forked from theonestack/hl-component-wafv2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwafv2.config.yaml
140 lines (139 loc) · 5.47 KB
/
wafv2.config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
cloudwatch:
enabled: true
samples: true
metric_name_prefix: ${EnvironmentName}
rules:
# =======================
# AWS managed rule groups https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html
# =======================
# Contains rules that are generally applicable to web applications. This provides protection against exploitation
# of a wide range of vulnerabilities, including those described in OWASP publications.
AWSManagedRulesCommonRuleSet:
enabled: true
conditional: false
priority: 30
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesCommonRuleSet
# Contains rules that allow you to block external access to exposed admin pages. This may be useful if you are running
# third-party software or would like to reduce the risk of a malicious actor gaining administrative access to your application.
AWSManagedRulesAdminProtectionRuleSet:
enabled: false
conditional: false
priority: 40
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesAdminProtectionRuleSet
# Contains rules that allow you to block request patterns that are known to be invalid and are associated with exploitation
# or discovery of vulnerabilities. This can help reduce the risk of a malicious actor discovering a vulnerable application.
AWSManagedRulesKnownBadInputsRuleSet:
enabled: false
conditional: false
priority: 50
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesKnownBadInputsRuleSet
# Contains rules that allow you to block request patterns associated with exploitation of SQL databases,
# like SQL injection attacks. This can help prevent remote injection of unauthorized queries.
AWSManagedRulesSQLiRuleSet:
enabled: false
conditional: false
priority: 60
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesSQLiRuleSet
# Contains rules that block request patterns associated with exploitation of vulnerabilities specific to Linux, including LFI attacks.
# This can help prevent attacks that expose file contents or execute code for which the attacker should not have had access.
AWSManagedRulesLinuxRuleSet:
enabled: false
conditional: false
priority: 70
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesLinuxRuleSet
# Contains rules that block request patterns associated with exploiting vulnerabilities specific to POSIX/POSIX-like OS, including LFI attacks.
# This can help prevent attacks that expose file contents or execute code for which access should not been allowed.
AWSManagedRulesUnixRuleSet:
enabled: false
conditional: false
priority: 80
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesUnixRuleSet
# Contains rules that block request patterns associated with exploiting vulnerabilities specific to Windows, (e.g., PowerShell commands).
# This can help prevent exploits that allow attacker to run unauthorized commands or execute malicious code
AWSManagedRulesWindowsRuleSet:
enabled: false
conditional: false
priority: 90
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesWindowsRuleSet
# Contains rules that block request patterns associated with exploiting vulnerabilities specific to the use of the PHP,
# including injection of unsafe PHP functions. This can help prevent exploits that allow an attacker to remotely execute code or commands.
AWSManagedRulesPHPRuleSet:
enabled: false
conditional: false
priority: 100
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesPHPRuleSet
# The WordPress Applications group contains rules that block request patterns associated with the exploitation of vulnerabilities specific to WordPress sites.
AWSManagedRulesWordPressRuleSet:
enabled: false
conditional: false
priority: 110
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesWordPressRuleSet
# This group contains rules that are based on Amazon threat intelligence. This is useful if you would like to block sources associated with bots or other threats.
AWSManagedRulesAmazonIpReputationList:
enabled: false
conditional: false
priority: 120
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesAmazonIpReputationList
# This group contains rules that allow you to block requests from services that allow obfuscation of viewer identity.
# This can include request originating from VPN, proxies, Tor nodes, and hosting providers.
# This is useful if you want to filter out viewers that may be trying to hide their identity from your application.
AWSManagedRulesAnonymousIpList:
enabled: false
conditional: false
priority: 130
override_action:
None: {}
statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesAnonymousIpList