rules/Azure.AppService.Rule.ps1
|
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # Validation rules for Azure App Services # # Synopsis: App Service Plan should use a minimum number of instances for failover. Rule 'Azure.AppService.PlanInstanceCount' -Ref 'AZR-000071' -Type 'Microsoft.Web/serverfarms' -If { !(IsConsumptionPlan) -and !(IsElasticPlan) } -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $Assert.GreaterOrEqual($TargetObject, 'sku.capacity', 2); } # Synopsis: Use at least a Standard App Service Plan. Rule 'Azure.AppService.MinPlan' -Ref 'AZR-000072' -Type 'Microsoft.Web/serverfarms' -If { !(IsConsumptionPlan) -and !(IsElasticPlan) } -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $Assert.In($TargetObject, 'sku.tier', @('PremiumV3', 'PremiumV2', 'Premium', 'Standard')) } # Synopsis: Use at least TLS 1.2 Rule 'Azure.AppService.MinTLS' -Ref 'AZR-000073' -Type 'Microsoft.Web/sites', 'Microsoft.Web/sites/slots' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $siteConfigs = @(GetWebSiteConfig); if ($siteConfigs.Length -eq 0) { return $Assert. HasFieldValue($TargetObject, 'properties.siteConfig.minTlsVersion', '1.2'). ReasonFrom('properties.siteConfig.minTlsVersion', $LocalizedData.MinTLSVersion, $TargetObject.properties.siteConfig.minTlsVersion); } foreach ($siteConfig in $siteConfigs) { $path = $siteConfig._PSRule.path; $Assert. HasFieldValue($siteConfig, 'properties.minTlsVersion', '1.2'). ReasonFrom('properties.minTlsVersion', $LocalizedData.MinTLSVersion, $siteConfig.properties.minTlsVersion).PathPrefix($path); } } # Synopsis: Disable remote debugging Rule 'Azure.AppService.RemoteDebug' -Ref 'AZR-000074' -Type 'Microsoft.Web/sites', 'Microsoft.Web/sites/slots' -Tag @{ release = 'GA'; ruleSet = '2020_12' } { $siteConfigs = @(GetWebSiteConfig); if ($siteConfigs.Length -eq 0) { return $Assert.HasDefaultValue($TargetObject, 'properties.siteConfig.remoteDebuggingEnabled', $False); } foreach ($siteConfig in $siteConfigs) { $path = $siteConfig._PSRule.path; $Assert.HasDefaultValue($siteConfig, 'properties.remoteDebuggingEnabled', $False).PathPrefix($path); } } # Synopsis: Configure applications to use newer .NET Framework versions. Rule 'Azure.AppService.NETVersion' -Ref 'AZR-000075' -Type 'Microsoft.Web/sites', 'Microsoft.Web/sites/slots' -Tag @{ release = 'GA'; ruleSet = '2020_12' } { $siteConfigs = @(GetWebSiteConfig | Where-Object { ![String]::IsNullOrEmpty($_.Properties.netFrameworkVersion) }) if ($siteConfigs.Length -eq 0) { return AnyOf { $Assert.HasDefaultValue($TargetObject, 'properties.siteConfig.netFrameworkVersion', 'OFF'); $Assert.Version($TargetObject, 'properties.siteConfig.netFrameworkVersion', '>=4.0'); } } foreach ($siteConfig in $siteConfigs) { $path = $siteConfig._PSRule.path; AnyOf { $Assert.HasFieldValue($siteConfig, 'properties.netFrameworkVersion', 'OFF').PathPrefix($path) $Assert.Version($siteConfig, 'properties.netFrameworkVersion', '>=4.0').PathPrefix($path) } } } # Synopsis: Configure applications to use newer PHP runtime versions. Rule 'Azure.AppService.PHPVersion' -Ref 'AZR-000076' -Type 'Microsoft.Web/sites', 'Microsoft.Web/sites/slots' -Tag @{ release = 