Open joe-lipson opened 2 months ago
Adding this to grails-app/views/layouts/*
of ala-bootstrap3 will make it available, if configured, for all applications and pages using of any of these layouts.
Tested this with bie-test.
This is a note on where to find the code for the WAF SDK integration. The code is specific to each WAF, so all applications or environments that use the same WAF will have the same code. In the AWS console, go to the WAF section, on the left menu select "application integration", then in the intelligent threat tab select the radio button for the WAF your application is using. The JavaScript code will be shown in the text area at the bottom of the page
I tried to find this on the comparison account but there are no Web ACLs listed. Is this the right account for our test systems or are they in the other (main) account?
Our test systems are mostly still in the prod account. Specifically BIE test is in prod, yep.
We received user reports and were also able to observe a small number of requests to Biocache that were being presented with a "challenge" response from the WAF were showing a "Human Verification" message in the browser tab title for a short period of time ( usually less than a second ) before returning the page content. In a small subset of these the request would hang at this point and then time out.
After consulting with Amazon on the issue we were advised that the more efficient and preferred method of creating challenge tokens is through the WAF application integration JavaScript SDK.
From Case ID 171928080800016
Implementing the SDK is a matter of placing the code from the AWS WAF console under "Application Integration" on the Biocache front end. The code is:
<script type="text/javascript" src="https://8d350393c988.ap-southeast-2.sdk.awswaf.com/8d350393c988/f4d973d62c60/challenge.js" defer></script>
We have turned off browser challenges on the Biocache WAF until the SDK can be implemented.
This ticket is to investigate implementing this code including configuration allowing different codes for different hubs and environments