diff --git a/config/k8s/latest/open-appsec-k8s-default-config-v1beta2.yaml b/config/k8s/latest/open-appsec-k8s-default-config-v1beta2.yaml new file mode 100644 index 0000000..0384039 --- /dev/null +++ b/config/k8s/latest/open-appsec-k8s-default-config-v1beta2.yaml @@ -0,0 +1,126 @@ +# open-appsec default declarative configuration file +# based on schema version: "v1beta2" +# more information on declarative configuration: https://docs.openappsec.io + +apiVersion: openappsec.io/v1beta2 +kind: Policy +metadata: + name: default-policy +spec: + default: + # start in detect-learn and move to prevent-learn based on learning progress + mode: detect-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + customResponses: default-web-user-response + triggers: + - default-log-trigger + specificRules: + - host: www.example.com + # this is an example for specific rule, adjust the values as required for the protected app + mode: detect-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + triggers: + - default-log-trigger +--- +apiVersion: openappsec.io/v1beta2 +kind: ThreatPreventionPractice +metadata: + name: default-threat-prevention-practice +spec: + practiceMode: inherited + webAttacks: + overrideMode: inherited + minimumConfidence: high + intrusionPrevention: + # intrusion prevention (IPS) requires "Premium Edition" + overrideMode: inherited + maxPerformanceImpact: medium + minSeverityLevel: medium + minCveYear: 2016 + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + fileSecurity: + # file security requires "Premium Edition" + overrideMode: inherited + minSeverityLevel: medium + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + snortSignatures: + # you must specify snort signatures in configmap or file to activate snort inspection + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + openapiSchemaValidation: # schema validation requires "Premium Edition" + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + antiBot: # antibot requires "Premium Edition" + overrideMode: inherited + injectedUris: [] + validatedUris: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: AccessControlPractice +metadata: + name: default-access-control-practice +spec: + practiceMode: inherited + rateLimit: + # specify one or more rules below to use rate limiting + overrideMode: inherited + rules: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: LogTrigger +metadata: + name: default-log-trigger +spec: + accessControlLogging: + allowEvents: false + dropEvents: true + appsecLogging: + detectEvents: true + preventEvents: true + allWebRequests: false + extendedLogging: + urlPath: true + urlQuery: true + httpHeaders: false + requestBody: false + additionalSuspiciousEventsLogging: + enabled: true + minSeverity: high + responseBody: false + responseCode: true + logDestination: + cloud: true + logToAgent: false + stdout: + format: json + +--- +apiVersion: openappsec.io/v1beta2 +kind: CustomResponse +metadata: + name: default-web-user-response +spec: + mode: response-code-only + httpResponseCode: 403 diff --git a/config/k8s/latest/open-appsec-k8s-prevent-config-v1beta2.yaml b/config/k8s/latest/open-appsec-k8s-prevent-config-v1beta2.yaml new file mode 100644 index 0000000..ce0bfec --- /dev/null +++ b/config/k8s/latest/open-appsec-k8s-prevent-config-v1beta2.yaml @@ -0,0 +1,126 @@ +# open-appsec default declarative configuration file +# based on schema version: "v1beta2" +# more information on declarative configuration: https://docs.openappsec.io + +apiVersion: openappsec.io/v1beta2 +kind: Policy +metadata: + name: default-policy +spec: + default: + # start in prevent-learn + mode: prevent-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + customResponses: default-web-user-response + triggers: + - default-log-trigger + specificRules: + - host: www.example.com + # this is an example for specific rule, adjust the values as required for the protected app + mode: prevent-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + triggers: + - default-log-trigger +--- +apiVersion: openappsec.io/v1beta2 +kind: ThreatPreventionPractice +metadata: + name: default-threat-prevention-practice +spec: + practiceMode: inherited + webAttacks: + overrideMode: inherited + minimumConfidence: high + intrusionPrevention: + # intrusion prevention (IPS) requires "Premium Edition" + overrideMode: inherited + maxPerformanceImpact: medium + minSeverityLevel: medium + minCveYear: 2016 + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + fileSecurity: + # file security requires "Premium Edition" + overrideMode: inherited + minSeverityLevel: medium + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + snortSignatures: + # you must specify snort signatures in configmap or file to activate snort inspection + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + openapiSchemaValidation: # schema validation requires "Premium Edition" + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + antiBot: # antibot requires "Premium Edition" + overrideMode: inherited + injectedUris: [] + validatedUris: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: AccessControlPractice +metadata: + name: default-access-control-practice +spec: + practiceMode: inherited + rateLimit: + # specify one or more rules below to use rate limiting + overrideMode: inherited + rules: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: LogTrigger +metadata: + name: default-log-trigger +spec: + accessControlLogging: + allowEvents: false + dropEvents: true + appsecLogging: + detectEvents: true + preventEvents: true + allWebRequests: false + extendedLogging: + urlPath: true + urlQuery: true + httpHeaders: false + requestBody: false + additionalSuspiciousEventsLogging: + enabled: true + minSeverity: high + responseBody: false + responseCode: true + logDestination: + cloud: true + logToAgent: false + stdout: + format: json + +--- +apiVersion: openappsec.io/v1beta2 +kind: CustomResponse +metadata: + name: default-web-user-response +spec: + mode: response-code-only + httpResponseCode: 403 diff --git a/config/k8s/v1beta1/open-appsec-k8s-default-config-v1beta1.yaml b/config/k8s/v1beta1/open-appsec-k8s-default-config-v1beta1.yaml new file mode 100644 index 0000000..3ad8975 --- /dev/null +++ b/config/k8s/v1beta1/open-appsec-k8s-default-config-v1beta1.yaml @@ -0,0 +1,13 @@ +apiVersion: openappsec.io/v1beta1 +kind: Policy +metadata: + name: open-appsec-best-practice-policy +spec: + default: + mode: detect-learn + practices: [appsec-best-practice] + triggers: [appsec-log-trigger] + custom-response: 403-forbidden + source-identifiers: "" + trusted-sources: "" + exceptions: [] diff --git a/config/k8s/v1beta1/open-appsec-k8s-prevent-config-v1beta1.yaml b/config/k8s/v1beta1/open-appsec-k8s-prevent-config-v1beta1.yaml new file mode 100644 index 0000000..87ef8d1 --- /dev/null +++ b/config/k8s/v1beta1/open-appsec-k8s-prevent-config-v1beta1.yaml @@ -0,0 +1,13 @@ +apiVersion: openappsec.io/v1beta1 +kind: Policy +metadata: + name: open-appsec-best-practice-policy +spec: + default: + mode: prevent-learn + practices: [appsec-best-practice] + triggers: [appsec-log-trigger] + custom-response: 403-forbidden + source-identifiers: "" + trusted-sources: "" + exceptions: [] diff --git a/config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml b/config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml new file mode 100644 index 0000000..0384039 --- /dev/null +++ b/config/k8s/v1beta2/open-appsec-k8s-default-config-v1beta2.yaml @@ -0,0 +1,126 @@ +# open-appsec default declarative configuration file +# based on schema version: "v1beta2" +# more information on declarative configuration: https://docs.openappsec.io + +apiVersion: openappsec.io/v1beta2 +kind: Policy +metadata: + name: default-policy +spec: + default: + # start in detect-learn and move to prevent-learn based on learning progress + mode: detect-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + customResponses: default-web-user-response + triggers: + - default-log-trigger + specificRules: + - host: www.example.com + # this is an example for specific rule, adjust the values as required for the protected app + mode: detect-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + triggers: + - default-log-trigger +--- +apiVersion: openappsec.io/v1beta2 +kind: ThreatPreventionPractice +metadata: + name: default-threat-prevention-practice +spec: + practiceMode: inherited + webAttacks: + overrideMode: inherited + minimumConfidence: high + intrusionPrevention: + # intrusion prevention (IPS) requires "Premium Edition" + overrideMode: inherited + maxPerformanceImpact: medium + minSeverityLevel: medium + minCveYear: 2016 + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + fileSecurity: + # file security requires "Premium Edition" + overrideMode: inherited + minSeverityLevel: medium + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + snortSignatures: + # you must specify snort signatures in configmap or file to activate snort inspection + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + openapiSchemaValidation: # schema validation requires "Premium Edition" + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + antiBot: # antibot requires "Premium Edition" + overrideMode: inherited + injectedUris: [] + validatedUris: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: AccessControlPractice +metadata: + name: default-access-control-practice +spec: + practiceMode: inherited + rateLimit: + # specify one or more rules below to use rate limiting + overrideMode: inherited + rules: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: LogTrigger +metadata: + name: default-log-trigger +spec: + accessControlLogging: + allowEvents: false + dropEvents: true + appsecLogging: + detectEvents: true + preventEvents: true + allWebRequests: false + extendedLogging: + urlPath: true + urlQuery: true + httpHeaders: false + requestBody: false + additionalSuspiciousEventsLogging: + enabled: true + minSeverity: high + responseBody: false + responseCode: true + logDestination: + cloud: true + logToAgent: false + stdout: + format: json + +--- +apiVersion: openappsec.io/v1beta2 +kind: CustomResponse +metadata: + name: default-web-user-response +spec: + mode: response-code-only + httpResponseCode: 403 diff --git a/config/k8s/v1beta2/open-appsec-k8s-prevent-config-v1beta2.yaml b/config/k8s/v1beta2/open-appsec-k8s-prevent-config-v1beta2.yaml new file mode 100644 index 0000000..ce0bfec --- /dev/null +++ b/config/k8s/v1beta2/open-appsec-k8s-prevent-config-v1beta2.yaml @@ -0,0 +1,126 @@ +# open-appsec default declarative configuration file +# based on schema version: "v1beta2" +# more information on declarative configuration: https://docs.openappsec.io + +apiVersion: openappsec.io/v1beta2 +kind: Policy +metadata: + name: default-policy +spec: + default: + # start in prevent-learn + mode: prevent-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + customResponses: default-web-user-response + triggers: + - default-log-trigger + specificRules: + - host: www.example.com + # this is an example for specific rule, adjust the values as required for the protected app + mode: prevent-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + triggers: + - default-log-trigger +--- +apiVersion: openappsec.io/v1beta2 +kind: ThreatPreventionPractice +metadata: + name: default-threat-prevention-practice +spec: + practiceMode: inherited + webAttacks: + overrideMode: inherited + minimumConfidence: high + intrusionPrevention: + # intrusion prevention (IPS) requires "Premium Edition" + overrideMode: inherited + maxPerformanceImpact: medium + minSeverityLevel: medium + minCveYear: 2016 + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + fileSecurity: + # file security requires "Premium Edition" + overrideMode: inherited + minSeverityLevel: medium + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + snortSignatures: + # you must specify snort signatures in configmap or file to activate snort inspection + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + openapiSchemaValidation: # schema validation requires "Premium Edition" + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + antiBot: # antibot requires "Premium Edition" + overrideMode: inherited + injectedUris: [] + validatedUris: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: AccessControlPractice +metadata: + name: default-access-control-practice +spec: + practiceMode: inherited + rateLimit: + # specify one or more rules below to use rate limiting + overrideMode: inherited + rules: [] + +--- +apiVersion: openappsec.io/v1beta2 +kind: LogTrigger +metadata: + name: default-log-trigger +spec: + accessControlLogging: + allowEvents: false + dropEvents: true + appsecLogging: + detectEvents: true + preventEvents: true + allWebRequests: false + extendedLogging: + urlPath: true + urlQuery: true + httpHeaders: false + requestBody: false + additionalSuspiciousEventsLogging: + enabled: true + minSeverity: high + responseBody: false + responseCode: true + logDestination: + cloud: true + logToAgent: false + stdout: + format: