DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allows ModSecurity to be configured per location

Browse source 
The following annotations will be added:

- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id

Fixes #3167
This commit is contained in:
Fernando Diaz 2018-11-03 23:14:27 -05:00
parent 17cad51e47
commit 5195600841
9 changed files with 307 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/ingress/types.go
View file

@ -20,6 +20,7 @@ import (
apiv1 "k8s.io/api/core/v1"
extensions "k8s.io/api/extensions/v1beta1"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/ingress-nginx/internal/ingress/annotations/modsecurity"
"k8s.io/ingress-nginx/internal/ingress/annotations/auth"
"k8s.io/ingress-nginx/internal/ingress/annotations/authreq"
@ -280,6 +281,9 @@ type Location struct {
// CustomHTTPErrors specifies the error codes that should be intercepted.
// +optional
CustomHTTPErrors []int `json:"custom-http-errors"`
// ModSecurity allows to enable and configure modsecurity
// +optional
ModSecurity modsecurity.Config `json:"modsecurity"`
}
// SSLPassthroughBackend describes a SSL upstream server configured