diff --git a/environments/prod/prod.tfvars b/environments/prod/prod.tfvars index bcb6708ff..a092d7875 100644 --- a/environments/prod/prod.tfvars +++ b/environments/prod/prod.tfvars @@ -2681,11 +2681,159 @@ frontends = [ { product = "fact" name = "fact-admin" - mode = "Detection" + mode = "Prevention" custom_domain = "admin.find-court-tribunal.service.gov.uk" dns_zone_name = "find-court-tribunal.service.gov.uk" backend_domain = ["firewall-prod-int-palo-cftprod.uksouth.cloudapp.azure.com"] certificate_name = "find-court-tribunal-service-gov-uk" + + global_exclusions = [ + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "connect.sid" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "cookies_policy" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "__auth-token" + }, + { + match_variable = "QueryStringArgNames" + operator = "Equals" + selector = "iss" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "rxVisitor" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "_ga" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "_gid" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "_gat" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "dtCookie" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "dtLatC" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "dtPC" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "dtSa" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "rxVisitor" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "rxvt" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "i18next" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "fact-cookie-preferences" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "_oauth2_proxy" + }, + { + match_variable = "RequestCookieNames" + operator = "Equals" + selector = "auth_verification" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "info" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "Equals" + selector = "types" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "areaOfLaw" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "courtFacilities" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "alert" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "sc_intro_paragraph" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "Equals" + selector = "name" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "localAuthorities" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "progression" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "additionalLinks" + }, + { + match_variable = "RequestBodyPostArgNames" + operator = "StartsWith" + selector = "secondaryAddress" + } + ] }, { product = "fact-redirect"