Skip to content

Commit 0e8976a

Browse files
author
arshan.dabirsiaghi@gmail.com
committed
- jeff and arshan's brainchild for how the wafml should look
1 parent 994cee1 commit 0e8976a

1 file changed

Lines changed: 11 additions & 12 deletions

File tree

src/main/resources/waf-policy.xml

Lines changed: 11 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -27,32 +27,32 @@
2727
<path-exception>/index.html</path-exception>
2828
<path-exception>/login.jsp</path-exception>
2929
<path-exception>/index.jsp</path-exception>
30-
<path-exception type="regex">/images/*</path-exception>
30+
<path-exception type="regex">/images/.*</path-exception>
3131
<path-exception type="regex">/css/.*</path-exception>
3232
<path-exception type="regex">/help/.*</path-exception>
3333
</authentication-rules>
3434

3535
<authorization-rules>
3636

37-
<restrict-source-ip type="regex" ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/*</restrict-source-ip>
37+
<restrict-source-ip type="regex" ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
3838

3939
<!-- operator contains,equals,inList,exists -->
40-
<must-match path="/admin/.*" variable="request.header.x-roles" operator="contains" value="admin"/>
40+
<must-match path="^/admin/.*" variable="request.header.x-roles" operator="contains" value="admin"/>
4141

4242
</authorization-rules>
4343

4444
<url-rules>
4545
<restrict-extension allow=".(do|css|jpg|gif)"/>
4646

47-
<restrict-method deny="GET" path="*.do"/>
47+
<restrict-method deny="GET" path=".*\.do$"/>
4848
<restrict-method allow="(GET|POST|TRACE)"/>
4949

50-
<enforce-https path="/*">
51-
<exception path="/index.html" />
52-
<exception path="/index.jsp" />
53-
<exception path="/images/*" />
54-
<exception path="/css/.*" />
55-
<exception path="/help/.*" />
50+
<enforce-https path="/.*">
51+
<path-exception>/index.html</path-exception>
52+
<path-exception>/index.jsp</path-exception>
53+
<path-exception type="regex">/images/.*</path-exception>
54+
<path-exception type="regex">/css/.*</path-exception>
55+
<path-exception type="regex">/help/.*</path-exception>
5656
</enforce-https>
5757
</url-rules>
5858

@@ -86,7 +86,6 @@
8686

8787
<virtual-patches>
8888
<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar" pattern="[0-9a-zA-Z]" message="zomg attax"/>
89-
9089
</virtual-patches>
9190

9291
<!-- act on outbound headers and data -->
@@ -101,7 +100,7 @@
101100
</add-http-only-flag>
102101

103102
<dynamic-insertion pattern="&lt;/body&gt;">
104-
<![CDATA[ ]]>
103+
<![CDATA[]]>
105104
</dynamic-insertion>
106105

107106
</outbound-rules>

0 commit comments

Comments
 (0)