cds-snc / notification-planning-core

Project planning for GC Notify Core Team

0 stars 0 forks source link

Add "Count" rule to geo-block admin log in #271

Open sastels opened 5 months ago

sastels commented 5 months ago

Description

As a Notify user, I would like Notify to be as secure as possible

WHY are we building?

Increase security of Notify log in

WHAT are we building?

Add a WAF rule to only allow CAN / US to access log in page. Set to COUNT for a while and analyze results.

VALUE created by our solution

Make unauthorized access more difficult.

Acceptance Criteria

[ ] WAF rule on login / register / password reset pages to geo-block outside CAN / US
[ ] rule set to "COUNT"
[ ] Athena query to analyze access from outside CAN / US

QA Steps

[ ] use a VPN to log in from somewhere else and see it in the query