nik/OMDSCloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged PR 306: auth/tokenのAPIでWAFのルールに引っかかることがある問題を解決する

Browse Source 
## 概要
[Task2272: auth/tokenのAPIでWAFのルールに引っかかることがある問題を解決する](https://paruru.nds-tyo.co.jp:8443/tfs/ReciproCollection/fa4924a4-d079-4fab-9fb5-a9a11eb205f0/_workitems/edit/2272)

- WAFのルールについて、idTokenに対するREQUEST-942-APPLICATION-ATTACK-SQLIグループのルールを一律除外するよう設定しました

## レビューポイント
- 特になし

## UIの変更
- 特になし

## 動作確認状況
- 無し

## 補足
- 相談、参考資料などがあれば
This commit is contained in:
masaaki 2023-08-31 08:35:27 +00:00
parent e77d8d8af0
commit d3aeaea777
2 changed files with 289 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

157
configurations/azure/dev-network-rg.json
View File

@ -11,7 +11,7 @@
"networkInterfaces_pep_odms_app_dev_nic_6b27b52b_0703_4bfa_b69a_66b82ec6ca3e_name": {
"type": "String"
},
"networkInterfaces_pep_odms_app_test_nic_e7e4687e_685e_4023_bbab_a16ccfe8822b_name": {
"networkInterfaces_pep_odms_app_test_nic_714ca5c0_83a1_42fb_b8e4_8a2b5a2660ed_name": {
"type": "String"
},
"networkInterfaces_pep_odms_staapp_dev_nic_a67c70a7_750f_47d4_9844_b82b66095ef1_name": {
@ -436,6 +436,141 @@
"rules": [
{
"ruleId": "942440"
},
{
"ruleId": "942100"
},
{
"ruleId": "942110"
},
{
"ruleId": "942120"
},
{
"ruleId": "942130"
},
{
"ruleId": "942140"
},
{
"ruleId": "942150"
},
{
"ruleId": "942160"
},
{
"ruleId": "942170"
},
{
"ruleId": "942180"
},
{
"ruleId": "942190"
},
{
"ruleId": "942200"
},
{
"ruleId": "942210"
},
{
"ruleId": "942220"
},
{
"ruleId": "942230"
},
{
"ruleId": "942240"
},
{
"ruleId": "942250"
},
{
"ruleId": "942251"
},
{
"ruleId": "942270"
},
{
"ruleId": "942280"
},
{
"ruleId": "942290"
},
{
"ruleId": "942300"
},
{
"ruleId": "942310"
},
{
"ruleId": "942320"
},
{
"ruleId": "942330"
},
{
"ruleId": "942340"
},
{
"ruleId": "942350"
},
{
"ruleId": "942360"
},
{
"ruleId": "942361"
},
{
"ruleId": "942370"
},
{
"ruleId": "942380"
},
{
"ruleId": "942390"
},
{
"ruleId": "942400"
},
{
"ruleId": "942410"
},
{
"ruleId": "942420"
},
{
"ruleId": "942421"
},
{
"ruleId": "942430"
},
{
"ruleId": "942431"
},
{
"ruleId": "942432"
},
{
"ruleId": "942450"
},
{
"ruleId": "942460"
},
{
"ruleId": "942470"
},
{
"ruleId": "942480"
},
{
"ruleId": "942490"
},
{
"ruleId": "942500"
},
{
"ruleId": "942260"
}
]
}
@ -1739,7 +1874,7 @@
],
"kind": "Regular",
"location": "japaneast",
"name": "[parameters('networkInterfaces_pep_odms_app_test_nic_e7e4687e_685e_4023_bbab_a16ccfe8822b_name')]",
"name": "[parameters('networkInterfaces_pep_odms_app_test_nic_714ca5c0_83a1_42fb_b8e4_8a2b5a2660ed_name')]",
"properties": {
"disableTcpStateTracking": false,
"dnsSettings": {
@ -1749,9 +1884,9 @@
"enableIPForwarding": false,
"ipConfigurations": [
{
"etag": "W/\"4ae02394-b8c4-4949-b8c9-afa8f9a4816c\"",
"id": "[concat(resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_pep_odms_app_test_nic_e7e4687e_685e_4023_bbab_a16ccfe8822b_name')), '/ipConfigurations/privateEndpointIpConfig.2c5fae85-4959-4d63-ae7b-569ad00b2fdc')]",
"name": "privateEndpointIpConfig.2c5fae85-4959-4d63-ae7b-569ad00b2fdc",
"etag": "W/\"de5f333a-686a-419a-be07-4fb339cbf7b8\"",
"id": "[concat(resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaces_pep_odms_app_test_nic_714ca5c0_83a1_42fb_b8e4_8a2b5a2660ed_name')), '/ipConfigurations/privateEndpointIpConfig.474c2657-ac02-4810-8202-004da3c9cd93')]",
"name": "privateEndpointIpConfig.474c2657-ac02-4810-8202-004da3c9cd93",
"properties": {
"primary": true,
"privateIPAddress": "10.1.1.9",
@ -2047,7 +2182,7 @@
}
],
"metadata": {
"creator": "created by private endpoint pep-odms-app-test with resource guid 78a4dbd3-7b3f-436e-a7ae-3aba5cea7341"
"creator": "created by private endpoint pep-odms-app-test with resource guid f272f317-2526-4bbe-bfe9-18083902e925"
},
"ttl": 10
},
@ -2066,7 +2201,7 @@
}
],
"metadata": {
"creator": "created by private endpoint pep-odms-app-test with resource guid 78a4dbd3-7b3f-436e-a7ae-3aba5cea7341"
"creator": "created by private endpoint pep-odms-app-test with resource guid f272f317-2526-4bbe-bfe9-18083902e925"
},
"ttl": 10
},
@ -2298,8 +2433,8 @@
"manualPrivateLinkServiceConnections": [],
"privateLinkServiceConnections": [
{
"id": "[concat(resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_pep_odms_app_test_name')), concat('/privateLinkServiceConnections/', parameters('privateEndpoints_pep_odms_app_test_name'), '-81c1'))]",
"name": "[concat(parameters('privateEndpoints_pep_odms_app_test_name'), '-81c1')]",
"id": "[concat(resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_pep_odms_app_test_name')), concat('/privateLinkServiceConnections/', parameters('privateEndpoints_pep_odms_app_test_name'), '-bd85'))]",
"name": "[concat(parameters('privateEndpoints_pep_odms_app_test_name'), '-bd85')]",
"properties": {
"groupIds": [
"sites"
@ -11148,6 +11283,10 @@
"properties": {}
}
],
"sslPolicy": {
"policyName": "AppGwSslPolicy20220101",
"policyType": "Predefined"
},
"sslProfiles": [],
"trustedClientCertificates": [],
"trustedRootCertificates": [],