'GA'; ruleSet = '2020_12' } { $siteConfigs = @(GetWebSiteConfig | Where-Object { ![String]::IsNullOrEmpty($_.Properties.phpVersion) }) if ($siteConfigs.Length -eq 0) { return AnyOf { $Assert.HasDefaultValue($TargetObject, 'Properties.siteConfig.phpVersion', 'OFF') $Assert.Version($TargetObject, 'Properties.siteConfig.phpVersion', '>=7.0') } } foreach ($siteConfig in $siteConfigs) { AnyOf { $Assert.HasFieldValue($siteConfig, 'Properties.phpVersion', 'OFF') $Assert.Version($siteConfig, 'Properties.phpVersion', '>=7.0') } } } # Synopsis: Configure Always On for App Service apps. Rule 'Azure.AppService.AlwaysOn' -Ref 'AZR-000077' -Type 'Microsoft.Web/sites', 'Microsoft.Web/sites/slots' -Tag @{ release = 'GA'; ruleSet = '2020_12' } { $siteConfigs = @(GetWebSiteConfig); if ($siteConfigs.Length -eq 0) { return $Assert.HasFieldValue($TargetObject, 'Properties.siteConfig.alwaysOn', $True); } foreach ($siteConfig in $siteConfigs) { $Assert.HasFieldValue($siteConfig, 'Properties.alwaysOn', $True); } } # Synopsis: Use HTTP/2 for App Service apps. Rule 'Azure.AppService.HTTP2' -Ref 'AZR-000078' -Type 'Microsoft.Web/sites', 'Microsoft.Web/sites/slots' -Tag @{ release = 'GA'; ruleSet = '2020_12'; } { $siteConfigs = @(GetWebSiteConfig); if ($siteConfigs.Length -eq 0) { return $Assert.HasFieldValue($TargetObject, 'Properties.siteConfig.http20Enabled', $True); } foreach ($siteConfig in $siteConfigs) { $Assert.HasFieldValue($siteConfig, 'Properties.http20Enabled', $True); } } #region Web Apps # Synopsis: Configure and enable instance health probes. Rule 'Azure.AppService.WebProbe' -Ref 'AZR-000079' -With 'Azure.AppService.IsWebApp' -Tag @{ release = 'GA'; ruleSet = '2022_06'; } { $siteConfigs = @(GetWebSiteConfig | Where-Object { $Assert.HasField($_, 'Properties.healthCheckPath').Result }); if ($siteConfigs.Length -eq 0) { return $Assert.HasFieldValue($TargetObject, 'Properties.siteConfig.healthCheckPath', $True); } foreach ($siteConfig in $siteConfigs) { $Assert.HasFieldValue($siteConfig, 'Properties.healthCheckPath'); } } # Synopsis: Web apps should use a dedicated health check path. Rule 'Azure.AppService.WebProbePath' -Ref 'AZR-000080' -With 'Azure.AppService.IsWebApp' -Tag @{ release = 'GA'; ruleSet = '2022_06'; } { $siteConfigs = @(GetWebSiteConfig | Where-Object { $Assert.HasField($_, 'Properties.healthCheckPath').Result }); if ($siteConfigs.Length -eq 0) { return $Assert.Greater($TargetObject, 'Properties.siteConfig.healthCheckPath', 1); } foreach ($siteConfig in $siteConfigs) { $Assert.Greater($siteConfig, 'Properties.healthCheckPath', 1); } } # Synopsis: Web apps should disable insecure FTP and configure SFTP when required. Rule 'Azure.AppService.WebSecureFtp' -Ref 'AZR-000081' -With 'Azure.AppService.IsWebApp' -Tag @{ release = 'GA'; ruleSet = '2022_06'; } { $siteConfigs = @(GetWebSiteConfig | Where-Object { $Assert.HasField($_, 'Properties.ftpsState').Result }); if ($siteConfigs.Length -eq 0) { return $Assert.In($TargetObject, 'Properties.siteConfig.ftpsState', @( 'FtpsOnly' 'Disabled' )); } foreach ($siteConfig in $siteConfigs) { $Assert.In($siteConfig, 'Properties.ftpsState', @( 'FtpsOnly' 'Disabled' )); } } #endregion