-
Notifications
You must be signed in to change notification settings - Fork 569
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
bdd75cb
commit f1184ee
Showing
2 changed files
with
71 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # AEM as a Cloud Service Configuration Files | ||
|
|
||
| This folder contains service's configuration files that you can deploy on your AEM as a Cloud Service environment from Cloud Manager using Configuration Pipeline. | ||
|
|
||
| For now only CDN Traffic Filters Rules and WAF rules can be configured. You can learn more about Traffic Filters Rules and WAF rules in [our online documentation](https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/security/cdn-and-waf-rules.html). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| kind: "CDN" | ||
| version: "1" | ||
| metadata: | ||
| envTypes: ["dev"] | ||
| data: | ||
| trafficFilters: | ||
| rules: | ||
| # Block access to OFAC countries | ||
| - name: block-ofac-countries | ||
| when: | ||
| allOf: | ||
| - reqProperty: tier | ||
| in: [ publish ] | ||
| - reqProperty: clientCountry | ||
| in: | ||
| - SY | ||
| - BY | ||
| - MM | ||
| - KP | ||
| - IQ | ||
| - CD | ||
| - SD | ||
| - IR | ||
| - LR | ||
| - ZW | ||
| - CU | ||
| - CI | ||
| action: block | ||
| # Block client for 5m when it exceeds 100 req/sec on a time window of 1sec | ||
| - name: limit-requests-per-client-ip | ||
| when: | ||
| reqProperty: tier | ||
| in: [ publish ] | ||
| rateLimit: | ||
| limit: 100 | ||
| window: 1 | ||
| penalty: 300 | ||
| groupBy: | ||
| - reqProperty: clientIp | ||
| action: block | ||
| # Enable recommend WAF protections (only works if WAF is enabled for your environment) | ||
| - name: block-waf-flags-globally | ||
| when: | ||
| reqProperty: tier | ||
| in: [ publish ] | ||
| action: | ||
| type: block | ||
| wafFlags: | ||
| - SANS | ||
| - SIGSCI-IP | ||
| - TORNODE | ||
| - NOUA | ||
| - SCANNER | ||
| - USERAGENT | ||
| - PRIVATEFILE | ||
| - ABNORMALPATH | ||
| - TRAVERSAL | ||
| - NULLBYTE | ||
| - BACKDOOR | ||
| - LOG4J-JNDI | ||
| - SQLI | ||
| - XSS | ||
| - CODEINJECTION | ||
| - CMDEXE | ||
| - NO-CONTENT-TYPE | ||
| - UTF8 |