DevSecOps Workshop in Azure > Class1 - Learn DevSecOps in Azure with Terraform and GitHub > Module 2 - Deploy Nginx App Protect in your environment Source |

Lab 4 - Disable a WAF signature¶

Let’s do another Security Operation very common. Regularly, SecOps have to disable WAF signatures due to False Positive. When you send this attack ?a=<script>, this attack matches 2 signatures.

In this lab, we will disable these 2 signatures so that the attack is not blocked anymore by the NAP.

Modify the JSON file managing the signature exceptions nginx-nap/etc/nginx/nap-files/policies/custom-references/signatures/modifications.json

Disable the 2 signature ID (200001475 and 200000098)

Change the value for “enabled” from true to false

Do it for the 2 signature IDs

{
    "modifications": [
        {
            "entityChanges": {
                "enabled": false
            },
            "entity": {
                "signatureId": 200001475
            },
            "entityType": "signature",
            "action": "add-or-update"
        },
        {
            "entityChanges": {
                "enabled": false
            },
            "entity": {
                "signatureId": 200000098
            },
            "entityType": "signature",
            "action": "add-or-update"
        }
    ]
}

As in the previous lab, commit your change, and push your change to GitHub
Run your Terraform plan again
```
terraform apply -auto-approve
```
Look at the rolling upgrade and re-send the attack.
Attack should pass and not be blocked

Note

Congrats, you did your first DevSecOps operations. Now, let’s do it for real, with real tools.

Note

Before moving forward to the next lab, we need to clean-up our NAP deployment. Run a Terraform Destroy in order to destroy the NAP pod.

terraform destroy -auto-approve

Previous Next