letsEncryptKubernetes/crds/appprotect.f5.com_appolicies.yaml

1499 lines
63 KiB
YAML
Raw Normal View History

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: appolicies.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APPolicy
listKind: APPolicyList
plural: appolicies
singular: appolicy
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APPolicyConfig is the Schema for the APPolicyconfigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APPolicySpec defines the desired state of APPolicy
properties:
modifications:
items:
properties:
action:
type: string
description:
type: string
entity:
properties:
name:
type: string
type: object
entityChanges:
properties:
type:
type: string
type: object
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
modificationsReference:
properties:
link:
pattern: ^http
type: string
type: object
policy:
description: Defines the App Protect policy
properties:
applicationLanguage:
enum:
- iso-8859-10
- iso-8859-6
- windows-1255
- auto-detect
- koi8-r
- gb18030
- iso-8859-8
- windows-1250
- iso-8859-9
- windows-1252
- iso-8859-16
- gb2312
- iso-8859-2
- iso-8859-5
- windows-1257
- windows-1256
- iso-8859-13
- windows-874
- windows-1253
- iso-8859-3
- euc-jp
- utf-8
- gbk
- windows-1251
- big5
- iso-8859-1
- shift_jis
- euc-kr
- iso-8859-4
- iso-8859-7
- iso-8859-15
type: string
blocking-settings:
properties:
evasions:
items:
properties:
description:
enum:
- '%u decoding'
- Apache whitespace
- Bad unescape
- Bare byte decoding
- Directory traversals
- IIS backslashes
- IIS Unicode codepoints
- Multiple decoding
type: string
enabled:
type: boolean
maxDecodingPasses:
type: integer
type: object
type: array
http-protocols:
items:
properties:
description:
enum:
- Unescaped space in URL
- Unparsable request content
- Several Content-Length headers
- 'POST request with Content-Length: 0'
- Null in request
- No Host header in HTTP/1.1 request
- Multiple host headers
- Host header contains IP address
- High ASCII characters in headers
- Header name with no header value
- CRLF characters before request start
- Content length should be a positive number
- Chunked request with Content-Length header
- Check maximum number of parameters
- Check maximum number of headers
- Body in GET or HEAD requests
- Bad multipart/form-data request parsing
- Bad multipart parameters parsing
- Bad HTTP version
- Bad host header value
type: string
enabled:
type: boolean
maxHeaders:
type: integer
maxParams:
type: integer
type: object
type: array
violations:
items:
properties:
alarm:
type: boolean
block:
type: boolean
description:
type: string
name:
enum:
- VIOL_PARAMETER_VALUE_BASE64
- VIOL_MANDATORY_HEADER
- VIOL_HEADER_REPEATED
- VIOL_ASM_COOKIE_MODIFIED
- VIOL_BLACKLISTED_IP
- VIOL_COOKIE_EXPIRED
- VIOL_COOKIE_LENGTH
- VIOL_COOKIE_MALFORMED
- VIOL_COOKIE_MODIFIED
- VIOL_DATA_GUARD
- VIOL_ENCODING
- VIOL_EVASION
- VIOL_FILETYPE
- VIOL_FILE_UPLOAD
- VIOL_FILE_UPLOAD_IN_BODY
- VIOL_HEADER_LENGTH
- VIOL_HEADER_METACHAR
- VIOL_HTTP_PROTOCOL
- VIOL_HTTP_RESPONSE_STATUS
- VIOL_JSON_FORMAT
- VIOL_JSON_MALFORMED
- VIOL_JSON_SCHEMA
- VIOL_MANDATORY_PARAMETER
- VIOL_MANDATORY_REQUEST_BODY
- VIOL_METHOD
- VIOL_PARAMETER
- VIOL_PARAMETER_DATA_TYPE
- VIOL_PARAMETER_EMPTY_VALUE
- VIOL_PARAMETER_LOCATION
- VIOL_PARAMETER_MULTIPART_NULL_VALUE
- VIOL_PARAMETER_NAME_METACHAR
- VIOL_PARAMETER_NUMERIC_VALUE
- VIOL_PARAMETER_REPEATED
- VIOL_PARAMETER_STATIC_VALUE
