From 3798dfd6e41f98e32c8717bcd9947f514b1c3a96 Mon Sep 17 00:00:00 2001 From: Quentin Vecchio Date: Fri, 6 Oct 2023 16:26:14 +0200 Subject: [PATCH] Add CDN configuration (#426) --- config/README.md | 5 +++++ config/cdn.yaml | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 config/README.md create mode 100644 config/cdn.yaml diff --git a/config/README.md b/config/README.md new file mode 100644 index 0000000000..e3df891740 --- /dev/null +++ b/config/README.md @@ -0,0 +1,5 @@ +# AEM as a Cloud Service Configuration Files + +This folder contains service's configuration files that you can deploy on your AEM as a Cloud Service environment from Cloud Manager using Configuration Pipeline. + +For now only CDN Traffic Filters Rules and WAF rules can be configured. You can learn more about Traffic Filters Rules and WAF rules in [our online documentation](https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/security/cdn-and-waf-rules.html). diff --git a/config/cdn.yaml b/config/cdn.yaml new file mode 100644 index 0000000000..386e60834a --- /dev/null +++ b/config/cdn.yaml @@ -0,0 +1,49 @@ +kind: "CDN" +version: "1" +metadata: + envTypes: ["dev"] +data: + trafficFilters: + rules: + # Block access to a given path + # - name: block-path + # when: + # allOf: + # - reqProperty: tier + # matches: "author|publish" + # - reqProperty: path + # equals: '/block/me' + # action: block + # Block access to OFAC countries + - name: block-ofac-countries + when: + allOf: + - reqProperty: tier + matches: "author|publish" + - reqProperty: clientCountry + in: + - SY + - BY + - MM + - KP + - IQ + - CD + - SD + - IR + - LR + - ZW + - CU + - CI + action: block + # Block client for 5m when it exceeds 100 req/sec on a time window of 1sec + - name: limit-requests-per-client-ip + when: + reqProperty: tier + matches: "author|publish" + rateLimit: + limit: 100 + window: 1 + penalty: 300 + groupBy: + - reqProperty: clientIp + action: block