Allows ModSecurity to be configured per location

The following annotations will be added: - enable-modsecurity - enable-owasp-core-rules - modsecurity-transaction-id Fixes #3167
2018-11-03 23:14:27 -05:00 · 2018-11-03 23:14:27 -05:00 · 5195600841
commit 5195600841
parent 17cad51e47
9 changed files with 307 additions and 7 deletions
--- a/internal/ingress/annotations/annotations.go
+++ b/internal/ingress/annotations/annotations.go
@ -20,6 +20,7 @@ import (
 	"github.com/golang/glog"
 	"github.com/imdario/mergo"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/canary"
+	"k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity"
 	"k8s.io/ingress-nginx/internal/ingress/annotations/sslcipher"

 	apiv1 "k8s.io/api/core/v1"
@ -98,6 +99,7 @@ type Ingress struct {
 	Logs                 log.Config
 	LuaRestyWAF          luarestywaf.Config
 	InfluxDB             influxdb.Config
+	ModSecurity          modsecurity.Config
 }

 // Extractor defines the annotation parsers to be used in the extraction of annotations
@ -140,6 +142,7 @@ func NewAnnotationExtractor(cfg resolver.Resolver) Extractor {
 			"LuaRestyWAF":          luarestywaf.NewParser(cfg),
 			"InfluxDB":             influxdb.NewParser(cfg),
 			"BackendProtocol":      backendprotocol.NewParser(cfg),
+			"ModSecurity":          modsecurity.NewParser(cfg),
 		},
 	}
 }