combine rules

ministryofjustice · Nov 14, 2024 · 9f0dee0 · 9f0dee0
1 parent ce6716c
commit 9f0dee0
Showing 1 changed file with 3 additions and 7 deletions.
diff --git a/helm_deploy/values-base.yaml b/helm_deploy/values-base.yaml
@@ -89,13 +89,9 @@ datahub-frontend:
       nginx.ingress.kubernetes.io/enable-modsecurity: "true"
       nginx.ingress.kubernetes.io/modsecurity-snippet: |
         SecRuleEngine On
-        SecRule REQUEST_URI "@rx ^\/api\/v2\/graphql|\/api\/gms\/api\/graphql$" "id:1001,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=932100;ARGS:json.query"
-        SecRule REQUEST_URI "@rx ^\/api\/v2\/graphql|\/api\/gms\/api\/graphql$" "id:1002,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=932105;ARGS:json.query"
-        SecRule REQUEST_URI "@rx ^\/api\/v2\/graphql|\/api\/gms\/api\/graphql$" "id:1003,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=932115;ARGS:json.query"
-        SecRule REQUEST_URI "@rx ^\/api\/v2\/graphql|\/api\/gms\/api\/graphql$" "id:1004,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=932150;ARGS:json.query"
-        SecRule REQUEST_URI "@rx ^\/api\/v2\/graphql|\/api\/gms\/api\/graphql$" "id:1005,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=949110;ARGS:json.query
-        SecRule REQUEST_URI "@rx ^\/api\/gms\/entities\?action=ingest|\/api\/gms\/aspects\?action=ingestProposal$" "id:1006,phase:1,t:none,nolog,pass,ctl:ruleRemoveById=930120,ctl:ruleRemoveById=933210,ctl:ruleRemoveById=933160,ctl:ruleRemoveById=949110"
-        SecRule REQUEST_URI "@contains .profile" "id:1007,phase:1,t:lowercase,nolog,pass,ctl:ruleRemoveById=930130"
+        SecRule REQUEST_URI "@rx ^\/api\/v2\/graphql|\/api\/gms\/api\/graphql$" "id:1001,phase:2,t:none,nolog,pass,ctl:ruleRemoveById=932100,ctl:ruleRemoveById=932105,ctl:ruleRemoveById=932115,ctl:ruleRemoveById=932150,ctl:ruleRemoveById=949110;ARGS:json.query"
+        SecRule REQUEST_URI "@rx ^\/api\/gms\/entities\?action=ingest|\/api\/gms\/aspects\?action=ingestProposal$" "id:1002,phase:1,t:none,nolog,pass,ctl:ruleRemoveById=930120,ctl:ruleRemoveById=933210,ctl:ruleRemoveById=933160,ctl:ruleRemoveById=949110"
+        SecRule REQUEST_URI "@contains .profile" "id:1003,phase:1,t:lowercase,nolog,pass,ctl:ruleRemoveById=930130"
         SecDefaultAction "phase:2,pass,log,tag:github_team=data-catalogue"
         SecDefaultAction "phase:4,pass,log,tag:github_team=data-catalogue"
     tls: