From d3aeaea7776216e3c95851dc6cc86cade48847c6 Mon Sep 17 00:00:00 2001 From: masaaki Date: Thu, 31 Aug 2023 08:35:27 +0000 Subject: [PATCH] =?UTF-8?q?Merged=20PR=20306:=20auth/token=E3=81=AEAPI?= =?UTF-8?q?=E3=81=A7WAF=E3=81=AE=E3=83=AB=E3=83=BC=E3=83=AB=E3=81=AB?= =?UTF-8?q?=E5=BC=95=E3=81=A3=E3=81=8B=E3=81=8B=E3=82=8B=E3=81=93=E3=81=A8?= =?UTF-8?q?=E3=81=8C=E3=81=82=E3=82=8B=E5=95=8F=E9=A1=8C=E3=82=92=E8=A7=A3?= =?UTF-8?q?=E6=B1=BA=E3=81=99=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## 概要 [Task2272: auth/tokenのAPIでWAFのルールに引っかかることがある問題を解決する](https://paruru.nds-tyo.co.jp:8443/tfs/ReciproCollection/fa4924a4-d079-4fab-9fb5-a9a11eb205f0/_workitems/edit/2272) - WAFのルールについて、idTokenに対するREQUEST-942-APPLICATION-ATTACK-SQLIグループのルールを一律除外するよう設定しました ## レビューポイント - 特になし ## UIの変更 - 特になし ## 動作確認状況 - 無し ## 補足 - 相談、参考資料などがあれば --- configurations/azure/dev-network-rg.json | 157 +++++++++++++++++++++-- configurations/azure/stg-network-rg.json | 143 ++++++++++++++++++++- 2 files changed, 289 insertions(+), 11 deletions(-) diff --git a/configurations/azure/dev-network-rg.json b/configurations/azure/dev-network-rg.json index 19cc407..9cb0408 100644 --- a/configurations/azure/dev-network-rg.json +++ b/configurations/azure/dev-network-rg.json @@ -11,7 +11,7 @@ "networkInterfaces_pep_odms_app_dev_nic_6b27b52b_0703_4bfa_b69a_66b82ec6ca3e_name": { "type": "String" }, - "networkInterfaces_pep_odms_app_test_nic_e7e4687e_685e_4023_bbab_a16ccfe8822b_name": { + "networkInterfaces_pep_odms_app_test_nic_714ca5c0_83a1_42fb_b8e4_8a2b5a2660ed_name": { "type": "String" }, "networkInterfaces_pep_odms_staapp_dev_nic_a67c70a7_750f_47d4_9844_b82b66095ef1_name": { @@ -436,6 +436,141 @@ "rules": [ { "ruleId": "942440" + }, + { + "ruleId": "942100" + }, + { + "ruleId": "942110" + }, + { + "ruleId": "942120" + }, + { + "ruleId": "942130" + }, + { + "ruleId": "942140" + }, + { + "ruleId": "942150" + }, + { + "ruleId": "942160" + }, + { + "ruleId": "942170" + }, + { + "ruleId": "942180" + }, + { + "ruleId": "942190" + }, + { + "ruleId": "942200" + }, + { + "ruleId": "942210" + }, + { + "ruleId": "942220" + }, + { + "ruleId": "942230" + }, + { + "ruleId": "942240" + }, + { + "ruleId": "942250" + }, + { + "ruleId": "942251" + }, + { + "ruleId": "942270" + }, + { + "ruleId": "942280" + }, + { + "ruleId": "942290" + }, + { + "ruleId": "942300" + }, + { + "ruleId": "942310" + }, + { + "ruleId": "942320" + }, + { + "ruleId": "942330" + }, + { + "ruleId": "942340" + }, + { + "ruleId": "942350" + }, + { + "ruleId": "942360" + }, + { + "ruleId": "942361" + }, + { + "ruleId": "942370" + }, + { + "ruleId": "942380" + }, + { + "ruleId": "942390" + }, + { + "ruleId": "942400" + }, + { + "ruleId": "942410" + }, + { + "ruleId": "942420" + }, + { + "ruleId": "942421" + }, + { + "ruleId": "942430" + }, + { + "ruleId": "942431" + }, + { + "ruleId": "942432" + }, + { + "ruleId": "942450" + }, + { + "ruleId": "942460" + }, + { + "ruleId": "942470" + }, + { + "ruleId": "942480" + }, + { + "ruleId": "942490" + }, + { + "ruleId": "942500" + }, + { + "ruleId": "942260" } ] } @@ -1739,7 +1874,7 @@ ], "kind": "Regular", "location": "japaneast", - "name": "[parameters('networkInterfaces_pep_odms_app_test_nic_e7e4687e_685e_4023_bbab_a16ccfe8822b_name')]", + "name": "[parameters('networkInterfaces_pep_odms_app_test_nic_714ca5c0_83a1_42fb_b8e4_8a2b5a2660ed_name')]", "properties": { "disableTcpStateTracking": false, "dnsSettings": { @@ -1749,9 +1884,9 @@ "enableIPForwarding": false, "ipConfigurations": [ { - "etag": "W/\"4ae02394-b8c4-4949-b8c9-afa8f9a4816c\"", - "id": "[concat(resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_pep_odms_app_test_nic_e7e4687e_685e_4023_bbab_a16ccfe8822b_name')), '/ipConfigurations/privateEndpointIpConfig.2c5fae85-4959-4d63-ae7b-569ad00b2fdc')]", - "name": "privateEndpointIpConfig.2c5fae85-4959-4d63-ae7b-569ad00b2fdc", + "etag": "W/\"de5f333a-686a-419a-be07-4fb339cbf7b8\"", + "id": "[concat(resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_pep_odms_app_test_nic_714ca5c0_83a1_42fb_b8e4_8a2b5a2660ed_name')), '/ipConfigurations/privateEndpointIpConfig.474c2657-ac02-4810-8202-004da3c9cd93')]", + "name": "privateEndpointIpConfig.474c2657-ac02-4810-8202-004da3c9cd93", "properties": { "primary": true, "privateIPAddress": "10.1.1.9", @@ -2047,7 +2182,7 @@ } ], "metadata": { - "creator": "created by private endpoint pep-odms-app-test with resource guid 78a4dbd3-7b3f-436e-a7ae-3aba5cea7341" + "creator": "created by private endpoint pep-odms-app-test with resource guid f272f317-2526-4bbe-bfe9-18083902e925" }, "ttl": 10 }, @@ -2066,7 +2201,7 @@ } ], "metadata": { - "creator": "created by private endpoint pep-odms-app-test with resource guid 78a4dbd3-7b3f-436e-a7ae-3aba5cea7341" + "creator": "created by private endpoint pep-odms-app-test with resource guid f272f317-2526-4bbe-bfe9-18083902e925" }, "ttl": 10 }, @@ -2298,8 +2433,8 @@ "manualPrivateLinkServiceConnections": [], "privateLinkServiceConnections": [ { - "id": "[concat(resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_pep_odms_app_test_name')), concat('/privateLinkServiceConnections/', parameters('privateEndpoints_pep_odms_app_test_name'), '-81c1'))]", - "name": "[concat(parameters('privateEndpoints_pep_odms_app_test_name'), '-81c1')]", + "id": "[concat(resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_pep_odms_app_test_name')), concat('/privateLinkServiceConnections/', parameters('privateEndpoints_pep_odms_app_test_name'), '-bd85'))]", + "name": "[concat(parameters('privateEndpoints_pep_odms_app_test_name'), '-bd85')]", "properties": { "groupIds": [ "sites" @@ -11148,6 +11283,10 @@ "properties": {} } ], + "sslPolicy": { + "policyName": "AppGwSslPolicy20220101", + "policyType": "Predefined" + }, "sslProfiles": [], "trustedClientCertificates": [], "trustedRootCertificates": [], diff --git a/configurations/azure/stg-network-rg.json b/configurations/azure/stg-network-rg.json index 402aae2..539e374 100644 --- a/configurations/azure/stg-network-rg.json +++ b/configurations/azure/stg-network-rg.json @@ -414,6 +414,141 @@ "rules": [ { "ruleId": "942440" + }, + { + "ruleId": "942100" + }, + { + "ruleId": "942110" + }, + { + "ruleId": "942120" + }, + { + "ruleId": "942130" + }, + { + "ruleId": "942140" + }, + { + "ruleId": "942150" + }, + { + "ruleId": "942160" + }, + { + "ruleId": "942170" + }, + { + "ruleId": "942180" + }, + { + "ruleId": "942190" + }, + { + "ruleId": "942200" + }, + { + "ruleId": "942210" + }, + { + "ruleId": "942220" + }, + { + "ruleId": "942230" + }, + { + "ruleId": "942240" + }, + { + "ruleId": "942250" + }, + { + "ruleId": "942251" + }, + { + "ruleId": "942260" + }, + { + "ruleId": "942270" + }, + { + "ruleId": "942280" + }, + { + "ruleId": "942290" + }, + { + "ruleId": "942300" + }, + { + "ruleId": "942310" + }, + { + "ruleId": "942320" + }, + { + "ruleId": "942330" + }, + { + "ruleId": "942340" + }, + { + "ruleId": "942350" + }, + { + "ruleId": "942360" + }, + { + "ruleId": "942361" + }, + { + "ruleId": "942370" + }, + { + "ruleId": "942380" + }, + { + "ruleId": "942390" + }, + { + "ruleId": "942400" + }, + { + "ruleId": "942410" + }, + { + "ruleId": "942420" + }, + { + "ruleId": "942421" + }, + { + "ruleId": "942430" + }, + { + "ruleId": "942431" + }, + { + "ruleId": "942432" + }, + { + "ruleId": "942450" + }, + { + "ruleId": "942460" + }, + { + "ruleId": "942470" + }, + { + "ruleId": "942480" + }, + { + "ruleId": "942490" + }, + { + "ruleId": "942500" } ] } @@ -813,7 +948,7 @@ "direction": "Inbound", "priority": 903, "protocol": "TCP", - "sourceAddressPrefix": "211.125.140.74", + "sourceAddressPrefix": "211.125.140.76", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] @@ -1353,7 +1488,7 @@ "direction": "Inbound", "priority": 903, "protocol": "TCP", - "sourceAddressPrefix": "211.125.140.74", + "sourceAddressPrefix": "211.125.140.76", "sourceAddressPrefixes": [], "sourcePortRange": "*", "sourcePortRanges": [] @@ -10880,6 +11015,10 @@ "properties": {} } ], + "sslPolicy": { + "policyName": "AppGwSslPolicy20220101", + "policyType": "Predefined" + }, "sslProfiles": [], "trustedClientCertificates": [], "trustedRootCertificates": [],