DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable modsecurity feature

Browse source
This commit is contained in:
Manuel de Brito Fontes 2017-10-08 11:52:02 -03:00
parent 63155ee5bd
commit 7632465ce3
5 changed files with 45 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -6,6 +6,11 @@
{{ $backends := .Backends }}
{{ $proxyHeaders := .ProxySetHeaders }}
{{ $addHeaders := .AddHeaders }}
{{ if $cfg.EnableModsecurity }}
load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
{{ end }}
daemon off;
worker_processes {{ $cfg.WorkerProcesses }};
@ -655,10 +660,7 @@ stream {
set $target {{ $location.ExternalAuth.URL }};
proxy_pass $target;
}
{{ end }}
location {{ $path }} {
{{ if $all.Cfg.EnableVtsStatus }}{{ if $location.VtsFilterKey }} vhost_traffic_status_filter_by_set_key {{ $location.VtsFilterKey }};{{ end }}{{ end }}
@ -677,6 +679,15 @@ stream {
}
{{ end }}
{{ if $all.Cfg.EnableModsecurity }}
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ if $all.Cfg.EnableOWASPCoreRules }}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }}
{{ end }}
{{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }}
if ({{ buildDenyVariable (print $server.Hostname "_" $path) }}) {
@ -821,6 +832,7 @@ stream {
return 503;
{{ end }}
}
{{ end }}
{{ if eq $server.Hostname "_" }}