DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move mod-security logic from template to go code (#5009)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2020-02-04 14:04:11 -03:00 committed by GitHub
parent a16ed1b01f
commit b9e944a8a6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 106 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

20
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -1029,25 +1029,7 @@ stream {
set $proxy_alternative_upstream_name "";
{{ if (or $location.ModSecurity.Enable $all.Cfg.EnableModsecurity) }}
{{ if not $all.Cfg.EnableModsecurity }}
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ end }}
{{ if $location.ModSecurity.Snippet }}
modsecurity_rules '
{{ $location.ModSecurity.Snippet }}
';
{{ else if (and (not $all.Cfg.EnableOWASPCoreRules) ($location.ModSecurity.OWASPRules))}}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }}
{{ if (not (empty $location.ModSecurity.TransactionID)) }}
modsecurity_transaction_id {{ $location.ModSecurity.TransactionID | quote }};
{{ end }}
{{ end }}
{{ buildModSecurityForLocation $all.Cfg $location }}
{{ if isLocationAllowed $location }}
{{ if gt (len $location.Whitelist.CIDR) 0 }}