- VIOL_PARAMETER_VALUE_LENGTH
- VIOL_PARAMETER_VALUE_METACHAR
- VIOL_POST_DATA_LENGTH
- VIOL_QUERY_STRING_LENGTH
- VIOL_RATING_THREAT
- VIOL_RATING_NEED_EXAMINATION
- VIOL_REQUEST_MAX_LENGTH
- VIOL_REQUEST_LENGTH
- VIOL_THREAT_CAMPAIGN
- VIOL_URL
- VIOL_URL_CONTENT_TYPE
- VIOL_URL_LENGTH
- VIOL_URL_METACHAR
- VIOL_XML_FORMAT
- VIOL_XML_MALFORMED
type: string
type: object
type: array
type: object
blockingSettingReference:
properties:
link:
pattern: ^http
type: string
type: object
bot-defense:
properties:
mitigations:
properties:
anomalies:
items:
properties:
action:
enum:
- alarm
- block
- default
- detect
- ignore
type: string
name:
type: string
scoreThreshold:
pattern: '[0-9]|[1-9][0-9]|1[0-4][0-9]|150|default'
type: string
type: object
type: array
classes:
items:
properties:
action:
enum:
- alarm
- block
- detect
- ignore
type: string
name:
enum:
- malicious-bot
- suspicious-browser
- trusted-bot
- untrusted-bot
type: string
type: object
type: array
signatures:
items:
properties:
action:
enum:
- alarm
- block
- detect
- ignore
type: string
name:
type: string
type: object
type: array
type: object
settings:
properties:
isEnabled:
type: boolean
type: object
type: object
caseInsensitive:
type: boolean
character-sets:
items:
properties:
characterSet:
items:
properties:
isAllowed:
type: boolean
metachar:
type: string
type: object
type: array
characterSetType:
enum:
- gwt-content
- header
- json-content
- parameter-name
- parameter-value
- plain-text-content
- url
- xml-content
type: string
type: object
type: array
characterSetReference:
properties:
link:
pattern: ^http
type: string
type: object
cookie-settings:
properties:
maximumCookieHeaderLength:
pattern: any|\d+
type: string
type: object
cookieReference:
properties:
link:
pattern: ^http
type: string
type: object
cookieSettingsReference:
properties:
link:
pattern: ^http
type: string
type: object
cookies:
items:
properties:
accessibleOnlyThroughTheHttpProtocol:
type: boolean
attackSignaturesCheck:
type: boolean
decodeValueAsBase64:
enum:
- enabled
- disabled
- required
type: string
enforcementType:
type: string
insertSameSiteAttribute:
enum:
- lax
- none
- none-value
- strict
type: string
name:
type: string
securedOverHttpsConnection:
type: boolean
signatureOverrides:
items:
properties:
enabled:
type: boolean
name:
type: string
signatureId:
type: integer
tag:
type: string
type: object
type: array
type:
enum:
- explicit
- wildcard
type: string
type: object
type: array
data-guard:
properties:
creditCardNumbers:
type: boolean
enabled:
type: boolean
enforcementMode:
enum:
- ignore-urls-in-list
- enforce-urls-in-list
type: string
enforcementUrls:
items:
type: string
type: array
lastCcnDigitsToExpose:
type: integer
lastSsnDigitsToExpose:
type: integer
maskData:
type: boolean
usSocialSecurityNumbers:
type: boolean
type: object
dataGuardReference:
properties:
link:
pattern: ^http
type: string
type: object
description:
type: string
enablePassiveMode:
type: boolean
enforcementMode:
enum:
- transparent
- blocking
type: string
filetypeReference:
properties:
link:
pattern: ^http
type: string
type: object
filetypes:
items:
properties:
allowed:
type: boolean
checkPostDataLength:
type: boolean
checkQueryStringLength:
type: boolean
checkRequestLength:
type: boolean
checkUrlLength:
type: boolean
name:
type: string
postDataLength:
type: integer
queryStringLength:
type: integer
requestLength:
type: integer
responseCheck:
type: boolean
type:
enum:
- explicit
- wildcard
type: string
urlLength:
type: integer
type: object
type: array
fullPath:
type: string
general:
properties:
allowedResponseCodes:
items:
format: int32
maximum: 999
minimum: 100
type: integer
type: array
customXffHeaders:
items:
type: string
type: array
maskCreditCardNumbersInRequest:
type: boolean
trustXff:
type: boolean
type: object
generalReference:
properties:
link:
pattern: ^http
type: string
type: object
header-settings:
properties:
maximumHttpHeaderLength:
pattern: any|\d+
type: string
type: object
headerReference:
properties:
link:
pattern: ^http
type: string
type: object
headerSettingsReference:
properties:
link:
pattern: ^http
type: string
type: object
headers:
items:
properties:
base64Decoding:
type: boolean
checkSignatures:
type: boolean
decodeValueAsBase64:
enum:
- enabled
- disabled
- required
type: string
htmlNormalization:
type: boolean
mandatory:
type: boolean
maskValueInLogs:
type: boolean
name:
type: string
normalizationViolations:
type: boolean
percentDecoding:
type: boolean
type:
enum:
- explicit
- wildcard
type: string
urlNormalization:
type: boolean
type: object
type: array
json-profiles:
items:
properties:
attackSignaturesCheck:
type: boolean
defenseAttributes:
properties:
maximumArrayLength:
pattern: any|\d+
type: string
maximumStructureDepth:
pattern: any|\d+
type: string
maximumTotalLengthOfJSONData:
pattern: any|\d+
type: string
maximumValueLength:
pattern: any|\d+
type: string
tolerateJSONParsingWarnings:
type: boolean
type: object
description:
type: string
hasValidationFiles:
type: boolean
metacharOverrides:
items:
properties:
isAllowed:
type: boolean
metachar:
type: string
type: object
type: array
name:
type: string
signatureOverrides:
items:
properties:
enabled:
type: boolean
name:
type: string
signatureId:
type: integer
tag:
type: string
type: object
type: array
validationFiles:
items:
properties:
importUrl:
type: string
isPrimary:
type: boolean
jsonValidationFile:
properties:
contents:
type: string
fileName:
type: string
isBase64:
type: boolean
type: object
type: object
type: array
type: object
type: array
json-validation-files:
items:
properties:
contents:
type: string
fileName:
type: string
isBase64:
type: boolean
type: object
type: array
jsonProfileReference:
properties:
link:
pattern: ^http
type: string
type: object
jsonValidationFileReference:
properties:
link:
pattern: ^http
type: string
type: object
methodReference:
properties:
link:
pattern: ^http
type: string
type: object
methods:
items:
properties:
name:
type: string
type: object
type: array
name:
type: string
open-api-files:
items:
properties:
link:
pattern: ^http
type: string
type: object
type: array
parameterReference:
properties:
link:
pattern: ^http
type: string
type: object
parameters:
items:
properties:
allowEmptyValue:
type: boolean
allowRepeatedParameterName:
type: boolean
arraySerializationFormat:
enum:
- csv
- form
- label
- matrix
- multi
- multipart
- pipe
- ssv
- tsv
type: string
attackSignaturesCheck:
type: boolean
checkMaxValue:
type: boolean
checkMaxValueLength:
type: boolean
checkMetachars:
type: boolean
checkMinValue:
type: boolean
checkMinValueLength:
type: boolean
checkMultipleOfValue:
type: boolean
contentProfile:
properties:
name:
type: string
type: object
dataType:
enum:
- alpha-numeric
- binary
- boolean
- decimal
- email
- integer
- none
- phone
type: string
decodeValueAsBase64:
