disable WAF on cdh applications

the loadbalancer enabled WAF. This PR disables it on the following production pages related to #5561 Co-authored-by: Vickie Karasic <[email protected]>
pulibrary · Dec 4, 2024 · ef55376 · ef55376
1 parent 4f313e0
commit ef55376
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 6 deletions.
diff --git a/roles/nginxplus/files/conf/http/cdh_prod_derrida.conf b/roles/nginxplus/files/conf/http/cdh_prod_derrida.conf
@@ -42,8 +42,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-#        # app_protect_enable on;
-#        # app_protect_security_log_enable on;
+        app_protect_enable off;
+        app_protect_security_log_enable on;
         proxy_pass http://cdh_derrida;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_geniza.conf b/roles/nginxplus/files/conf/http/cdh_prod_geniza.conf
@@ -56,6 +56,7 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
+        app_protect_enable off;
         proxy_pass http://geniza_prod;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_prodigy.conf b/roles/nginxplus/files/conf/http/cdh_prod_prodigy.conf
@@ -62,8 +62,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-#        # app_protect_enable on;
-        # app_protect_security_log_enable on;
+        app_protect_enable off;
+        app_protect_security_log_enable on;
         proxy_pass http://prodigy;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_prosody.conf b/roles/nginxplus/files/conf/http/cdh_prod_prosody.conf
@@ -82,8 +82,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-#        # app_protect_enable on;
-        # app_protect_security_log_enable on;
+        app_protect_enable off;
+        app_protect_security_log_enable on;
         proxy_pass http://prosody;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_shakespeareandco.conf b/roles/nginxplus/files/conf/http/cdh_prod_shakespeareandco.conf
@@ -60,6 +60,7 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
+        app_protect_enable off;
         proxy_pass http://shxco_prod;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;

diff --git a/roles/nginxplus/files/conf/http/cdh_prod_web.conf b/roles/nginxplus/files/conf/http/cdh_prod_web.conf
@@ -34,6 +34,7 @@ server {
     }
 
     location /sitemap.xml {
+        app_protect_enable off;
         proxy_pass http://prod_cdhweb;
         proxy_set_header Host $http_host;
         proxy_set_header X-Forwarded-Host $host;