143
configurations/azure/stg-network-rg.json
View File

@ -414,6 +414,141 @@
"rules": [
{
"ruleId": "942440"
},
{
"ruleId": "942100"
},
{
"ruleId": "942110"
},
{
"ruleId": "942120"
},
{
"ruleId": "942130"
},
{
"ruleId": "942140"
},
{
"ruleId": "942150"
},
{
"ruleId": "942160"
},
{
"ruleId": "942170"
},
{
"ruleId": "942180"
},
{
"ruleId": "942190"
},
{
"ruleId": "942200"
},
{
"ruleId": "942210"
},
{
"ruleId": "942220"
},
{
"ruleId": "942230"
},
{
"ruleId": "942240"
},
{
"ruleId": "942250"
},
{
"ruleId": "942251"
},
{
"ruleId": "942260"
},
{
"ruleId": "942270"
},
{
"ruleId": "942280"
},
{
"ruleId": "942290"
},
{
"ruleId": "942300"
},
{
"ruleId": "942310"
},
{
"ruleId": "942320"
},
{
"ruleId": "942330"
},
{
"ruleId": "942340"
},
{
"ruleId": "942350"
},
{
"ruleId": "942360"
},
{
"ruleId": "942361"
},
{
"ruleId": "942370"
},
{
"ruleId": "942380"
},
{
"ruleId": "942390"
},
{
"ruleId": "942400"
},
{
"ruleId": "942410"
},
{
"ruleId": "942420"
},
{
"ruleId": "942421"
},
{
"ruleId": "942430"
},
{
"ruleId": "942431"
},
{
"ruleId": "942432"
},
{
"ruleId": "942450"
},
{
"ruleId": "942460"
},
{
"ruleId": "942470"
},
{
"ruleId": "942480"
},
{
"ruleId": "942490"
},
{
"ruleId": "942500"
}
]
}
@ -813,7 +948,7 @@
"direction": "Inbound",
"priority": 903,
"protocol": "TCP",
"sourceAddressPrefix": "211.125.140.74",
"sourceAddressPrefix": "211.125.140.76",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
@ -1353,7 +1488,7 @@
"direction": "Inbound",
"priority": 903,
"protocol": "TCP",
"sourceAddressPrefix": "211.125.140.74",
"sourceAddressPrefix": "211.125.140.76",
"sourceAddressPrefixes": [],
"sourcePortRange": "*",
"sourcePortRanges": []
@ -10880,6 +11015,10 @@
"properties": {}
}
],
"sslPolicy": {
"policyName": "AppGwSslPolicy20220101",
"policyType": "Predefined"
},
"sslProfiles": [],
"trustedClientCertificates": [],
"trustedRootCertificates": [],