new configuration version

2024-10-30 16:40:17 +00:00 · 2024-10-30 16:40:17 +00:00 · e563ca2f0f
parent 3482d60212
commit e563ca2f0f
3 changed files with 3 additions and 107 deletions
--- a/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml
+++ b/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml
@ -46,7 +46,7 @@ spec:
  podDisruptionBudget:
    maxUnavailable: "50%"
  git:
-    tag: "r-58fcf0ca3e3e5b189ec00c971320c3f2a1b493b0"
+    tag: "r-3341a3df2b54ab6368125d7df7c223019a1fb969"
    dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp"
    credentials: "git-credentials"
  keystores:
--- a/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/security_artreporting.conf
+++ b/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/security_artreporting.conf
@ -1,18 +0,0 @@
-# load modsecurity
-Include /var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/modsecurity.conf
-
-# apply whitelist modifications - must be done before loading other rules (replaces REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf)
-
-
-# apply application-specific paranoia level
-SecAction "id:900000,phase:1,nolog,pass,t:none,setvar:tx.paranoia_level=1"
-
-# load the rule set of the virtual host
-Include /var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/rules.conf
-
-# apply rule exceptions (replaces RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf)
-
-
-# set mode
-SecRuleEngine DetectionOnly
-
--- a/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/web.xml
@ -131,21 +131,6 @@
            <param-value>nevisIdm.Root</param-value>
        </init-param>
    </filter>
-    <!-- source: pattern://ae3127e7a6869fea8b850ad9 -->
-    <filter>
-        <filter-name>Authorization_Required_Roles_AGOV-Art.Access_SAML_SP_nevisidm_operations_Realm</filter-name>
-        <filter-class>ch::nevis::isiweb4::filter::auth::SecurityRoleFilter</filter-class>
-        <!-- source: pattern://ae3127e7a6869fea8b850ad9 -->
-        <init-param>
-            <param-name>DynamicRoleAcquire</param-name>
-            <param-value>false</param-value>
-        </init-param>
-        <!-- source: pattern://ae3127e7a6869fea8b850ad9 -->
-        <init-param>
-            <param-name>RolesRequired</param-name>
-            <param-value>AGOV-Art.Access</param-value>
-        </init-param>
-    </filter>
    <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
    <filter>
        <filter-name>Authorization_Required_Roles_nevisIdm.Helpdesk_nevisIdm.TemplateAdmin_nevisIdm.UserAndUnitAdmin_nevisIdm.AppAdmin_nevisIdm.UserAdmin_nevisIdm.AppOwner_nevisIdm.EnterpriseRoleAdmin_nevisIdm.ClientRoot_SAML_SP_nevisidm_operations_Realm</filter-name>
@ -220,16 +205,6 @@
            </param-value>
        </init-param>
    </filter>
-    <!-- source: pattern://4da72abf93d79d0698250e39 -->
-    <filter>
-        <filter-name>ModSecurity_ArtReporting</filter-name>
-        <filter-class>ch::nevis::nevisproxy::filter::modsecurity::ModsecurityFilter</filter-class>
-        <!-- source: pattern://4da72abf93d79d0698250e39 -->
-        <init-param>
-            <param-name>ConfigFile</param-name>
-            <param-value>/var/opt/nevisproxy/default/host-op.agov-w.azure.adnovum.net/WEB-INF/security_artreporting.conf</param-value>
-        </init-param>
-    </filter>
    <!-- source: pattern://f010ec68088ebd56349c7135 -->
    <filter>
        <filter-name>ModSecurity_GreenMail</filter-name>
@ -600,7 +575,7 @@
    <!-- source: pattern://7518c6cc61e47eec6322ae17 -->
    <filter-mapping>
        <filter-name>SessionHandler_SAML_SP_nevisidm_operations_Realm</filter-name>
-        <url-pattern>/art/*</url-pattern>
+        <url-pattern>/mail/*</url-pattern>
    </filter-mapping>
    <!-- source: pattern://7518c6cc61e47eec6322ae17 -->
    <filter-mapping>
@ -613,11 +588,6 @@
        <url-pattern>/SAML2/stepup/*</url-pattern>
    </filter-mapping>
    <!-- source: pattern://7518c6cc61e47eec6322ae17 -->
-    <filter-mapping>
-        <filter-name>SessionHandler_SAML_SP_nevisidm_operations_Realm</filter-name>
-        <url-pattern>/mail/*</url-pattern>
-    </filter-mapping>
-    <!-- source: pattern://7518c6cc61e47eec6322ae17 -->
    <filter-mapping>
        <filter-name>SessionHandler_SAML_SP_nevisidm_operations_Realm</filter-name>
        <url-pattern>/nevisidm/*</url-pattern>
@ -643,11 +613,6 @@
        <filter-name>SessionHandler_OP-ONBRDNG-AuthenticationRealm</filter-name>
        <url-pattern>/AUTH/ONBOARDING/*</url-pattern>
    </filter-mapping>
-    <!-- source: pattern://4da72abf93d79d0698250e39 -->
-    <filter-mapping>
-        <filter-name>ModSecurity_ArtReporting</filter-name>
-        <url-pattern>/art/*</url-pattern>
-    </filter-mapping>
    <!-- source: pattern://f010ec68088ebd56349c7135 -->
    <filter-mapping>
        <filter-name>ModSecurity_GreenMail</filter-name>
@ -686,11 +651,6 @@
        <exclude-url-regex>^/canary/api/.*$</exclude-url-regex>
    </filter-mapping>
    <!-- source: pattern://7518c6cc61e47eec6322ae17 -->
-    <filter-mapping>
-        <filter-name>Authentication_SAML_SP_nevisidm_operations_Realm</filter-name>
-        <url-pattern>/art/*</url-pattern>
-    </filter-mapping>
-    <!-- source: pattern://7518c6cc61e47eec6322ae17 -->
    <filter-mapping>
        <filter-name>Authentication_SAML_SP_nevisidm_operations_Realm</filter-name>
        <url-pattern>/mail/*</url-pattern>
@ -731,11 +691,6 @@
        <filter-name>Requirement_NEVIS_SecToken_SAML_SP_nevisidm_operations_Realm</filter-name>
        <url-pattern>/nevisidm/*</url-pattern>
    </filter-mapping>
-    <!-- source: pattern://ae3127e7a6869fea8b850ad9 -->
-    <filter-mapping>
-        <filter-name>Authorization_Required_Roles_AGOV-Art.Access_SAML_SP_nevisidm_operations_Realm</filter-name>
-        <url-pattern>/art/*</url-pattern>
-    </filter-mapping>
    <!-- source: pattern://3ccfece140b4bb464b3b7f51 -->
    <filter-mapping>
        <filter-name>Authorization_Required_Roles_nevisIdm.Helpdesk_nevisIdm.TemplateAdmin_nevisIdm.UserAndUnitAdmin_nevisIdm.AppAdmin_nevisIdm.UserAdmin_nevisIdm.AppOwner_nevisIdm.EnterpriseRoleAdmin_nevisIdm.ClientRoot_SAML_SP_nevisidm_operations_Realm</filter-name>
@ -760,42 +715,6 @@
    <listener>
        <listener-class>ch::nevis::isiweb4::listener::SessionListener</listener-class>
    </listener>
-    <!-- source: pattern://4da72abf93d79d0698250e39, pattern://4da72abf93d79d0698250e39#allowedMethods, pattern://4da72abf93d79d0698250e39#backends, pattern://4da72abf93d79d0698250e39#responseRewrite -->
-    <servlet>
-        <servlet-name>Connector_ArtReporting</servlet-name>
-        <!-- source: pattern://4da72abf93d79d0698250e39 -->
-        <servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
-        <!-- source: pattern://4da72abf93d79d0698250e39#allowedMethods -->
-        <init-param>
-            <param-name>AllowedMethods</param-name>
-            <param-value>ALL-HTTP,ALL-WEBDAV,-TRACE,-CONNECT</param-value>
-        </init-param>
-        <!-- source: pattern://4da72abf93d79d0698250e39#responseRewrite -->
-        <init-param>
-            <param-name>AutoRewrite</param-name>
-            <param-value>header</param-value>
-        </init-param>
-        <!-- source: pattern://4da72abf93d79d0698250e39 -->
-        <init-param>
-            <param-name>CookieManager</param-name>
-            <param-value>retain:^.*$</param-value>
-        </init-param>
-        <!-- source: pattern://4da72abf93d79d0698250e39 -->
-        <init-param>
-            <param-name>DNSCache.ttl</param-name>
-            <param-value>60</param-value>
-        </init-param>
-        <!-- source: pattern://4da72abf93d79d0698250e39#backends -->
-        <init-param>
-            <param-name>InetAddress</param-name>
-            <param-value>art-report-server.adn-agov-connect-01-dev:8080</param-value>
-        </init-param>
-        <!-- source: pattern://4da72abf93d79d0698250e39#backends -->
-        <init-param>
-            <param-name>UseSSL</param-name>
-            <param-value>false</param-value>
-        </init-param>
-    </servlet>
    <!-- source: pattern://f010ec68088ebd56349c7135, pattern://f010ec68088ebd56349c7135#allowedMethods, pattern://f010ec68088ebd56349c7135#backends, pattern://f010ec68088ebd56349c7135#responseRewrite -->
    <servlet>
        <servlet-name>Connector_GreenMail</servlet-name>
@ -824,7 +743,7 @@
        <!-- source: pattern://f010ec68088ebd56349c7135#backends -->
        <init-param>
            <param-name>InetAddress</param-name>
-            <param-value>rainloop.adn-agov-mail-01-dev:80</param-value>
+            <param-value>rainloop.adn-agov-mail-01-uat:80</param-value>
        </init-param>
        <!-- source: pattern://f010ec68088ebd56349c7135#backends -->
        <init-param>
@ -1131,11 +1050,6 @@
        <servlet-name>Hosting_Default</servlet-name>
        <url-pattern>/SAML2/stepup/*</url-pattern>
    </servlet-mapping>
-    <!-- source: pattern://4da72abf93d79d0698250e39, pattern://4da72abf93d79d0698250e39#path -->
-    <servlet-mapping>
-        <servlet-name>Connector_ArtReporting</servlet-name>
-        <url-pattern>/art/*</url-pattern>
-    </servlet-mapping>
    <!-- source: pattern://2a09bff81af3e18af3e13d3f, pattern://2a09bff81af3e18af3e13d3f#path -->
    <servlet-mapping>
        <servlet-name>Connector_Web_Application_canaryPage_frontend</servlet-name>