
max-body-size-kb: 1000000
max-header-size-bytes: 102400
max-object-depth: 40
max-url-size-bytes: 32768
minimum-confidence: critical
override-mode: prevent-learn
protections:
csrf-protection: inactive
error-disclosure: inactive
non-valid-http-methods: false
open-redirect: inactive
anti-bot:
injected-URIs: []
validated-URIs: []
override-mode: prevent-learn
log-triggers:
- name: appsec-default-log-trigger
access-control-logging:
allow-events: false
drop-events: true
additional-suspicious-events-logging:
enabled: true
minimum-severity: high
response-body: false
appsec-logging:
all-web-requests: false
detect-events: true
prevent-events: true
extended-logging:
http-headers: false
request-body: false
url-path: false
url-query: false
log-destination:
cloud: true
stdout:
format: json
custom-responses:
- name: appsec-default-web-user-response
mode: response-code-only
http-response-code: 403

111
config/linux/v1beta2/default/local_policy.yaml Normal file
View File

@ -0,0 +1,111 @@
# open-appsec default declarative configuration file
# based on schema version: "v1beta2"
# more information on declarative configuration: https://docs.openappsec.io
apiVersion: v1beta2
policies:
default:
# start in detect-learn and move to prevent-learn based on learning progress
mode: detect-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
customResponses: default-web-user-response
triggers:
- default-log-trigger
specificRules:
- host: www.example.com
# this is an example for specific rule, adjust the values as required for the protected app
mode: detect-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
triggers:
- default-log-trigger
threatPreventionPractices:
- name: default-threat-prevention-practice
practiceMode: inherited
webAttacks:
overrideMode: inherited
minimumConfidence: high
intrusionPrevention:
# intrusion prevention (IPS) requires "Premium Edition"
overrideMode: inherited
maxPerformanceImpact: medium
minSeverityLevel: medium
minCveYear: 2016
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
fileSecurity:
# file security requires "Premium Edition"
overrideMode: inherited
minSeverityLevel: medium
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
snortSignatures:
# you must specify snort signatures in configmap or file to activate snort inspection
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
openapiSchemaValidation: # schema validation requires "Premium Edition"
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
antiBot: # antibot requires "Premium Edition"
overrideMode: inherited
injectedUris: []
validatedUris: []
accessControlPractices:
- name: default-access-control-practice
practiceMode: inherited
rateLimit:
# specify one or more rules below to use rate limiting
overrideMode: inherited
rules: []
logTriggers:
- name: default-log-trigger
accessControlLogging:
allowEvents: false
dropEvents: true
appsecLogging:
detectEvents: true
preventEvents: true
allWebRequests: false
extendedLogging:
urlPath: true
urlQuery: true
httpHeaders: false
requestBody: false
additionalSuspiciousEventsLogging:
enabled: true
minSeverity: high
responseBody: false
responseCode: true
logDestination:
cloud: true
logToAgent: false
stdout:
format: json
customResponses:
- name: default-web-user-response
mode: response-code-only
httpResponseCode: 403

110
config/linux/v1beta2/prevent/local_policy.yaml Normal file
View File

@ -0,0 +1,110 @@
# open-appsec default declarative configuration file
# based on schema version: "v1beta2"
# more information on declarative configuration: https://docs.openappsec.io
apiVersion: v1beta2
policies:
default:
# start in prevent-learn
mode: prevent-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
customResponses: default-web-user-response
triggers:
- default-log-trigger
specificRules:
- host: www.example.com
# this is an example for specific rule, adjust the values as required for the protected app
mode: detect-learn
threatPreventionPractices:
- default-threat-prevention-practice
accessControlPractices:
- default-access-control-practice
triggers:
- default-log-trigger
threatPreventionPractices:
- name: default-threat-prevention-practice
practiceMode: inherited
webAttacks:
overrideMode: inherited
minimumConfidence: high
intrusionPrevention:
# intrusion prevention (IPS) requires "Premium Edition"
overrideMode: inherited
maxPerformanceImpact: medium
minSeverityLevel: medium
minCveYear: 2016
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
fileSecurity:
# file security requires "Premium Edition"
overrideMode: inherited
minSeverityLevel: medium
highConfidenceEventAction: inherited
mediumConfidenceEventAction: inherited
lowConfidenceEventAction: detect
snortSignatures:
# you must specify snort signatures in configmap or file to activate snort inspection
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
openapiSchemaValidation: # schema validation requires "Premium Edition"
overrideMode: inherited
configmap: []
# relevant for deployments on kubernetes
# 0 or 1 configmaps supported in array
files: []
# relevant for docker and linux embedded deployments
# 0 or 1 files supported in array
antiBot: # antibot requires "Premium Edition"
overrideMode: inherited
injectedUris: []
validatedUris: []
accessControlPractices:
- name: default-access-control-practice
practiceMode: inherited
rateLimit:
# specify one or more rules below to use rate limiting
overrideMode: inherited
rules: []
logTriggers:
- name: default-log-trigger
accessControlLogging:
allowEvents: false
dropEvents: true
appsecLogging:
detectEvents: true
preventEvents: true
allWebRequests: false
extendedLogging:
urlPath: true
urlQuery: true
httpHeaders: false
requestBody: false
additionalSuspiciousEventsLogging:
enabled: true
minSeverity: high
responseBody: false
responseCode: true
logDestination:
cloud: true
logToAgent: false
stdout:
format: json
customResponses:
- name: default-web-user-response
mode: response-code-only
httpResponseCode: 403

10
examples/local_policy.yaml
View File

@ -24,10 +24,10 @@ practices:
minimum-confidence: critical
override-mode: prevent-learn
protections:
csrf-protection: prevent-learn
error-disclosure: prevent-learn
non-valid-http-methods: true
open-redirect: prevent-learn
csrf-protection: inactive
error-disclosure: inactive
non-valid-http-methods: false
open-redirect: inactive
anti-bot:
injected-URIs: []
validated-URIs: []
@ -59,4 +59,4 @@ log-triggers:
custom-responses:
- name: appsec-default-web-user-response
mode: response-code-only
http-response-code: 403
http-response-code: 403