Skip to content

Commit cd33aa3

Browse files
kumar-swamykumar-swamy
authored
Merge pull request #471 from ganesh-k13/waf-1.22
WAF 1.22 Support
2 parents 501a201 + e9b0998 commit cd33aa3

20 files changed

Lines changed: 233 additions & 455 deletions

crd/waf/README.md

Lines changed: 30 additions & 153 deletions
Original file line numberDiff line numberDiff line change
@@ -47,143 +47,6 @@ Based on the type of security checks, you can specify the metadata and use the C
4747

4848
The WAF CRD is available in the Citrix ingress controller GitHub repository at [waf-crd.yaml](./waf-crd.yaml). The WAF CRD provides attributes for the various options that are required to define the web application firewall policies on Citrix ADC.
4949

50-
The following is the WAF CRD definition:
51-
52-
```yml
53-
apiVersion: apiextensions.k8s.io/v1beta1
54-
kind: CustomResourceDefinition
55-
metadata:
56-
name: wafs.citrix.com
57-
spec:
58-
group: citrix.com
59-
version: v1
60-
names:
61-
kind: waf
62-
plural: wafs
63-
singular: waf
64-
scope: Namespaced
65-
subresources:
66-
status: {}
67-
additionalPrinterColumns:
68-
- name: Status
69-
type: string
70-
description: "Current Status of the CRD"
71-
JSONPath: .status.state
72-
- name: Message
73-
type: string
74-
description: "Status Message"
75-
JSONPath: .status.status_message
76-
validation:
77-
openAPIV3Schema:
78-
required: [spec]
79-
properties:
80-
spec:
81-
type: object
82-
properties:
83-
servicenames:
84-
description: "Name of the services to which the waf policies are applied."
85-
type: array
86-
items:
87-
type: string
88-
maxLength: 127
89-
application_type:
90-
description: "Type of applications to protect"
91-
type: array
92-
items
93-
type: string
94-
enum: ["HTML", "JSON", "XML"]
95-
signatures:
96-
description: "Location of external signature file"
97-
type: string
98-
redirect_url:
99-
description: ""
100-
type: string
101-
html_error_object:
102-
description: "Location of customized error page to respond when html or common violation are hit"
103-
type: string
104-
xml_error_object:
105-
description: "Location of customized error page to respond when xml violations are hit"
106-
type: string
107-
json_error_object:
108-
description: "Location of customized error page to respond when json violations are hit"
109-
type: string
110-
ip_reputation:
111-
description: "Enabling IP reputation feature"
112-
oneOf:
113-
- type: string
114-
- type: object
115-
target:
116-
description: "To control what traffic to be inspected by Web Application Firewall. If you do not provide the target, everything will be inspected by default"
117-
type: object
118-
properties:
119-
paths:
120-
type: array
121-
description: "List of http urls to inspect"
122-
items:
123-
type: string
124-
description: "URL path"
125-
method:
126-
type: array
127-
description: "List of http methods to inspect"
128-
items:
129-
type: string
130-
enum: ["GET", "PUT", "POST","DELETE"]
131-
header:
132-
type: array
133-
description: "List of http headers to inspect"
134-
items:
135-
type: string
136-
description: "header name"
137-
security_checks:
138-
description: "To enable/disable application firewall security checks"
139-
type: object
140-
properties:
141-
common:
142-
type: object
143-
html:
144-
type: object
145-
json:
146-
type: object
147-
xml:
148-
type: object
149-
settings:
150-
description: "To fine tune application firewall security checks default settings"
151-
type: object
152-
properties:
153-
common:
154-
type: object
155-
html:
156-
type: object
157-
json:
158-
type: object
159-
xml:
160-
type: object
161-
relaxations:
162-
description: "Section which contains relaxation rules for known traffic and false positives"
163-
type: object
164-
properties:
165-
common:
166-
type: object
167-
html:
168-
type: object
169-
json:
170-
type: object
171-
xml:
172-
type: object
173-
enforcements:
174-
description: "Section which contains enforcement or restriction rules"
175-
type: object
176-
properties:
177-
common:
178-
type: object
179-
html:
180-
type: object
181-
json:
182-
type: object
183-
xml:
184-
type: object
185-
```
186-
18750
## WAF CRD attributes
18851

