[dd-waf] block external access to sensible URLs

GON-3874-DD-moodle
Manolo Caballero 2022-12-01 10:49:56 +00:00 committed by Evilham
parent c0c5ee79fc
commit e45eec6822
2 changed files with 20 additions and 1 deletions

View File

@ -1,8 +1,11 @@
# #
# BEGIN: waf-tail.cnf # BEGIN: waf-tail.cnf
# #
# Internal network
acl network_allowed src 172.16.0.0/12
# Internal traffic # Internal traffic
use_backend bk_web if { src 172.16.0.0/12 } use_backend bk_web if network_allowed
default_backend bk_waf default_backend bk_waf

View File

@ -65,3 +65,19 @@ SecRule REQUEST_FILENAME "@contains /lib/ajax/service.php" "phase:1,id:99000012,
SecRule REQUEST_FILENAME "@contains /apps/polls/poll" "phase:1,id:99000013,nolog,chain" SecRule REQUEST_FILENAME "@contains /apps/polls/poll" "phase:1,id:99000013,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off" SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_URI "^/status.php" \
"phase:1,id:99000014,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
SecRule SERVER_NAME "@contains nextcloud."
SecRule REQUEST_URI "@contains /wp-json/wp/v2/users" \
"phase:1,id:99000015,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
SecRule SERVER_NAME "@contains wp."
SecRule REQUEST_URI "@contains /report/security/index.php" \
"phase:1,id:99000016,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
SecRule SERVER_NAME "@contains moodle." \
"t:none,\
chain"
SecRule ARGS:detail "@streq core_publicpaths" \
"t:none"