json + +--- +apiVersion: openappsec.io/v1beta2 +kind: CustomResponse +metadata: + name: default-web-user-response +spec: + mode: response-code-only + httpResponseCode: 403 diff --git a/config/linux/latest/detect/local_policy.yaml b/config/linux/latest/detect/local_policy.yaml new file mode 100644 index 0000000..b279d5f --- /dev/null +++ b/config/linux/latest/detect/local_policy.yaml @@ -0,0 +1,62 @@ +policies: + default: + triggers: + - appsec-default-log-trigger + mode: detect-learn + practices: + - webapp-default-practice + custom-response: appsec-default-web-user-response + specific-rules: [] + +practices: + - name: webapp-default-practice + openapi-schema-validation: + configmap: [] + override-mode: detect-learn + snort-signatures: + configmap: [] + override-mode: detect-learn + web-attacks: + max-body-size-kb: 1000000 + max-header-size-bytes: 102400 + max-object-depth: 40 + max-url-size-bytes: 32768 + minimum-confidence: critical + override-mode: detect-learn + protections: + csrf-protection: inactive + error-disclosure: inactive + non-valid-http-methods: false + open-redirect: inactive + anti-bot: + injected-URIs: [] + validated-URIs: [] + override-mode: detect-learn + +log-triggers: + - name: appsec-default-log-trigger + access-control-logging: + allow-events: false + drop-events: true + additional-suspicious-events-logging: + enabled: true + minimum-severity: high + response-body: false + appsec-logging: + all-web-requests: false + detect-events: true + prevent-events: true + extended-logging: + http-headers: false + request-body: false + url-path: false + url-query: false + log-destination: + cloud: true + stdout: + format: json + +custom-responses: + - name: appsec-default-web-user-response + mode: response-code-only + http-response-code: 403 diff --git a/config/linux/latest/prevent/local_policy.yaml b/config/linux/latest/prevent/local_policy.yaml new file mode 100644 index 0000000..02d49d3 --- /dev/null +++ b/config/linux/latest/prevent/local_policy.yaml @@ -0,0 +1,62 @@ +policies: + default: + triggers: + - appsec-default-log-trigger + mode: prevent-learn + practices: + - webapp-default-practice + custom-response: appsec-default-web-user-response + specific-rules: [] + +practices: + - name: webapp-default-practice + openapi-schema-validation: + configmap: [] + override-mode: prevent-learn + snort-signatures: + configmap: [] + override-mode: prevent-learn + web-attacks: + max-body-size-kb: 1000000 + max-header-size-bytes: 102400 + max-object-depth: 40 + max-url-size-bytes: 32768 + minimum-confidence: critical + override-mode: prevent-learn + protections: + csrf-protection: inactive + error-disclosure: inactive + non-valid-http-methods: false + open-redirect: inactive + anti-bot: + injected-URIs: [] + validated-URIs: [] + override-mode: prevent-learn + +log-triggers: + - name: appsec-default-log-trigger + access-control-logging: + allow-events: false + drop-events: true + additional-suspicious-events-logging: + enabled: true + minimum-severity: high + response-body: false + appsec-logging: + all-web-requests: false + detect-events: true + prevent-events: true + extended-logging: + http-headers: false + request-body: false + url-path: false + url-query: false + log-destination: + cloud: true + stdout: + format: json + +custom-responses: + - name: appsec-default-web-user-response + mode: response-code-only + http-response-code: 403 diff --git a/config/linux/v1beta1/detect/local_policy.yaml b/config/linux/v1beta1/detect/local_policy.yaml new file mode 100644 index 0000000..b279d5f --- /dev/null +++ b/config/linux/v1beta1/detect/local_policy.yaml @@ -0,0 +1,62 @@ +policies: + default: + triggers: + - appsec-default-log-trigger + mode: detect-learn + practices: + - webapp-default-practice + custom-response: appsec-default-web-user-response + specific-rules: [] + +practices: + - name: webapp-default-practice + openapi-schema-validation: + configmap: [] + override-mode: detect-learn + snort-signatures: + configmap: [] + override-mode: detect-learn + web-attacks: + max-body-size-kb: 1000000 + max-header-size-bytes: 102400 + max-object-depth: 40 + max-url-size-bytes: 32768 + minimum-confidence: critical + override-mode: detect-learn + protections: + csrf-protection: inactive + error-disclosure: inactive + non-valid-http-methods: false + open-redirect: inactive + anti-bot: + injected-URIs: [] + validated-URIs: [] + override-mode: detect-learn + +log-triggers: + - name: appsec-default-log-trigger + access-control-logging: + allow-events: false + drop-events: true + additional-suspicious-events-logging: + enabled: true + minimum-severity: high + response-body: false + appsec-logging: + all-web-requests: false + detect-events: true + prevent-events: true + extended-logging: + http-headers: false + request-body: false + url-path: false + url-query: false + log-destination: + cloud: true + stdout: + format: json + +custom-responses: + - name: appsec-default-web-user-response + mode: response-code-only + http-response-code: 403 diff --git a/config/linux/v1beta1/prevent/local_policy.yaml b/config/linux/v1beta1/prevent/local_policy.yaml new file mode 100644 index 0000000..02d49d3 --- /dev/null +++ b/config/linux/v1beta1/prevent/local_policy.yaml @@ -0,0 +1,62 @@ +policies: + default: + triggers: + - appsec-default-log-trigger + mode: prevent-learn + practices: + - webapp-default-practice + custom-response: appsec-default-web-user-response + specific-rules: [] + +practices: + - name: webapp-default-practice + openapi-schema-validation: + configmap: [] + override-mode: prevent-learn + snort-signatures: + configmap: [] + override-mode: prevent-learn + web-attacks: + max-body-size-kb: 1000000 + max-header-size-bytes: 102400 + max-object-depth: 40 + max-url-size-bytes: 32768 + minimum-confidence: critical + override-mode: prevent-learn + protections: + csrf-protection: inactive + error-disclosure: inactive + non-valid-http-methods: false + open-redirect: inactive + anti-bot: + injected-URIs: [] + validated-URIs: [] + override-mode: prevent-learn + +log-triggers: + - name: appsec-default-log-trigger + access-control-logging: + allow-events: false + drop-events: true + additional-suspicious-events-logging: + enabled: true + minimum-severity: high + response-body: false + appsec-logging: + all-web-requests: false + detect-events: true + prevent-events: true + extended-logging: + http-headers: false + request-body: false + url-path: false + url-query: false + log-destination: + cloud: true + stdout: + format: json + +custom-responses: + - name: appsec-default-web-user-response + mode: response-code-only + http-response-code: 403 diff --git a/config/linux/v1beta2/default/local_policy.yaml b/config/linux/v1beta2/default/local_policy.yaml new file mode 100644 index 0000000..3672785 --- /dev/null +++ b/config/linux/v1beta2/default/local_policy.yaml @@ -0,0 +1,111 @@ +# open-appsec default declarative configuration file +# based on schema version: "v1beta2" +# more information on declarative configuration: https://docs.openappsec.io + +apiVersion: v1beta2 + +policies: + default: + # start in detect-learn and move to prevent-learn based on learning progress + mode: detect-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + customResponses: default-web-user-response + triggers: + - default-log-trigger + specificRules: + - host: www.example.com + # this is an example for specific rule, adjust the values as required for the protected app + mode: detect-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + triggers: + - default-log-trigger + +threatPreventionPractices: + - name: default-threat-prevention-practice + practiceMode: inherited + webAttacks: + overrideMode: inherited + minimumConfidence: high + intrusionPrevention: + # intrusion prevention (IPS) requires "Premium Edition" + overrideMode: inherited + maxPerformanceImpact: medium + minSeverityLevel: medium + minCveYear: 2016 + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + fileSecurity: + # file security requires "Premium Edition" + overrideMode: inherited + minSeverityLevel: medium + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + snortSignatures: + # you must specify snort signatures in configmap or file to activate snort inspection + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + openapiSchemaValidation: # schema validation requires "Premium Edition" + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + antiBot: # antibot requires "Premium Edition" + overrideMode: inherited + injectedUris: [] + validatedUris: [] + +accessControlPractices: + - name: default-access-control-practice + practiceMode: inherited + rateLimit: + # specify one or more rules below to use rate