Web Apps #region Helper functions function global:IsConsumptionPlan { [CmdletBinding()] param () process { return ( $TargetObject.sku.Name -eq 'Y1' -or $TargetObject.sku.Tier -eq 'Dynamic' ); } } function global:IsElasticPlan { [CmdletBinding()] param () process { return ( $TargetObject.sku.Name -like 'EP*' -or $TargetObject.sku.Tier -eq 'ElasticPremium' -or $TargetObject.kind -eq 'elastic' ); } } function global:GetWebSiteConfig { [CmdletBinding()] param () process { $siteConfigs = @(GetSubResources -ResourceType 'Microsoft.Web/sites/config', 'Microsoft.Web/sites/slots/config' | Where-Object { $_.Name -notlike "*/*" -or $_.Name -like "*/web" -or $_.Id -like "*/web" }) $siteConfigs; } } #endregion Helper functions # SIG # Begin signature block # MIInrAYJKoZIhvcNAQcCoIInnTCCJ5kCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD3eB+icXc+vayB # SY622g3xx2JoD7YWwg0VRXtqdT3S7KCCDXYwggX0MIID3KADAgECAhMzAAACy7d1 # OfsCcUI2AAAAAALLMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjIwNTEyMjA0NTU5WhcNMjMwNTExMjA0NTU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC3sN0WcdGpGXPZIb5iNfFB0xZ8rnJvYnxD6Uf2BHXglpbTEfoe+mO//oLWkRxA # wppditsSVOD0oglKbtnh9Wp2DARLcxbGaW4YanOWSB1LyLRpHnnQ5POlh2U5trg4 # 3gQjvlNZlQB3lL+zrPtbNvMA7E0Wkmo+Z6YFnsf7aek+KGzaGboAeFO4uKZjQXY5 # RmMzE70Bwaz7hvA05jDURdRKH0i/1yK96TDuP7JyRFLOvA3UXNWz00R9w7ppMDcN # lXtrmbPigv3xE9FfpfmJRtiOZQKd73K72Wujmj6/Su3+DBTpOq7NgdntW2lJfX3X # a6oe4F9Pk9xRhkwHsk7Ju9E/AgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUrg/nt/gj+BBLd1jZWYhok7v5/w4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzQ3MDUyODAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAJL5t6pVjIRlQ8j4dAFJ # ZnMke3rRHeQDOPFxswM47HRvgQa2E1jea2aYiMk1WmdqWnYw1bal4IzRlSVf4czf # zx2vjOIOiaGllW2ByHkfKApngOzJmAQ8F15xSHPRvNMmvpC3PFLvKMf3y5SyPJxh # 922TTq0q5epJv1SgZDWlUlHL/Ex1nX8kzBRhHvc6D6F5la+oAO4A3o/ZC05OOgm4 # EJxZP9MqUi5iid2dw4Jg/HvtDpCcLj1GLIhCDaebKegajCJlMhhxnDXrGFLJfX8j # 7k7LUvrZDsQniJZ3D66K+3SZTLhvwK7dMGVFuUUJUfDifrlCTjKG9mxsPDllfyck # 4zGnRZv8Jw9RgE1zAghnU14L0vVUNOzi/4bE7wIsiRyIcCcVoXRneBA3n/frLXvd # jDsbb2lpGu78+s1zbO5N0bhHWq4j5WMutrspBxEhqG2PSBjC5Ypi+jhtfu3+x76N # mBvsyKuxx9+Hm/ALnlzKxr4KyMR3/z4IRMzA1QyppNk65Ui+jB14g+w4vole33M1 # pVqVckrmSebUkmjnCshCiH12IFgHZF7gRwE4YZrJ7QjxZeoZqHaKsQLRMp653beB # fHfeva9zJPhBSdVcCW7x9q0c2HVPLJHX9YCUU714I+qtLpDGrdbZxD9mikPqL/To # /1lDZ0ch8FtePhME7houuoPcMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGYwwghmIAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAALLt3U5+wJxQjYAAAAAAsswDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINwHG5gi16YQQUe1BvEOL2Q4 # WRarYYwR0fP4OWil7WeFMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEATFkGZr3gr72Q/h2PWdLLXEhc6pyeC2SzEF2Cy0tF2Kn3cwiUCiVvxmGN # GeiqWW4eSvKXDrFpWck3OazXYv9tGyvvrzrdQdFxHoYMUqX88vQOwmw1ig8TH+MU # c0kv3MzgxtX9i3nY4xAoX0M6xkcK1Fayvvo2abUzKI93/zIhMiVGmyr6Rg2jPP12 # H3hvw2Ge7ByPav7pkFnld8i7mSoesNlNeqEKrIOg75lBJRn+N9fVERyK0PG8RWny # hVjDL5KYCQlIK7IGsYcQFWFvIsRRuWFA5mWO8rQsZs12ZACguXUOGKbBltH3p6DF # uIBERcl0WWHGu4Pg/SAlQmS0P3swsKGCFxYwghcSBgorBgEEAYI3AwMBMYIXAjCC # Fv4GCSqGSIb3DQEHAqCCFu8wghbrAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsq # hkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCDuqBBWRg15Zwz8x0d9C8gr8Uw0+KnU/MwCZR2fxIeyIQIGYxFgM7mW # GBMyMDIyMDkwNDEyMDczNC4xOTVaMASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO # OjJBRDQtNEI5Mi1GQTAxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNloIIRZTCCBxQwggT8oAMCAQICEzMAAAGGeOUZifgkS8wAAQAAAYYwDQYJ # KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjEx # MDI4MTkyNzM5WhcNMjMwMTI2MTkyNzM5WjCB0jELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl # cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjoyQUQ0LTRC # OTItRkEwMTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMCNxtlqb+geCIwH64HyaZ3T # zj2DtWHfPr5X6CMTFt4HQg0/syG2n4NeKTrtLdHpFEMetKez2nR+Do56jSBNaupX # R/Z7Y9YCHZeB6uK3RB02eiRXRNuA0m1aKqkfkeCMOMNxj233NkN5H8shco/gzoZg # lsPxWYk1U5U+G3Xo8gFuq/yZ+H698S4274SE2ra9+lcss4ENGOFq+9x94FHC42Lt # Koh7rQw2+vqfsgwRpihc5zlvMFbew/rtlRCaBOiZStBKVS2brHUs4XnLlMCV8W9r # soAGV5bGv3x5cFvWJ5QajByfopvR7iuV+MfP+QeXZLiKF+ZVhoxTGw9gOi7vz5lA # eIStAheRtWGlLQazBO9wwCpMqZO0hJtwZSV8GPxq1aF1mFBhB8n65C5MLNEaBDKa # CBIHm2TSqo0cp0SYEeHzwiqxIcBIk0wHOA1xnIuBxzpuuBENYP0gxzBaiClUsaFG # 5Bm3SjSh4ZmobiKwMuMHvbO62SbJL3mWGYg5rQLQbf4EKI8W2dbzvQtdUrYZK5pJ # EzC0H/XA85VRAXruiph19ks3uoIJ3tyOHMv+SFC5x2d6zOGaSXNLNiqRix2laxEM # uMf5gJ+MmmH4Hh9zBAFpFY8v6kw4enAwhf4Ms902kA7bxZwCu9C6rWxLwT3QaXgh # v4ZPZdJWmM8IsshmPx6jAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQUGbajRQPvZnRL # v4d91IRzDesIXC4wHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD # VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG # CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN # BgkqhkiG9w0BAQsFAAOCAgEAw+5noSWN30xyguIY/sAVgfOeOLmiYjDCB54SvTjU # zO1a2k2M8dFP03CyeoMcNbUczObrvJLMCTZRzae0XnbAIsL4lUGVfQC/CG2USyU8 # DXoQsJPgVXGNoId2RmZsfLmrT2a0bnsoYU0w9j7xVS638IdpYgxv3RDzSB0yo+/Q # 5RHDyFqDglKe6dDkTMEPeZFWom6V/Pab44T5dhZtAgTt6V1yYNG8naUOXQw07/6m # 9PlmBf7zVRFPzKDBEKpVFlrlxAk6sek2sibiyerlOyuUMk5EP5duCIRow83+QBGT # qyDWM5FlcjX1DqSMZyrFkwTdoo6Wf07p+aq5qPbzSA09JaG4J7pWntezWhDvaIhC # SR9bUN+d3YbkYvgNND0e/NYmJcxeSVNQ6xHxMjcfAloBEYvdCyrGIIWQQg40Nw4i # Y31GS6jjXh6yX3Joc+f235vPmgGlD6WRXj9INCKJ3elzZOGImG1jxaKH3NC8HKkg # C7biAMs+n93flGmWbKeNVOIQiKBo+oaAyLlPN/W6P5mfwIBEsBsSF7NIGVOgPtqi # FHutEHQPevcFks7nCjorJ4PRwkmSxdXanN0FGsK9AtFONe/OCqPb3JABt2pMGLlR # nLOoTP0qhIaHvYx8HuF6fNQq0wdZffhCHbpAmz9JMs8dFmc7Xnogzea3YokEfZgS # bpYwggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEB # CwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYD # VQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAe # Fw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGm # TOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/H # ZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDc # wUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62A # W36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1w # jjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCG # MFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ # 1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP # 8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFz # ymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHz # NgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3 # xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsG # AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/ # LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEG # DCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYB # BQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8G # A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQw # VgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9j # cmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUF # BwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQEL # BQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfC # cTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AF # vonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l # 9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn # 8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5m # O0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyx # TkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4 # S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9 # y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM # +Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhw # RNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIC1DCCAj0C # AQEwggEAoYHYpIHVMIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0 # ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjJBRDQtNEI5Mi1GQTAxMSUwIwYD # VQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoD # FQABrtg0c1pCpY5l8kl9ZKKxy+HzJ6CBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBBQUAAgUA5r6BkTAiGA8yMDIyMDkwNDA5 # NDQ0OVoYDzIwMjIwOTA1MDk0NDQ5WjB0MDoGCisGAQQBhFkKBAExLDAqMAoCBQDm # voGRAgEAMAcCAQACAg6zMAcCAQACAhGFMAoCBQDmv9MRAgEAMDYGCisGAQQBhFkK # BAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJ # KoZIhvcNAQEFBQADgYEAfU/x/A4HHLBPVHkq6q7XUe9rcs4mSKSyi96Z7VGErSFh # 7Xg8+x+YJ4yAHNx+0MPxYMa7Jgo34thy9jZrF0y6/rf2OPWJATsTLd+PCX/KTi2r # PwdMFrJVVnjtfpt3e14447laR6wNh4RbOISbhtMZR20VjfCJjAq/Dx7aZdstsD4x # ggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAA # AYZ45RmJ+CRLzAABAAABhjANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkD # MQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCBxsh79p+sA4U0CQ0DEa0VD # +73V4LOLJAWu69sOZHxNiDCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIBqZ # iOCyLAhUxomMn0QEe5uxWtoLsVTSMNe5nAIqvEJ+MIGYMIGApH4wfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGGeOUZifgkS8wAAQAAAYYwIgQgaEBx # PYVf87QZ1vjSPDu0xPZhg8/duQ1bfpdwrVxSCAYwDQYJKoZIhvcNAQELBQAEggIA # tU3Ac6+oUnNgY/pLxN2IQYVg86XU99/BlP3yyRGcFYIxu9C3WF/CsdZ7+6Fee3o1 # loDdQySAUoU7F2AfYU6ZvA3hQ/PGX7hnsx9iEu0CFOryCZfXBQmFnE8CSH0gTnbp # lCxT7dG8b4H36QPPZnfXBA/Rhq4qRz/d7CgiYvYmX6JUaWXF3wi5NjMtjSVN5sOo # aWu8N1Y3F43pGYPopd6VW6qPJUYxPBN5pIlYNJYXfjDR/XjaKbGl/oBHXPnvupOG # Yh2HKtgBI1L0Qfx2HTH227bktbRyPkmrnifwQqdCSM2RRAP8xKV4f8UROUlR26ap # M7wumG/1nKuqQ86tbbLtn1US/BuUwOE99Hylhobx11ypE2N2CoU4Zqmdj/DuBfb0 # /Leu103j3gU25adI/XvNPWcfTwY8Tczzr10ydQ1e+/2gM0xZrOEXCS6AfhA3V+Ap # OFL84lnMSEtRGOnfsnrY3DqKMY2leNbzDvA+KD/wvjkiu9OLPzRKrG1pnF00eaC3 # ZVVeg5j1pk1OJvKpvTWDikIqXstzNo0Kf5B5FXlYTx6YX9qnJJrigXfgH3i0kJ1+ # 78HpiJBWCIc9VCM9NnDh8Gv3kvC5R3BvekLe6caSsu8cmeVoAbS1AsoFW+I76qeV # 2Baa0ILdIKEsaaS2Puz/tb2IEnJWrLo092Z0Zx6d61Q= # SIG # End signature block |