/
waf-crd.yaml
161 lines (161 loc) · 6.07 KB
/
waf-crd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: wafs.citrix.com
spec:
group: citrix.com
names:
kind: waf
plural: wafs
singular: waf
scope: Namespaced
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Status
type: string
description: "Current Status of the CRD"
jsonPath: .status.state
- name: Message
type: string
description: "Status Message"
jsonPath: .status.status_message
schema:
openAPIV3Schema:
type: object
required: [spec]
properties:
status:
type: object
properties:
state:
type: string
status_message:
type: string
spec:
type: object
properties:
ingressclass:
type: string
description: "Ingress class, if not specified then all Netscaler ingress controllers in the cluster will process the resource otherwise only the controller with that ingress class will process this resource"
servicenames:
description: 'Name of the services to which the waf policies are applied.'
type: array
items:
type: string
maxLength: 127
application_type:
description: 'Type of applications to protect'
type: array
items:
type: string
enum: ['HTML', 'JSON', 'XML']
signatures:
description: 'Location of external signature file'
type: string
redirect_url:
description: ''
type: string
html_error_object:
description: 'Location of customized error page to respond when html or common violation are hit'
type: string
xml_error_object:
description: 'Location of customized error page to respond when xml violations are hit'
type: string
json_error_object:
description: 'Location of customized error page to respond when json violations are hit'
type: string
ip_reputation:
type: object
x-kubernetes-preserve-unknown-fields: true
description: 'Enabling IP reputation feature'
target:
description: 'To control what traffic to be inspected by Web Application Firewall. If you do not provide the target, everything will be inspected by default'
type: object
properties:
path:
type: array
description: "List of http urls to inspect"
items:
type: string
description: "URL path"
method:
type: array
description: "List of http methods to inspect"
items:
type: string
enum: ['GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT','PATCH', 'UNKNOWN_METHOD']
header:
type: array
description: "List of http headers to inspect"
items:
type: string
description: "header name"
security_checks:
description: 'To enable/disable application firewall security checks'
type: object
properties:
common:
type: object
x-kubernetes-preserve-unknown-fields: true
html:
type: object
x-kubernetes-preserve-unknown-fields: true
json:
type: object
x-kubernetes-preserve-unknown-fields: true
xml:
type: object
x-kubernetes-preserve-unknown-fields: true
settings:
description: 'To fine tune application firewall security checks default settings'
type: object
properties:
common:
type: object
x-kubernetes-preserve-unknown-fields: true
html:
type: object
x-kubernetes-preserve-unknown-fields: true
json:
type: object
x-kubernetes-preserve-unknown-fields: true
xml:
type: object
x-kubernetes-preserve-unknown-fields: true
relaxations:
description: 'Section which contains relaxation rules for known traffic and false positives'
type: object
properties:
common:
type: object
x-kubernetes-preserve-unknown-fields: true
html:
type: object
x-kubernetes-preserve-unknown-fields: true
json:
type: object
x-kubernetes-preserve-unknown-fields: true
xml:
type: object
x-kubernetes-preserve-unknown-fields: true
enforcements:
description: 'Section which contains enforcement or restriction rules'
type: object
properties:
common:
type: object
x-kubernetes-preserve-unknown-fields: true
html:
type: object
x-kubernetes-preserve-unknown-fields: true
json:
type: object
x-kubernetes-preserve-unknown-fields: true
xml:
type: object
x-kubernetes-preserve-unknown-fields: true