18952
The following table lists the various attributes provided in the WAF CRD:
@@ -256,8 +119,9 @@ metadata:
256119
spec:
257120
servicenames:
258121
- frontend
259-
application_type: HTML
260-
html_page_url: "http://x.x.x.x/crd/error_page.html"
122+
application_type:
123+
- HTML
124+
html_error_object: "http://x.x.x.x/crd/error_page.html"
261125
security_checks:
262126
html:
263127
cross_site_scripting: "on"
@@ -277,7 +141,8 @@ metadata:
277141
spec:
278142
servicenames:
279143
- frontend
280-
application_type: HTML
144+
application_type:
145+
- HTML
281146
html_error_object: "http://x.x.x.x/crd/error_page.html"
282147
security_checks:
283148
common:
@@ -303,7 +168,8 @@ metadata:
303168
spec:
304169
servicenames:
305170
- frontend
306-
application_type: HTML
171+
application_type:
172+
- HTML
307173
signatures: "http://x.x.x.x/crd/sig.xml"
308174
html_error_object: "http://x.x.x.x/crd/error_page.html"
309175
security_checks:
@@ -325,7 +191,8 @@ metadata:
325191
spec:
326192
servicenames:
327193
- frontend
328-
application_type: HTML
194+
application_type:
195+
- HTML
329196
html_error_object: "http://x.x.x.x/crd/error_page.html"
330197
security_checks:
331198
common:
@@ -354,7 +221,8 @@ metadata:
354221
spec:
355222
servicenames:
356223
- frontend
357-
application_type: HTML
224+
application_type:
225+
- HTML
358226
html_error_object: "http://x.x.x.x/crd/error_page.html"
359227
target:
360228
path:
@@ -391,7 +259,8 @@ metadata:
391259
spec:
392260
servicenames:
393261
- frontend
394-
application_type: HTML
262+
application_type:
263+
- HTML
395264
html_error_object: "http://x.x.x.x/crd/error_page.html"
396265
security_checks:
397266
common:
@@ -426,7 +295,8 @@ metadata:
426295
spec:
427296
servicenames:
428297
- frontend
429-
application_type: HTML
298+
application_type:
299+
- HTML
430300
html_error_object: "http://x.x.x.x/crd/error_page.html"
431301
security_checks:
432302
html:
@@ -450,8 +320,9 @@ metadata:
450320
spec:
451321
servicenames:
452322
- frontend
453-
application_type: HTML
454-
html_page_url: "http://x.x.x.x/crd/error_page.html"
323+
application_type:
324+
- HTML
325+
html_error_object: "http://x.x.x.x/crd/error_page.html"
455326
security_checks:
456327
common:
457328
buffer_overflow: "on"
@@ -569,7 +440,8 @@ kind: waf
569440
metadata:
570441
name: wafiprep
571442
spec:
572-
application_type: html
443+
application_type:
444+
- html
573445
servicenames:
574446
- frontend
575447
ip_reputation: "on"
@@ -585,7 +457,8 @@ kind: waf
585457
metadata:
586458
name: wafiprepcategory
587459
spec:
588-
application_type: html
460+
application_type:
461+
- html
589462
servicenames:
590463
- frontend
591464
ip_reputation:
@@ -616,7 +489,8 @@ metadata:
616489
spec:
617490
servicenames:
618491
- frontend
619-
application_type: JSON
492+
application_type:
493+
- JSON
620494
json_error_object: "http://x.x.x.x/crd/error_page.json"
621495
security_checks:
622496
json:
@@ -651,7 +525,8 @@ metadata:
651525
spec:
652526
servicenames:
653527
- frontend
654-
application_type: JSON
528+
application_type:
529+
- JSON
655530
json_error_object: "http://x.x.x.x/crd/error_page.json"
656531
security_checks:
657532
json:
@@ -687,7 +562,8 @@ metadata:
687562
spec:
688563
servicenames:
689564
- frontend
690-
application_type: XML
565+
application_type:
566+
- XML
691567
xml_error_object: "http://x.x.x.x/crd/error_page.xml"
692568
security_checks:
693569
xml:
@@ -738,7 +614,8 @@ metadata:
738614
spec:
739615
servicenames:
740616
- frontend
741-
application_type: XML
617+
application_type:
618+
- XML
742619
xml_error_object: "http://x.x.x.x/crd/error_page.json"
743620
security_checks:
744621
xml:

0 commit comments

Comments
 (0)