remove githubusercontent and amazon.com

ministryofjustice · Jan 17, 2025 · 3fe0b3a · 3fe0b3a
1 parent e9ccfb0
commit 3fe0b3a
Showing 1 changed file with 0 additions and 4 deletions.
diff --git a/terraform/account/network_firewall_rules.rules b/terraform/account/network_firewall_rules.rules
@@ -1,4 +1,3 @@
-pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; dotprefix; content:".amazon.com"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:20; rev:1;)
 pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; dotprefix; content:".lpa-store.api.opg.service.justice.gov.uk"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:30; rev:1;)
 pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; dotprefix; content:".lpa-uid.api.opg.service.justice.gov.uk"; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:40; rev:1;)
 pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"api.notifications.service.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:50; rev:1;)
@@ -10,8 +9,6 @@ pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"integration.lp
 pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"oidc.integration.account.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:110; rev:1;)
 pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"identity.integration.account.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:120; rev:1;)
 pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"publicapi.payments.service.gov.uk"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:130; rev:1;)
-pass http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"raw.githubusercontent.com"; startswith; endswith; msg:"matching HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:135; rev:1;)
-pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; dotprefix; content:".amazon.com"; nocase; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:140; rev:1;)
 pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; dotprefix; content:".lpa-store.api.opg.service.justice.gov.uk"; nocase; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:150; rev:1;)
 pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; dotprefix; content:".lpa-uid.api.opg.service.justice.gov.uk"; nocase; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:160; rev:1;)
 pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; content:"api.notifications.service.gov.uk"; startswith; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:170; rev:1;)
@@ -21,6 +18,5 @@ pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; co
 pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; content:"oidc.integration.account.gov.uk"; startswith; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:210; rev:1;)
 pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; content:"identity.integration.account.gov.uk"; startswith; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:220; rev:1;)
 pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; content:"publicapi.payments.service.gov.uk"; startswith; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:230; rev:1;)
-pass tls $HOME_NET any -> $EXTERNAL_NET any (ssl_state:client_hello; tls.sni; content:"raw.githubusercontent.com"; startswith; endswith; msg:"matching TLS allowlisted FQDNs"; priority:1; flow:to_server, established; sid:235; rev:1;)
 drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"not matching any HTTP allowlisted FQDNs"; priority:1; flow:to_server, established; sid:240; rev:1;)
 drop tls $HOME_NET any -> $EXTERNAL_NET any (msg:"not matching any TLS allowlisted FQDNs"; priority:1; ssl_state:client_hello; flow:to_server, established; sid:250; rev:1;)