Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

[DO NOT MERGE] CCD in prevention mode #38

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

[DO NOT MERGE] CCD in prevention mode #38

wants to merge 13 commits into from

Conversation

smathangi
Copy link

added excluded rules based on analysis of ccd prod in detection mode (1 week detection data)
https://tools.hmcts.net/jira/browse/RDM-3807

cakeben
cakeben approved these changes Sep 11, 2019
View reviewed changes
Copy link
Member

@cakeben cakeben left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approve the changes but this should not be merged to master it should go on a different branch of the module which CCD should then seek to obtain sign off from SecOps before rolling out the change

mario-paniccia
mario-paniccia approved these changes Sep 16, 2019
View reviewed changes
Copy link

@mario-paniccia mario-paniccia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@mario-paniccia
Copy link

mario-paniccia commented Sep 16, 2019
edited
Loading

I approve the changes but this should not be merged to master it should go on a different branch of the module which CCD should then seek to obtain sign off from SecOps before rolling out the change

I seems clear to me that CCD needs to run with custom exclusion rules. I think it'll make sense for the cnp-module-waf module on master branch support allowing setting custom exclusion rules. Until we have that, we'll always need to be on the ccd-waf branch, which is not that good.

@timja
Copy link
Contributor

timja commented Sep 16, 2019

I approve the changes but this should not be merged to master it should go on a different branch of the module which CCD should then seek to obtain sign off from SecOps before rolling out the change

I seems clear to me that CCD needs to run with custom exclusion rules. I think it'll make sense for the cnp-module-waf module on master branch support allowing setting custom exclusion rules. Until we have that, we'll always need to be on the ccd-waf branch, which is not that good.

correct we haven't invested in this though as we plan to move away from application gateway and use front door instead which supports application waf profiles in a much better way

smathangi and others added 12 commits September 16, 2019 15:05
@smathangi
removed invalid ruleIds
8c9801e
@smathangi
added missing ruleId 200004
e17e66d
@nathan-clark
RDM-6863-disableRules
85e8a58
@nathan-clark
Merge pull request #49 from hmcts/RDM-6863-disableRules
03e3b4c 
RDM-6863-disableRules-RDM-6863
@mario-paniccia
remove offending duplicate rule and merged into existing
904d7be
@mario-paniccia
Merge pull request #51 from hmcts/remove_offending_duplicate_rule
20c2088 
Remove offending duplicate rule
@njrich28
Add conditional request timeout property
ea01eb8
@njrich28
Fix test for existence of field
da8eec3 
Previously using `equals` to test for existence of field, switched to using `contains` which is correct test.

https://docs.microsoft.com/en-gb/azure/azure-resource-manager/templates/template-functions-array#contains
@njrich28
Wrap the other property in conditional
30b3f18
@MSancaktutar
Merge pull request #52 from hmcts/njrich28-patch-1
d696875 
Add conditional request timeout property
@nathan-clark
RDM-7904-disable-942300-933160
1fc8758
@nathan-clark
Merge pull request #54 from hmcts/RDM-7904-disable-942300-933160
4179fe7 
RDM-7904-disable-942300-933160
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cakeben cakeben cakeben approved these changes

@mario-paniccia mario-paniccia mario-paniccia approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@smathangi @mario-paniccia @timja @cakeben @nathan-clark @njrich28 @MSancaktutar