admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c31d574176f2b9e6f8d4fe573a24e7192f808e84
nuclei-templates/cloud/aws/cloudfront/cloudfront-viewer-policy.yaml
ghost c31d574176 chore: update TemplateMan 🤖
2025-05-27 02:29:19 +00:00

62 lines
2.2 KiB
YAML
Raw Blame History

id: cloudfront-viewer-policy
info:
name: CloudFront Viewer Protocol Policy
author: DhiyaneshDK
severity: medium
description: |
Ensure that the communication between your Amazon CloudFront distribution and its viewers is encrypted using HTTPS in order to secure the delivery of your web content.
impact: |
Failing to enforce HTTPS for viewer connections in CloudFront can expose web content to interception and manipulation, compromising the security and integrity of sensitive data transmitted between users and the distribution
remediation: |
Configure your Amazon CloudFront distribution's viewer protocol policy to either redirect HTTP requests to HTTPS or require HTTPS connections exclusively, ensuring secure delivery of web content and protecting against potential data breaches.
reference:
- https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/viewer-protocol-policy.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html
metadata:
max-request: 2
tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config
variables:
region: "us-west-2"
flow: |
code(1)
for(let DistributionListItemsId of iterate(template.distributions)){
set("distribution", DistributionListItemsId)
code(2)
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json
extractors:
- type: json
name: distributions
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
aws cloudfront get-distribution-config --id $distribution --query 'DistributionConfig.CacheBehaviors.Items[*].ViewerProtocolPolicy' --output json --region $region
matchers:
- type: word
words:
- '"allow-all"'
extractors:
- type: dsl
dsl:
- '"CloudFront Viewer Policy " + distribution + " allows all"'
# digest: 490a004630440220768d2a4c15a0516365ef4fe8d25f47e5c0f96c483617c859a77548cfe800ff5202204ab9615b2800dec6a7b7118656bad06d1f33ec1a43040081e0fc53d622215b36:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink