diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
index 05ab391..b12e9b1 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
@@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
- tag: "r-c3f3450d1e993cf5f26ceeaec99256e99fb503fa"
+ tag: "r-139ef65dd089d9e8ca8e589cb232846974ed2f1c"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials"
keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/utility_resource_service_countries_security_filter.lua b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/utility_resource_service_countries_security_filter.lua
new file mode 100644
index 0000000..df4117a
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/utility_resource_service_countries_security_filter.lua
@@ -0,0 +1,42 @@
+package.path = package.path .. ";/opt/nevisproxy/webapp/WEB-INF/lib/lua/Utils.lua"
+local Utils = require "Utils"
+
+function inputHeader(request, response)
+ local trace = request:getTracer()
+
+ local queryParams = Utils.getQueryParameters(request)
+ local path = request:getRequestPath()
+
+ -- only allow calls to the countries service
+ if path == nil then
+ trace:error("path is nil")
+ end
+
+ if path ~= nil and path ~= '/resource/utility/api/v1/countries' then
+ trace:info("utility service called with invalid path " .. request:getRequestPath())
+ response:send(404)
+ return
+ end
+
+ -- only alloq one query-parameter 'lang' with the values DE, FR, IT, EN, RS
+ for param, values in pairs(queryParams) do
+ if (param ~= 'lang') then
+ trace:info("utility service called with invalid query param " .. param)
+ response:send(404)
+ return
+ end
+ if Helpers.tableLength(values) ~= 1 then
+ trace:info("utility service called with invalid value for query param " .. param)
+ response:send(404)
+ return
+ end
+ for i, value in pairs(values) do
+ local lang = string.upper(value)
+ if not ('DE' == lang or 'FR' == lang or 'IT' == lang or 'EN' == lang or 'RS' == lang) then
+ trace:info("utility service called with invalid value for query param " .. param .. "=" .. value)
+ response:send(404)
+ return
+ end
+ end
+ end
+end
\ No newline at end of file
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
index 1ba000a..6838a0b 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
@@ -640,6 +640,21 @@
outputHeader
+
+
+ Lua_Utility_Resource_Service_Countries_Security_Filter
+ ch::nevis::isiweb4::filter::lua::LuaFilter
+
+
+ Script.InputHeaderFunctionName
+ inputHeader
+
+
+
+ Script.Path
+ /var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/utility_resource_service_countries_security_filter.lua
+
+
ModSecurity_App_Icon_Application
@@ -1098,6 +1113,11 @@
CSRF_Default
/AUTH/RECOVERY
+
+
+ Lua_Utility_Resource_Service_Countries_Security_Filter
+ /resource/utility/*
+
JSON_Utility_Resource_Service