Skip to content

Commit

Permalink
Merge pull request #500 from josefaidt/fix-waf-rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@josefaidt
josefaidt authored Oct 1, 2023
2 parents 5c3caa5 + 7b885ae commit 788e08d
Showing 1 changed file with 11 additions and 19 deletions.
30 changes: 11 additions & 19 deletions cdk/src/components/waf.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,15 +113,13 @@ export class WAF extends wafv2.CfnWebACL {
// if request ends in .sql
searchString: '.sql',
fieldToMatch: {
singleHeader: {
name: ':path',
},
uriPath: {},
},
positionalConstraint: 'ENDS_WITH',
textTransformations: [
{
priority: 0,
type: 'URL_DECODE',
type: 'NONE',
},
],
},
Expand All @@ -143,15 +141,13 @@ export class WAF extends wafv2.CfnWebACL {
// if requested path is wp-admin
searchString: '/wp-admin',
fieldToMatch: {
singleHeader: {
name: ':path',
},
uriPath: {},
},
positionalConstraint: 'CONTAINS',
positionalConstraint: 'STARTS_WITH',
textTransformations: [
{
priority: 0,
type: 'URL_DECODE',
type: 'NONE',
},
],
},
Expand All @@ -173,15 +169,13 @@ export class WAF extends wafv2.CfnWebACL {
// if requested path is wp-content
searchString: '/wp-content',
fieldToMatch: {
singleHeader: {
name: ':path',
},
uriPath: {},
},
positionalConstraint: 'CONTAINS',
positionalConstraint: 'STARTS_WITH',
textTransformations: [
{
priority: 0,
type: 'URL_DECODE',
type: 'NONE',
},
],
},
Expand All @@ -203,15 +197,13 @@ export class WAF extends wafv2.CfnWebACL {
// if requested path is swagger
searchString: '/swagger',
fieldToMatch: {
singleHeader: {
name: ':path',
},
uriPath: {},
},
positionalConstraint: 'CONTAINS',
positionalConstraint: 'STARTS_WITH',
textTransformations: [
{
priority: 0,
type: 'URL_DECODE',
type: 'NONE',
},
],
},
Expand Down

0 comments on commit 788e08d

Please sign in to comment.