Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Refactor # From Outside Country Detection #661

Open
3 tasks
bryan-robitaille opened this issue May 10, 2024 · 1 comment
Open
3 tasks

Refactor # From Outside Country Detection #661

bryan-robitaille opened this issue May 10, 2024 · 1 comment
Labels
Core security

Comments

@bryan-robitaille
Copy link
Contributor

Leverage the ability of the WAF to inject headers into a request so that the Application is aware the request is from outside the country and can trigger alerts as required.

Acceptance Criteria:

  • WAF adds specific header to the request when the request is detected from outside of the accepted Geo Zone.
  • Application verifies header during the JWT callback to ensure that any authenticated action is done from within the accepted Geo Zone.
  • Application produces different alarms based on forbidden action:
    • # at Cognito Level from outside Geo Zone
    • Sigin In Mfa level from outside Geo Zone
    • Authenticated action from outside Geo Zone.
@srtalbot
Copy link

Could we also provide the email address of the user in the alarm? Addresses coming from Global Affairs Canada would have a legitimate reason for logging in, whereas email domains from TBS would not.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Core security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@srtalbot @bryan-robitaille