8000 add support for csrf protection · nginx/kubernetes-ingress@49ef5a8 · GitHub
[go: up one dir, main page]
Skip to content

Commit 49ef5a8

Browse files
author
Rafal Wegrzycki
committed
add support for csrf protection
1 parent 8c8b734 commit 49ef5a8

File tree

2 files changed

+188
-0
lines changed

2 files changed

+188
-0
lines changed

deployments/common/crds/appprotect.f5.com_appolicies.yaml

Lines changed: 94 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,7 @@ spec:
166166
- VIOL_GRPC_METHOD
167167
- VIOL_PARAMETER_ARRAY_VALUE
168168
- VIOL_PARAMETER_VALUE_REGEXP
169+
- VIOL_CSRF
169170
- VIOL_PARAMETER_VALUE_BASE64
170171
- VIOL_MANDATORY_HEADER
171172
- VIOL_HEADER_REPEATED
@@ -386,6 +387,40 @@ spec:
386387
type: integer
387388
type: object
388389
type: array
390+
csrf-protection:
391+
properties:
392+
enabled:
393+
type: boolean
394+
expirationTimeInSeconds:
395+
pattern: disabled|\d+
396+
type: string
397+
sslOnly:
398+
type: boolean
399+
type: object
400+
csrf-urls:
401+
items:
402+
properties:
403+
$action:
404+
enum:
405+
- delete
406+
type: string
407+
enforcementAction:
408+
enum:
409+
- verify-origin
410+
- none
411+
type: string
412+
method:
413+
enum:
414+
- GET
415+
- POST
416+
- any
417+
type: string
418+
url:
419+
type: string
420+
wildcardOrder:
421+
type: integer
422+
type: object
423+
type: array
389424
data-guard:
390425
properties:
391426
creditCardNumbers:
@@ -618,6 +653,19 @@ spec:
618653
type: integer
619654
type: object
620655
type: array
656+
host-names:
657+
items:
658+
properties:
659+
$action:
660+
enum:
661+
- delete
662+
type: string
663+
includeSubdomains:
664+
type: boolean
665+
name:
666+
type: string
667+
type: object
668+
type: array
621669
idl-files:
622670
items:
623671
properties:
@@ -1180,13 +1228,57 @@ spec:
11801228
items:
11811229
properties:
11821230
$action:
1231+
enum:
1232+
- delete
1233+
type: string
1234+
allowRenderingInFrames:
1235+
enum:
1236+
- never
1237+
- only-same
1238+
type: string
1239+
allowRenderingInFramesOnlyFrom:
11831240
type: string
11841241
attackSignaturesCheck:
11851242
type: boolean
1243+
clickjackingProtection:
1244+
type: boolean
11861245
description:
11871246
type: string
11881247
disallowFileUploadOfExecutables:
11891248
type: boolean
1249+
html5CrossOriginRequestsEnforcement:
1250+
properties:
1251+
allowOriginsEnforcementMode:
1252+
enum:
1253+
- replace-with
1254+
- unmodified
1255+
type: string
1256+
checkAllowedMethods:
1257+
type: boolean
1258+
crossDomainAllowedOrigin:
1259+
items:
1260+
properties:
1261+
includeSubDomains:
1262+
type: boolean
1263+
originName:
1264+
type: string
1265+
originPort:
1266+
pattern: any|\d+
1267+
type: string
1268+
originProtocol:
1269+
enum:
1270+
- http
1271+
- http/https
1272+
- https
1273+
type: string
1274+
type: object
1275+
type: array
1276+
enforcementMode:
1277+
enum:
1278+
- disabled
1279+
- enforce
1280+
type: string
1281+
type: object
11901282
isAllowed:
11911283
type: boolean
11921284
mandatoryBody:
@@ -1298,6 +1390,8 @@ spec:
12981390
type: boolean
12991391
name:
13001392
type: string
1393+
operationId:
1394+
type: string
13011395
positionalParameters:
13021396
items:
13031397
properties:

deployments/helm-chart/crds/appprotect.f5.com_appolicies.yaml

Lines changed: 94 additions & 0 deletions
1285
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,7 @@ spec:
170170
- VIOL_GRPC_METHOD
171171
- VIOL_PARAMETER_ARRAY_VALUE
172172
- VIOL_PARAMETER_VALUE_REGEXP
173+
- VIOL_CSRF
173174
- VIOL_PARAMETER_VALUE_BASE64
174175
- VIOL_MANDATORY_HEADER
175176
- VIOL_HEADER_REPEATED
@@ -390,6 +391,40 @@ spec:
390391
type: integer
391392
type: object
392393
type: array
394+
csrf-protection:
395+
properties:
396+
enabled:
397+
type: boolean
398+
expirationTimeInSeconds:
399+
pattern: disabled|\d+
400+
type: string
401+
sslOnly:
402+
type: boolean
403+
type: object
404+
csrf-urls:
405+
items:
406+
properties:
407+
$action:
408+
enum:
409+
- delete
410+
type: string
411+
enforcementAction:
412+
enum:
413+
- verify-origin
414+
- none
415+
type: string
416+
method:
417+
enum:
418+
- GET
419+
- POST
420+
- any
421+
type: string
422+
url:
423+
type: string
424+
wildcardOrder:
425+
type: integer
426+
type: object
427+
type: array
393428
data-guard:
394429
properties:
395430
creditCardNumbers:
@@ -622,6 +657,19 @@ spec:
622657
type: integer
623658
type: object
624659
type: array
660+
host-names:
661+
items:
662+
properties:
663+
$action:
664+
enum:
665+
- delete
666+
type: string
667+
includeSubdomains:
668+
type: boolean
669+
name:
670+
type: string
671+
type: object
672+
type: array
625673
idl-files:
626674
items:
627675
properties:
@@ -1184,13 +1232,57 @@ spec:
11841232
items:
11851233
properties:
11861234
$action:
1235+
enum:
1236+
- delete
1237+
type: string
1238+
allowRenderingInFrames:
1239+
enum:
1240+
- never
1241+
- only-same
1242+
type: string
1243+
allowRenderingInFramesOnlyFrom:
11871244
type: string
11881245
attackSignaturesCheck:
11891246
type: boolean
1247+
clickjackingProtection:
1248+
type: boolean
11901249
description:
11911250
type: string
11921251
disallowFileUploadOfExecutables:
11931252
type: boolean
1253+
html5CrossOriginRequestsEnforcement:
1254+
properties:
1255+
allowOriginsEnforcementMode:
1256+
enum:
1257+
- replace-with
1258+
- unmodified
1259+
type: string
1260+
checkAllowedMethods:
1261+
type: boolean
1262+
crossDomainAllowedOrigin:
1263+
items:
1264+
properties:
1265+
includeSubDomains:
1266+
type: boolean
1267+
originName:
1268+
type: string
1269+
originPort:
1270+
pattern: any|\d+
1271+
type: string
1272+
originProtocol:
1273+
enum:
1274+
- http
1275+
- http/https
1276+
- https
1277+
type: string
1278+
type: object
1279+
type: array
1280+
enforcementMode:
1281+
enum:
1282+
- disabled
1283+
- enforce
1284+
type: string
+
type: object
11941286
isAllowed:
11951287
type: boolean
11961288
mandatoryBody:
@@ -1302,6 +1394,8 @@ spec:
13021394
type: boolean
13031395
name:
13041396
type: string
1397+
operationId:
1398+
type: string
13051399
positionalParameters:
13061400
items:
13071401
properties:

0 commit comments

Comments
 (0)
0