DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allows ModSecurity to be configured per location

Browse source 
The following annotations will be added:

- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id

Fixes #3167
This commit is contained in:
Fernando Diaz 2018-11-03 23:14:27 -05:00
parent 17cad51e47
commit 5195600841
9 changed files with 307 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/ingress/controller/controller.go
View file

@ -355,6 +355,7 @@ func (n *NGINXController) getBackendServers(ingresses []*extensions.Ingress) ([]
loc.DefaultBackend = anns.DefaultBackend
loc.BackendProtocol = anns.BackendProtocol
loc.CustomHTTPErrors = anns.CustomHTTPErrors
loc.ModSecurity = anns.ModSecurity
if loc.Redirect.FromToWWW {
server.RedirectFromToWWW = true
@ -396,6 +397,7 @@ func (n *NGINXController) getBackendServers(ingresses []*extensions.Ingress) ([]
DefaultBackend: anns.DefaultBackend,
BackendProtocol: anns.BackendProtocol,
CustomHTTPErrors: anns.CustomHTTPErrors,
ModSecurity: anns.ModSecurity,
}
if loc.Redirect.FromToWWW {
@ -848,6 +850,7 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
defLoc.LuaRestyWAF = anns.LuaRestyWAF
defLoc.InfluxDB = anns.InfluxDB
defLoc.BackendProtocol = anns.BackendProtocol
defLoc.ModSecurity = anns.ModSecurity
} else {
glog.V(3).Infof("Ingress %q defines both a backend and rules. Using its backend as default upstream for all its rules.",
ingKey)