Closed siva273 closed 1 month ago
Hi, I am trying to exclude some paths from being blocked by cloud armor, still being blocked
my config
module "security_policy" { source = "GoogleCloudPlatform/cloud-armor/google" version = "~> 2.2.0" project_id = var.project_id name = "security-policy" description = "Security Policy" default_rule_action = "allow" type = "CLOUD_ARMOR" layer_7_ddos_defense_enable = false # If set to true, enables Cloud Armor Adaptive Protection for L7 DDoS detection layer_7_ddos_defense_rule_visibility = "STANDARD" pre_configured_rules = { "sqli_sensitivity_level_1" = { action = "deny(403)" priority = 1 sensitivity_level = 1 preview = true description = "SQLI sensitivity level 1 with exclude rules" target_rule_set = "sqli-v33-stable" exclude_target_rule_ids = [] preconfigured_waf_config_exclusions = { exclusion_user_task_list = { target_rule_set = "sqli-v33-stable" target_rule_ids = [ "owasp-crs-v030301-id942100-sqli", ] request_uri = [ { operator = "CONTAINS" value = "/api/v1/user_tasks/user_task_list" }, ] } exclusion_questionnaire_template = { target_rule_set = "sqli-v33-stable" target_rule_ids = [ "owasp-crs-v030301-id942190-sqli", ] request_uri = [ { operator = "CONTAINS" value = "/api/v2/questionnaire/template" }, ] } exclusion_questionnaire_section = { target_rule_set = "sqli-v33-stable" target_rule_ids = [ "owasp-crs-v030301-id942190-sqli", ] request_uri = [ { operator = "CONTAINS" value = "/api/v2/questionnaire/section/" }, ] } } } } }
all the paths excluder for specific rule id's are failing and blocked by same rule id's which are supposed to be exclude, Please let me know if I am doing something wrong here
@siva273 can u plz contact support for this issue?
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
Hi, I am trying to exclude some paths from being blocked by cloud armor, still being blocked
my config
all the paths excluder for specific rule id's are failing and blocked by same rule id's which are supposed to be exclude, Please let me know if I am doing something wrong here