enum:
- enabled
- disabled
- required
type: string
disallowFileUploadOfExecutables:
type: boolean
enableRegularExpression:
type: boolean
exclusiveMax:
type: boolean
exclusiveMin:
type: boolean
isCookie:
type: boolean
isHeader:
type: boolean
level:
enum:
- global
- url
type: string
maximumLength:
type: integer
metacharsOnParameterValueCheck:
type: boolean
minimumLength:
type: integer
name:
type: string
nameMetacharOverrides:
items:
properties:
isAllowed:
type: boolean
metachar:
type: string
type: object
type: array
objectSerializationStyle:
type: string
parameterEnumValues:
items:
type: string
type: array
parameterLocation:
enum:
- any
- cookie
- form-data
- header
- path
- query
type: string
regularExpression:
type: string
sensitiveParameter:
type: boolean
signatureOverrides:
items:
properties:
enabled:
type: boolean
name:
type: string
signatureId:
type: integer
tag:
type: string
type: object
type: array
staticValues:
type: string
type:
enum:
- explicit
- wildcard
type: string
valueMetacharOverrides:
items:
properties:
isAllowed:
type: boolean
metachar:
type: string
type: object
type: array
valueType:
enum:
- array
- auto-detect
- dynamic-content
- dynamic-parameter-name
- ignore
- json
- object
- openapi-array
- static-content
- user-input
- xml
type: string
type: object
type: array
response-pages:
items:
properties:
ajaxActionType:
enum:
- alert-popup
- custom
- redirect
type: string
ajaxCustomContent:
type: string
ajaxEnabled:
type: boolean
ajaxPopupMessage:
type: string
ajaxRedirectUrl:
type: string
responseActionType:
enum:
- custom
- default
- erase-cookies
- redirect
- soap-fault
type: string
responseContent:
type: string
responseHeader:
type: string
responsePageType:
enum:
- ajax
- ajax-login
- captcha
- captcha-fail
- default
- failed-login-honeypot
- failed-login-honeypot-ajax
- hijack
- leaked-credentials
- leaked-credentials-ajax
- mobile
- persistent-flow
- xml
type: string
responseRedirectUrl:
type: string
type: object
type: array
responsePageReference:
properties:
link:
pattern: ^http
type: string
type: object
sensitive-parameters:
items:
properties:
name:
type: string
type: object
type: array
sensitiveParameterReference:
properties:
link:
pattern: ^http
type: string
type: object
server-technologies:
items:
properties:
serverTechnologyName:
enum:
- Jenkins
- SharePoint
- Oracle Application Server
- Python
- Oracle Identity Manager
- Spring Boot
- CouchDB
- SQLite
- Handlebars
- Mustache
- Prototype
- Zend
- Redis
- Underscore.js
- Ember.js
- ZURB Foundation
- ef.js
- Vue.js
- UIKit
- TYPO3 CMS
- RequireJS
- React
- MooTools
- Laravel
- GraphQL
- Google Web Toolkit
- Express.js
- CodeIgniter
- Backbone.js
- AngularJS
- JavaScript
- Nginx
- Jetty
- Joomla
- JavaServer Faces (JSF)
- Ruby
- MongoDB
- Django
- Node.js
- Citrix
- JBoss
- Elasticsearch
- Apache Struts
- XML
- PostgreSQL
- IBM DB2
- Sybase/ASE
- CGI
- Proxy Servers
- SSI (Server Side Includes)
- Cisco
- Novell
- Macromedia JRun
- BEA Systems WebLogic Server
- Lotus Domino
- MySQL
- Oracle
- Microsoft SQL Server
- PHP
- Outlook Web Access
- Apache/NCSA HTTP Server
- Apache Tomcat
- WordPress
- Macromedia ColdFusion
- Unix/Linux
- Microsoft Windows
- ASP.NET
- Front Page Server Extensions (FPSE)
- IIS
- WebDAV
- ASP
- Java Servlets/JSP
- jQuery
type: string
type: object
type: array
serverTechnologyReference:
properties:
link:
pattern: ^http
type: string
type: object
signature-requirements:
items:
properties:
tag:
type: string
type: object
type: array
signature-sets:
items:
properties:
alarm:
type: boolean
block:
type: boolean
name:
type: string
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
signature-settings:
properties:
attackSignatureFalsePositiveMode:
enum:
- detect
- detect-and-allow
- disabled
type: string
minimumAccuracyForAutoAddedSignatures:
enum:
- high
- low
- medium
type: string
type: object
signatureReference:
properties:
link:
pattern: ^http
type: string
type: object
signatureSetReference:
properties:
link:
pattern: ^http
type: string
type: object
signatureSettingReference:
properties:
link:
pattern: ^http
type: string
type: object
signatures:
items:
properties:
enabled:
type: boolean
name:
type: string
signatureId:
type: integer
tag:
type: string
type: object
type: array
softwareVersion:
type: string
template:
properties:
name:
type: string
type: object
threat-campaigns:
items:
properties:
isEnabled:
type: boolean
name:
type: string
type: object
type: array
threatCampaignReference:
properties:
link:
pattern: ^http
type: string
type: object
urlReference:
properties:
link:
pattern: ^http
type: string
type: object
urls:
items:
properties:
attackSignaturesCheck:
type: boolean
description:
type: string
disallowFileUploadOfExecutables:
type: boolean
isAllowed:
type: boolean
mandatoryBody:
type: boolean
metacharOverrides:
items:
properties:
isAllowed:
type: boolean
metachar:
type: string
type: object
type: array
metacharsOnUrlCheck:
type: boolean
method:
enum:
- ACL
- BCOPY
- BDELETE
- BMOVE
- BPROPFIND
- BPROPPATCH
- CHECKIN
- CHECKOUT
- CONNECT
- COPY
- DELETE
- GET
- HEAD
- LINK
- LOCK
- MERGE
- MKCOL
- MKWORKSPACE
- MOVE
- NOTIFY
- OPTIONS
- PATCH
- POLL
- POST
- PROPFIND
- PROPPATCH
- PUT
- REPORT
- RPC_IN_DATA
- RPC_OUT_DATA
- SEARCH
- SUBSCRIBE
- TRACE
- TRACK
- UNLINK
- UNLOCK
- UNSUBSCRIBE
- VERSION_CONTROL
- X-MS-ENUMATTS
- '*'
type: string
methodOverrides:
items:
properties:
allowed:
type: boolean
method:
enum:
- ACL
- BCOPY
- BDELETE
- BMOVE
- BPROPFIND
- BPROPPATCH
- CHECKIN
- CHECKOUT
- CONNECT
- COPY
- DELETE
- GET
- HEAD
- LINK
- LOCK
- MERGE
- MKCOL
- MKWORKSPACE
- MOVE
- NOTIFY
- OPTIONS
- PATCH
- POLL
- POST
- PROPFIND
- PROPPATCH
- PUT
- REPORT
- RPC_IN_DATA
- RPC_OUT_DATA
- SEARCH
- SUBSCRIBE
- TRACE
- TRACK
- UNLINK
- UNLOCK
- UNSUBSCRIBE
- VERSION_CONTROL
- X-MS-ENUMATTS
type: string
type: object
type: array
methodsOverrideOnUrlCheck:
type: boolean
name:
type: string
positionalParameters:
items:
properties:
parameter:
properties:
allowEmptyValue:
type: boolean
allowRepeatedParameterName:
type: boolean
arraySerializationFormat:
enum:
- csv
- form
- label
- matrix
- multi
- multipart
- pipe
- ssv
- tsv
type: string
attackSignaturesCheck:
type: boolean
checkMaxValue:
type: boolean
checkMaxValueLength:
type: boolean
checkMetachars:
type: boolean
checkMinValue:
type: boolean
checkMinValueLength:
type: boolean
checkMultipleOfValue:
type: boolean
contentProfile:
properties:
name:
type: string
type: object
dataType:
enum:
- alpha-numeric
- binary
- boolean
- decimal
- email
- integer
- none
- phone
type: string
decodeValueAsBase64:
enum:
- enabled
- disabled
- required
type: string
disallowFileUploadOfExecutables:
type: boolean
enableRegularExpression:
type: boolean
exclusiveMax:
type: boolean
exclusiveMin:
type: boolean
isCookie:
type: boolean
isHeader:
type: boolean
level:
enum:
- global
- url
type: string
maximumLength:
type: integer
metacharsOnParameterValueCheck:
type: boolean
minimumLength:
type: integer
name:
type: string
nameMetacharOverrides:
items:
properties:
isAllowed:
type: boolean
metachar:
type: string
type: object
type: array
objectSerializationStyle:
type: string
parameterEnumValues:
items:
type: string
type: array
parameterLocation:
enum:
- any
- cookie
- form-data
- header
- path
- query
type: string
regularExpression:
type: string
sensitiveParameter:
type: boolean
signatureOverrides:
items:
properties:
enabled:
type: boolean
name:
type: string
signatureId:
type: integer
tag:
type: string
type: object
type: array
staticValues:
type: string
type:
enum:
- explicit
- wildcard
type: string
valueMetacharOverrides:
items:
properties:
isAllowed:
type: boolean
metachar:
type: string
type: object
type: array
valueType:
enum:
- array
- auto-detect
- dynamic-content
- dynamic-parameter-name
- ignore
- json
- object
- openapi-array
- static-content
- user-input
- xml
type: string
type: object
urlSegmentIndex:
type: integer
type: object
type: array
protocol:
enum:
- http
- https
type: string
signatureOverrides:
items:
properties:
enabled:
type: boolean
name:
type: string
signatureId:
type: integer
tag:
type: string
type: object
type: array
type:
enum:
- explicit
- wildcard
type: string
urlContentProfiles:
items:
properties:
headerName:
type: string
headerOrder:
type: string
headerValue:
type: string
name:
type: string
type:
enum:
- apply-content-signatures
- apply-value-and-content-signatures
- disallow
- do-nothing
- form-data
- gwt
- json
- xml
type: string
type: object
type: array
wildcardOrder:
type: integer
type: object
type: array
whitelist-ips:
items:
properties:
blockRequests:
enum:
- always
- never
- policy-default
type: string
ipAddress:
pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
type: string
ipMask:
pattern: '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
type: string
type: object
type: array
whitelistIpReference:
properties:
link:
pattern: ^http
type: string
type: object
xml-profiles:
items:
properties:
attackSignaturesCheck:
type: boolean
defenseAttributes:
properties:
allowCDATA:
type: boolean
allowDTDs:
type: boolean
allowExternalReferences:
type: boolean
allowProcessingInstructions:
type: boolean
maximumAttributeValueLength:
pattern: any|\d+
type: string
maximumAttributesPerElement:
pattern: any|\d+
type: string
maximumChildrenPerElement:
pattern: any|\d+
type: string
maximumDocumentDepth:
pattern: any|\d+
type: string
maximumDocumentSize:
pattern: any|\d+
type: string
maximumElements:
pattern: any|\d+
type: string
maximumNSDeclarations:
pattern: any|\d+
type: string
maximumNameLength:
pattern: any|\d+
type: string
maximumNamespaceLength:
pattern: any|\d+
type: string
tolerateCloseTagShorthand:
type: boolean
tolerateLeadingWhiteSpace:
type: boolean
tolerateNumericNames:
type: boolean
type: object
description:
type: string
enableWss:
type: boolean
followSchemaLinks:
type: boolean
name:
type: string
type: object
type: array
xml-validation-files:
items:
properties:
contents:
type: string
fileName:
type: string
isBase64:
type: boolean
type: object
type: array
xmlProfileReference:
properties:
link:
pattern: ^http
type: string
type: object
xmlValidationFileReference:
properties:
link:
pattern: ^http
type: string
type: object
type: object
type: object
type: object
served: true
storage: true