DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add a Snippet for ModSecurity

Browse source 
Allows for the configuration of Mod Security rules via
a Snippet.
This commit is contained in:
Fernando Diaz 2018-11-14 19:24:57 -06:00
parent a22c656f30
commit 95b3042b6e
5 changed files with 70 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

26
test/e2e/annotations/modsecurity.go
View file

@ -31,7 +31,6 @@ var _ = framework.IngressNginxDescribe("Annotations - ModSecurityLocation", func
})
AfterEach(func() {
f.UpdateNginxConfigMapData("enable-modsecurity", "false")
})
It("should enable modsecurity", func() {
@ -42,8 +41,6 @@ var _ = framework.IngressNginxDescribe("Annotations - ModSecurityLocation", func
"nginx.ingress.kubernetes.io/enable-modsecurity": "true",
}
f.UpdateNginxConfigMapData("enable-modsecurity", "true")
ing := framework.NewSingleIngress(host, "/", host, nameSpace, "http-svc", 80, &annotations)
f.EnsureIngress(ing)
@ -64,8 +61,6 @@ var _ = framework.IngressNginxDescribe("Annotations - ModSecurityLocation", func
"nginx.ingress.kubernetes.io/modsecurity-transaction-id": "modsecurity-$request_id",
}
f.UpdateNginxConfigMapData("enable-modsecurity", "true")
ing := framework.NewSingleIngress(host, "/", host, nameSpace, "http-svc", 80, &annotations)
f.EnsureIngress(ing)
@ -85,8 +80,6 @@ var _ = framework.IngressNginxDescribe("Annotations - ModSecurityLocation", func
"nginx.ingress.kubernetes.io/enable-modsecurity": "false",
}
f.UpdateNginxConfigMapData("enable-modsecurity", "false")
ing := framework.NewSingleIngress(host, "/", host, nameSpace, "http-svc", 80, &annotations)
f.EnsureIngress(ing)
@ -95,4 +88,23 @@ var _ = framework.IngressNginxDescribe("Annotations - ModSecurityLocation", func
return !strings.Contains(server, "modsecurity on;")
})
})
It("should enable modsecurity with snippet", func() {
host := "modsecurity.foo.com"
nameSpace := f.IngressController.Namespace
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-modsecurity": "true",
"nginx.ingress.kubernetes.io/modsecurity-snippet": "SecRuleEngine On",
}
ing := framework.NewSingleIngress(host, "/", host, nameSpace, "http-svc", 80, &annotations)
f.EnsureIngress(ing)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "modsecurity on;") &&
strings.Contains(server, "SecRuleEngine On")
})
})
})