disable WAF on cdh applications (#5584)

the loadbalancer enabled WAF. This PR disables it on CDH production sites related to #5561 Co-authored-by: Vickie Karasic <[email protected]>
pulibrary · Dec 4, 2024 · 61dfddc · 61dfddc
1 parent 79793cf
commit 61dfddc
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 7 deletions.
diff --git a/roles/nginxplus/files/conf/http/cdh_prod_derrida.conf b/roles/nginxplus/files/conf/http/cdh_prod_derrida.conf
@@ -42,8 +42,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-#        # app_protect_enable on;
-#        # app_protect_security_log_enable on;
+        app_protect_enable off;
+        app_protect_security_log_enable on;
         proxy_pass http://cdh_derrida;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_geniza.conf b/roles/nginxplus/files/conf/http/cdh_prod_geniza.conf
@@ -56,6 +56,7 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
+        app_protect_enable off;
         proxy_pass http://geniza_prod;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_prodigy.conf b/roles/nginxplus/files/conf/http/cdh_prod_prodigy.conf
@@ -62,8 +62,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-#        # app_protect_enable on;
-        # app_protect_security_log_enable on;
+        app_protect_enable off;
+        app_protect_security_log_enable on;
         proxy_pass http://prodigy;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_prosody.conf b/roles/nginxplus/files/conf/http/cdh_prod_prosody.conf
@@ -82,8 +82,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-#        # app_protect_enable on;
-        # app_protect_security_log_enable on;
+        app_protect_enable off;
+        app_protect_security_log_enable on;
         proxy_pass http://prosody;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_shakespeareandco.conf b/roles/nginxplus/files/conf/http/cdh_prod_shakespeareandco.conf
@@ -60,6 +60,7 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
+        app_protect_enable off;
         proxy_pass http://shxco_prod;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_web.conf b/roles/nginxplus/files/conf/http/cdh_prod_web.conf
@@ -34,6 +34,7 @@ server {
     }
 
     location /sitemap.xml {
+        app_protect_enable off;
         proxy_pass http://prod_cdhweb;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/lib-solr8-prod.conf b/roles/nginxplus/files/conf/http/lib-solr8-prod.conf
@@ -17,11 +17,11 @@ upstream lib-solr8-prod {
 server {
     listen 8983;
     server_name lib-solr8-prod.princeton.edu;
-    app_protect_enable off;
 
     client_max_body_size 0;
 
     location / {
+        app_protect_enable off;
         proxy_pass http://lib-solr8-prod;
         proxy_cache_methods POST;
         proxy_set_header Connection "";

diff --git a/roles/nginxplus/files/conf/http/lib-solr9-prod.conf b/roles/nginxplus/files/conf/http/lib-solr9-prod.conf
@@ -21,6 +21,7 @@ server {
     client_max_body_size 0;
 
     location / {
+        app_protect_enable off;
         proxy_pass http://lib-solr9-prod;
         proxy_cache_methods POST;
         proxy_set_header Connection "";