From a856a0c2d6763bbacf275afefa80638498ef8d76 Mon Sep 17 00:00:00 2001 From: orianelou <126462046+orianelou@users.noreply.github.com> Date: Wed, 13 Dec 2023 11:00:30 +0200 Subject: [PATCH] Create local_policy.yaml --- deployment/local_policy.yaml | 62 ++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 deployment/local_policy.yaml diff --git a/deployment/local_policy.yaml b/deployment/local_policy.yaml new file mode 100644 index 00000000..8aaf15a8 --- /dev/null +++ b/deployment/local_policy.yaml @@ -0,0 +1,62 @@ +policies: + default: + triggers: + - appsec-default-log-trigger + mode: inactive + practices: + - webapp-default-practice + custom-response: appsec-default-web-user-response + specific-rules: [] + +practices: + - name: webapp-default-practice + web-attacks: + max-body-size-kb: 1000000 + max-header-size-bytes: 102400 + max-object-depth: 40 + max-url-size-bytes: 32768 + minimum-confidence: high + override-mode: inactive + protections: + csrf-protection: inactive + error-disclosure: inactive + non-valid-http-methods: false + open-redirect: inactive + anti-bot: + injected-URIs: [] + validated-URIs: [] + override-mode: inactive + snort-signatures: + configmap: [] + override-mode: inactive + openapi-schema-validation: + configmap: [] + override-mode: inactive + +log-triggers: + - name: appsec-default-log-trigger + access-control-logging: + allow-events: false + drop-events: true + additional-suspicious-events-logging: + enabled: true + minimum-severity: high + response-body: false + appsec-logging: + all-web-requests: false + detect-events: true + prevent-events: true + extended-logging: + http-headers: false + request-body: false + url-path: false + url-query: false + log-destination: + cloud: false + stdout: + format: json + +custom-responses: + - name: appsec-default-web-user-response + mode: response-code-only + http-response-code: 403