Merge pull request #3400 from diazjf/more-modsecurity

Add Snippet for ModSecurity
2018-11-17 03:35:53 -08:00 · 2018-11-17 03:35:53 -08:00 · 442b01e5e8
commit 442b01e5e8
parent d26543aa85 95b3042b6e
5 changed files with 70 additions and 23 deletions
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -1024,9 +1024,14 @@ stream {
            {{ if (or $location.ModSecurity.Enable $all.Cfg.EnableModsecurity) }}
            modsecurity on;

-            modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
-            {{ if (or $location.ModSecurity.OWASPRules $all.Cfg.EnableOWASPCoreRules) }}
+            {{ if $location.ModSecurity.Snippet }}
+            modsecurity_rules '
+                {{ $location.ModSecurity.Snippet }}
+            ';
+            {{ else if (or $location.ModSecurity.OWASPRules $all.Cfg.EnableOWASPCoreRules) }}
            modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
+            {{ else }}
+            modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
            {{ end }}

            {{ if (not (empty $location.ModSecurity.TransactionID)) }}