DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allows ModSecurity to be configured per location

Browse source 
The following annotations will be added:

- enable-modsecurity
- enable-owasp-core-rules
- modsecurity-transaction-id

Fixes #3167
This commit is contained in:
Fernando Diaz 2018-11-03 23:14:27 -05:00
parent 17cad51e47
commit 5195600841
9 changed files with 307 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -16,9 +16,7 @@ pid /tmp/nginx.pid;
load_module /etc/nginx/modules/ngx_http_geoip2_module.so;
{{ end }}
{{ if $cfg.EnableModsecurity }}
load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
{{ end }}
{{ if $cfg.EnableOpentracing }}
load_module /etc/nginx/modules/ngx_http_opentracing_module.so;
@ -1020,13 +1018,17 @@ stream {
{{ end }}
{{ end }}
{{ if $all.Cfg.EnableModsecurity }}
{{ if (or $location.ModSecurity.Enable $all.Cfg.EnableModsecurity) }}
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ if $all.Cfg.EnableOWASPCoreRules }}
{{ if (or $location.ModSecurity.OWASPRules $all.Cfg.EnableOWASPCoreRules) }}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }}
{{ if (not (empty $location.ModSecurity.TransactionID)) }}
modsecurity_transaction_id "{{ $location.ModSecurity.TransactionID }}";
{{ end }}
{{ end }}
{{ if isLocationAllowed $location }}