# open-appsec default declarative configuration file
# based on schema version: "v1beta2"
# more information on declarative configuration: https://docs.openappsec.io

apiVersion: openappsec.io/v1beta2
kind: Policy
metadata:
  name: default-policy
spec:
  default:
    # start in prevent-learn
    mode: prevent-learn
    threatPreventionPractices:
    - default-threat-prevention-practice
    accessControlPractices:
    - default-access-control-practice
    customResponse: default-web-user-response
    triggers:
    - default-log-trigger
---
apiVersion: openappsec.io/v1beta2
kind: ThreatPreventionPractice
metadata:
  name: default-threat-prevention-practice
spec:
  practiceMode: inherited
  webAttacks:
    overrideMode: inherited
    minimumConfidence: high
  intrusionPrevention:
  # intrusion prevention (IPS) requires "Premium Edition"
    overrideMode: inherited
    maxPerformanceImpact: medium
    minSeverityLevel: medium
    minCveYear: 2016
    highConfidenceEventAction: inherited
    mediumConfidenceEventAction: inherited
    lowConfidenceEventAction: detect
  fileSecurity:
  # file security requires "Premium Edition"
    overrideMode: inherited
    minSeverityLevel: medium
    highConfidenceEventAction: inherited
    mediumConfidenceEventAction: inherited
    lowConfidenceEventAction: detect
  snortSignatures:
    # you must specify snort signatures in configmap or file to activate snort inspection
    overrideMode: inherited
    configmap: []
    # relevant for deployments on kubernetes
    # 0 or 1 configmaps supported in array
    files: []
    # relevant for docker and linux embedded deployments
    # 0 or 1 files supported in array
  schemaValidation: # schema validation requires "Premium Edition"
    overrideMode: inherited
    configmap: []
    # relevant for deployments on kubernetes
    # 0 or 1 configmaps supported in array
    files: []
    # relevant for docker and linux embedded deployments
    # 0 or 1 files supported in array
  antiBot: # antibot requires "Premium Edition"
    overrideMode: inherited
    injectedUris: []
    validatedUris: []

---
apiVersion: openappsec.io/v1beta2
kind: AccessControlPractice
metadata:
  name: default-access-control-practice
spec:
  practiceMode: inherited
  rateLimit:
  # specify one or more rules below to use rate limiting
    overrideMode: inherited
    rules: []

---
apiVersion: openappsec.io/v1beta2
kind: LogTrigger
metadata:
  name: default-log-trigger
spec:
  accessControlLogging:
    allowEvents: false
    dropEvents: true
  appsecLogging:
    detectEvents: true
    preventEvents: true
    allWebRequests: false
  extendedLogging:
    urlPath: true
    urlQuery: true
    httpHeaders: false
    requestBody: false      
  additionalSuspiciousEventsLogging:
    enabled: true
    minSeverity: high
    responseBody: false
    responseCode: true
  logDestination:
    cloud: true
    logToAgent: true
    stdout:
      format: json
    
---
apiVersion: openappsec.io/v1beta2
kind: CustomResponse
metadata:
  name: default-web-user-response
spec:
  mode: response-code-only
  httpResponseCode: 403