Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RULE] Update Azure.AppGwWAF.RuleGroups to use the latest bot manager rule set #2629

Closed
BenjaminEngeset opened this issue Jan 4, 2024 · 1 comment · Fixed by #2630
Closed

[RULE] Update Azure.AppGwWAF.RuleGroups to use the latest bot manager rule set #2629

BenjaminEngeset opened this issue Jan 4, 2024 · 1 comment · Fixed by #2630
Assignees
@BenjaminEngeset
Labels
pillar: security Aligned to the Security pillar. rule: app-gateway Rules for App Gateway
Milestone
v1.33.0

Comments

@BenjaminEngeset
Copy link
Contributor

BenjaminEngeset commented Jan 4, 2024
edited

Existing rule

Azure.AppGwWAF.RuleGroups

Suggested rule

The rule Azure.AppGwWAF.RuleGroups currently has the following definition:

PSRule.Rules.Azure/src/PSRule.Rules.Azure/rules/Azure.AppGwWAF.Rule.yaml

Lines 99 to 100 in 21cb478

- field: Properties.managedRules.managedRuleSets[1].ruleSetVersion
version: '^0.1'

This leads to the 1.0 value to fail as 1.0 is a newer major version.

We should update the rule to use the latest bot manager rule set 1.0 instead. The updated rule set also introduces further enhancements over the older 0.1 version.

Pillar

Security

Additional context

https://azure.microsoft.com/en-us/updates/general-availability-bot-manager-rule-set-10-on-regional-azure-web-application-firewall/
@BenjaminEngeset BenjaminEngeset added Needs: Triage 🔍 rule The issue relates to a rule labels Jan 4, 2024
@BenjaminEngeset BenjaminEngeset mentioned this issue Jan 4, 2024
Merged
11 tasks
@BernieWhite BernieWhite added rule: app-gateway Rules for App Gateway and removed rule The issue relates to a rule Needs: Triage 🔍 labels Jan 5, 2024
@BernieWhite
Copy link
Collaborator

@BenjaminEngeset Thanks for reporting the issue. Good call out.

@BernieWhite BernieWhite added this to the v1.33.0 milestone Jan 5, 2024
@BernieWhite BernieWhite added the pillar: security Aligned to the Security pillar. label Jan 5, 2024
@BernieWhite BernieWhite mentioned this issue Jan 11, 2024
Merged
4 tasks
@BernieWhite BernieWhite mentioned this issue Feb 5, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BenjaminEngeset BenjaminEngeset

Labels
pillar: security Aligned to the Security pillar. rule: app-gateway Rules for App Gateway
Projects
None yet
Milestone
v1.33.0
Development

Successfully merging a pull request may close this issue.

feat: Updated Azure.AppGwWAF.RuleGroups to use the rule sets BenjaminEngeset/PSRule.Rules.Azure
2 participants
@BernieWhite @BenjaminEngeset