Update local_policy.yaml

sync code

config/linux/v1beta2/default/local_policy.yaml

@@ -6,25 +6,16 @@ apiVersion: v1beta2
 
 policies:
   default:
-    # start in detect-learn and move to prevent-learn based on learning progress 
+    # start in detect-learn and move to prevent-learn based on learning progress
     mode: detect-learn
-    threatPreventionPractices:
-    - default-threat-prevention-practice
-    accessControlPractices:
-    - default-access-control-practice
+    threatPreventionPractices: [default-threat-prevention-practice]
+    accessControlPractices: [default-access-control-practice]
     customResponses: default-web-user-response
-    triggers:
-    - default-log-trigger
-  specificRules:
-    - host: www.example.com
-      # this is an example for specific rule, adjust the values as required for the protected app
-      mode: detect-learn
-      threatPreventionPractices:
-      - default-threat-prevention-practice
-      accessControlPractices:
-      - default-access-control-practice
-      triggers:
-      - default-log-trigger
+    triggers: [default-log-trigger]
+    sourceIdentifiers: ""
+    trustedSources: ""
+    exceptions: []
+  specificRules: []
 
 threatPreventionPractices:
   - name: default-threat-prevention-practice
@@ -57,7 +48,7 @@ threatPreventionPractices:
       files: []
       # relevant for docker and linux embedded deployments
       # 0 or 1 files supported in array
-    openapiSchemaValidation: # schema validation requires "Premium Edition" 
+    schemaValidation: # schema validation requires "Premium Edition" 
       overrideMode: inherited
       configmap: []
       # relevant for deployments on kubernetes
@@ -91,7 +82,7 @@ logTriggers:
       urlPath: true
       urlQuery: true
       httpHeaders: false
-      requestBody: false      
+      requestBody: false
     additionalSuspiciousEventsLogging:
       enabled: true
       minSeverity: high

config/linux/v1beta2/prevent/local_policy.yaml

@@ -1,4 +1,4 @@
-# open-appsec default declarative configuration file
+# open-appsec Prevent declarative configuration file
 # based on schema version: "v1beta2"
 # more information on declarative configuration: https://docs.openappsec.io
 
@@ -6,25 +6,16 @@ apiVersion: v1beta2
 
 policies:
   default:
-    # start in prevent-learn 
+    # start in detect-learn and move to prevent-learn based on learning progress
     mode: prevent-learn
-    threatPreventionPractices:
-    - default-threat-prevention-practice
-    accessControlPractices:
-    - default-access-control-practice
+    threatPreventionPractices: [default-threat-prevention-practice]
+    accessControlPractices: [default-access-control-practice]
     customResponses: default-web-user-response
-    triggers:
-    - default-log-trigger
-  specificRules:
-    - host: www.example.com
-      # this is an example for specific rule, adjust the values as required for the protected app
-      mode: detect-learn
-      threatPreventionPractices:
-      - default-threat-prevention-practice
-      accessControlPractices:
-      - default-access-control-practice
-      triggers:
-      - default-log-trigger
+    triggers: [default-log-trigger]
+    sourceIdentifiers: ""
+    trustedSources: ""
+    exceptions: []
+  specificRules: []
 
 threatPreventionPractices:
   - name: default-threat-prevention-practice
@@ -57,7 +48,7 @@ threatPreventionPractices:
       files: []
       # relevant for docker and linux embedded deployments
       # 0 or 1 files supported in array
-    openapiSchemaValidation: # schema validation requires "Premium Edition" 
+    schemaValidation: # schema validation requires "Premium Edition" 
       overrideMode: inherited
       configmap: []
       # relevant for deployments on kubernetes
@@ -91,7 +82,7 @@ logTriggers:
       urlPath: true
       urlQuery: true
       httpHeaders: false
-      requestBody: false      
+      requestBody: false
     additionalSuspiciousEventsLogging:
       enabled: true
       minSeverity: high
@@ -108,3 +99,4 @@ customResponses:
   - name: default-web-user-response
     mode: response-code-only
     httpResponseCode: 403
+

deployment/apisix/apisix-example-config/apisix-standalone.yaml

@@ -0,0 +1,12 @@
+
+# example local declarative configuration file for apisix in standalone mode
+
+routes:
+  -
+    uri: /anything
+    upstream:
+        nodes:
+            "httpbin.org:80": 1
+        type: roundrobin
+
+#END

deployment/apisix/docker-compose.yaml

@@ -0,0 +1,47 @@
+# Copyright (C) 2022 Check Point Software Technologies Ltd. All rights reserved.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+version: "3"
+
+services:
+  apisix:
+    container_name: apisix
+    image: "ghcr.io/openappsec/apisix-attachment:latest"
+    ipc: host
+    restart: always
+    volumes:
+      - ./apisix-localconfig/apisix-standalone.yaml:/usr/local/apisix/conf/apisix.yaml:ro
+    environment:
+      - APISIX_STAND_ALONE=true
+    ports:
+      - "9180:9180/tcp"
+      - "9080:9080/tcp"
+      - "9091:9091/tcp"
+      - "9443:9443/tcp"
+
+  appsec-agent:
+    container_name: appsec-agent
+    image: 'ghcr.io/openappsec/agent:latest'
+    ipc: host
+    restart: unless-stopped
+    environment:
+      # adjust with your own email below
+      - user_email=user@email.com
+      - registered_server="APISIX Server"
+      - AGENT_TOKEN=<TOKEN>
+    volumes:
+      - ./appsec-config:/etc/cp/conf
+      - ./appsec-data:/etc/cp/data
+      - ./appsec-logs:/var/log/nano_agent
+      - ./appsec-localconfig:/ext/appsec
+    command: /cp-nano-agent