limiting + overrideMode: inherited + rules: [] + +logTriggers: + - name: default-log-trigger + accessControlLogging: + allowEvents: false + dropEvents: true + appsecLogging: + detectEvents: true + preventEvents: true + allWebRequests: false + extendedLogging: + urlPath: true + urlQuery: true + httpHeaders: false + requestBody: false + additionalSuspiciousEventsLogging: + enabled: true + minSeverity: high + responseBody: false + responseCode: true + + logDestination: + cloud: true + logToAgent: false + stdout: + format: json + +customResponses: + - name: default-web-user-response + mode: response-code-only + httpResponseCode: 403 + diff --git a/config/linux/v1beta2/prevent/local_policy.yaml b/config/linux/v1beta2/prevent/local_policy.yaml new file mode 100644 index 0000000..b4d3d1d --- /dev/null +++ b/config/linux/v1beta2/prevent/local_policy.yaml @@ -0,0 +1,110 @@ +# open-appsec default declarative configuration file +# based on schema version: "v1beta2" +# more information on declarative configuration: https://docs.openappsec.io + +apiVersion: v1beta2 + +policies: + default: + # start in prevent-learn + mode: prevent-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + customResponses: default-web-user-response + triggers: + - default-log-trigger + specificRules: + - host: www.example.com + # this is an example for specific rule, adjust the values as required for the protected app + mode: detect-learn + threatPreventionPractices: + - default-threat-prevention-practice + accessControlPractices: + - default-access-control-practice + triggers: + - default-log-trigger + +threatPreventionPractices: + - name: default-threat-prevention-practice + practiceMode: inherited + webAttacks: + overrideMode: inherited + minimumConfidence: high + intrusionPrevention: + # intrusion prevention (IPS) requires "Premium Edition" + overrideMode: inherited + maxPerformanceImpact: medium + minSeverityLevel: medium + minCveYear: 2016 + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + fileSecurity: + # file security requires "Premium Edition" + overrideMode: inherited + minSeverityLevel: medium + highConfidenceEventAction: inherited + mediumConfidenceEventAction: inherited + lowConfidenceEventAction: detect + snortSignatures: + # you must specify snort signatures in configmap or file to activate snort inspection + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + openapiSchemaValidation: # schema validation requires "Premium Edition" + overrideMode: inherited + configmap: [] + # relevant for deployments on kubernetes + # 0 or 1 configmaps supported in array + files: [] + # relevant for docker and linux embedded deployments + # 0 or 1 files supported in array + antiBot: # antibot requires "Premium Edition" + overrideMode: inherited + injectedUris: [] + validatedUris: [] + +accessControlPractices: + - name: default-access-control-practice + practiceMode: inherited + rateLimit: + # specify one or more rules below to use rate limiting + overrideMode: inherited + rules: [] + +logTriggers: + - name: default-log-trigger + accessControlLogging: + allowEvents: false + dropEvents: true + appsecLogging: + detectEvents: true + preventEvents: true + allWebRequests: false + extendedLogging: + urlPath: true + urlQuery: true + httpHeaders: false + requestBody: false + additionalSuspiciousEventsLogging: + enabled: true + minSeverity: high + responseBody: false + responseCode: true + + logDestination: + cloud: true + logToAgent: false + stdout: + format: json + +customResponses: + - name: default-web-user-response + mode: response-code-only + httpResponseCode: 403 diff --git a/examples/local_policy.yaml b/examples/local_policy.yaml index 8fe198c..7bd0542 100644 --- a/examples/local_policy.yaml +++ b/examples/local_policy.yaml @@ -24,10 +24,10 @@ practices: minimum-confidence: critical override-mode: prevent-learn protections: - csrf-protection: prevent-learn - error-disclosure: prevent-learn - non-valid-http-methods: true - open-redirect: prevent-learn + csrf-protection: inactive + error-disclosure: inactive + non-valid-http-methods: false + open-redirect: inactive anti-bot: injected-URIs: [] validated-URIs: [] @@ -59,4 +59,4 @@ log-triggers: custom-responses: - name: appsec-default-web-user-response mode: response-code-only - http-response-code: 403 \ No newline at end of file + http-response-code: 403