Fix the ability to disable ModSecurity at location level
- Adds 'modsecurity off;' to the nginx config if the 'enable-modsecurity' annotation is set to false. - Update tests and e2e tests accordingly Signed-off-by: Bhavin Gandhi <bhavin7392@gmail.com>
This commit is contained in:
Bhavin Gandhi
parent
8f4d5f8b34
commit
380ef3a92c
5 changed files with 84 additions and 27 deletions
|
|
@ -1345,14 +1345,15 @@ func shouldLoadOpentracingModule(c interface{}, s interface{}) bool {
|
|||
|
||||
func buildModSecurityForLocation(cfg config.Configuration, location *ingress.Location) string {
|
||||
isMSEnabledInLoc := location.ModSecurity.Enable
|
||||
isMSEnableSetInLoc := location.ModSecurity.EnableSet
|
||||
isMSEnabled := cfg.EnableModsecurity
|
||||
|
||||
if !isMSEnabled && !isMSEnabledInLoc {
|
||||
return ""
|
||||
}
|
||||
|
||||
if !isMSEnabledInLoc {
|
||||
return ""
|
||||
if isMSEnableSetInLoc && !isMSEnabledInLoc {
|
||||
return "modsecurity off;"
|
||||
}
|
||||
|
||||
var buffer bytes.Buffer
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue