From c6dd13ec107555d0bd78229bc2be07bf62760d0d Mon Sep 17 00:00:00 2001 From: Daniel Glen Date: Thu, 5 Dec 2024 09:39:29 +0000 Subject: [PATCH] Reprioritised rules --- helm_deploy/wordpress/templates/ingress.yaml | 24 ++++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/helm_deploy/wordpress/templates/ingress.yaml b/helm_deploy/wordpress/templates/ingress.yaml index 5e48cba..bab8a07 100644 --- a/helm_deploy/wordpress/templates/ingress.yaml +++ b/helm_deploy/wordpress/templates/ingress.yaml @@ -16,18 +16,9 @@ metadata: log,\ tag:github_team=hale-platform,\ tag:environment=hale-platform-{{ .Values.configmap.envtype }}" - # Set WAF Config for Authenticated Users - SecRule REQUEST_HEADERS:Cookie "@contains WB_CONFIG={{ .Values.secrets.wbconfig }}" - "id:1001,\ - phase:2,\ - allow,\ - nolog,\ - tag:github_team=hale-platform,\ - tag:environment=hale-platform-{{ .Values.configmap.envtype }}-auth,\ - ctl:ruleEngine=DetectionOnly" # WordPress User enumeration blocking author query string SecRule ARGS:author "@rx ^([0-9]+|{num:[0-9]+)$" - "id:1002,\ + "id:1001,\ phase:2,\ t:none,\ deny,\ @@ -35,7 +26,7 @@ metadata: msg:Blocking Author Enumeration Query String" # WordPress User Enumeration author page pretty link SecRule REQUEST_URI "@streq /author/" - "id:1003,\ + "id:1002,\ phase:2,\ t:none,\ deny,\ @@ -43,12 +34,21 @@ metadata: msg:Blocking Author Enumeration Pretty Link" # WordPress REST API User Enumeration SecRule REQUEST_URI "@streq /wp-json/wp/v2/users" - "id:1004,\ + "id:1003,\ phase:2,\ t:none,\ deny,\ status:444,\ msg:Blocking REST API User Enumeration" + # Set WAF Config for Authenticated Users + SecRule REQUEST_HEADERS:Cookie "@contains WB_CONFIG={{ .Values.secrets.wbconfig }}" + "id:1004,\ + phase:2,\ + allow,\ + nolog,\ + tag:github_team=hale-platform,\ + tag:environment=hale-platform-{{ .Values.configmap.envtype }}-auth,\ + ctl:ruleEngine=DetectionOnly" nginx.ingress.kubernetes.io/server-snippet: | location = /.well-known/security.txt { auth_basic off;