Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Network/ Settings
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk IDSNYK-CC-00486
- creditSnyk Research Team
Description
Out-of-date OWASP rules might not protect as effectively as more recent rule sets.
How to fix?
Set properties.webApplicationFirewallConfiguration.ruleSetType to OWASP and properties.webApplicationFirewallConfiguration.ruleSetVersion to 3.2.
Set waf_configuration.rule_set_type to OWASP and waf_configuration.rule_set_version to 3.1.
Example Configuration
resource "azurerm_application_gateway" "allowed" {
name = "example-appgateway"
resource_group_name = var.azure_owasp
location = var.azure_owasp
waf_configuration {
rule_set_type = "OWASP"
rule_set_version = "3.1"
firewall_mode = "Detection"
enabled = true
}
sku {
name = "Standard_Small"
tier = "Standard"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = var.azure_owasp
}
frontend_port {
name = var.azure_owasp
port = 80
}
frontend_ip_configuration {
name = var.azure_owasp
public_ip_address_id = var.azure_owasp
}
backend_address_pool {
name = var.azure_owasp
}
backend_http_settings {
name = var.azure_owasp
cookie_based_affinity = "Disabled"
path = "/path1/"
port = 80
protocol = "Http"
request_timeout = 60
}
http_listener {
name = var.azure_owasp
frontend_ip_configuration_name = var.azure_owasp
frontend_port_name = var.azure_owasp
protocol = "Http"
}
request_routing_rule {
name = var.azure_owasp
rule_type = "Basic"
http_listener_name = var.azure_owasp
backend_address_pool_name = var.azure_owasp
backend_http_settings_name = var.azure_owasp
}
}