DevSecOps Workshop in Azure > Class1 - Learn DevSecOps in Azure with Terraform and GitHub > Module 2 - Deploy Nginx App Protect in your environment Source |
Lab 4 - Disable a WAF signature¶
Let’s do another Security Operation very common. Regularly, SecOps have to disable WAF signatures due to False Positive. When you send this attack ?a=<script>, this attack matches 2 signatures.
In this lab, we will disable these 2 signatures so that the attack is not blocked anymore by the NAP.
Modify the JSON file managing the signature exceptions
nginx-nap/etc/nginx/nap-files/policies/custom-references/signatures/modifications.json
Disable the 2 signature ID (200001475 and 200000098)
Change the value for “enabled” from
true
tofalse
Do it for the 2 signature IDs
{ "modifications": [ { "entityChanges": { "enabled": false }, "entity": { "signatureId": 200001475 }, "entityType": "signature", "action": "add-or-update" }, { "entityChanges": { "enabled": false }, "entity": { "signatureId": 200000098 }, "entityType": "signature", "action": "add-or-update" } ] }
As in the previous lab, commit your change, and push your change to GitHub
Run your Terraform plan again
terraform apply -auto-approve
Look at the rolling upgrade and re-send the attack.
Attack should pass and not be blocked
Note
Congrats, you did your first DevSecOps operations. Now, let’s do it for real, with real tools.
Note
Before moving forward to the next lab, we need to clean-up our NAP deployment. Run a Terraform Destroy in order to destroy the NAP pod.
terraform destroy -auto-approve