UPT: align waf options
This commit is contained in:
Desmond Ho
parent
04a89ce234
commit
bab521e81a
5 changed files with 48 additions and 59 deletions
|
|
@ -80,9 +80,9 @@ You can add these Kubernetes annotations to specific Ingress objects to customiz
|
|||
|[nginx.ingress.kubernetes.io/lua-resty-waf-debug](#lua-resty-waf)|"true" or "false"|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-ignore-rulesets](#lua-resty-waf)|string|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-extra-rules](#lua-resty-waf)|string|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-allow-unknown-content](#lua-resty-waf)|"true" or "false"|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-score](#lua-resty-waf)|number|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-disable-multipart-body](#lua-resty-waf)|"true" or "false"|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-allow-unknown-content-types](#lua-resty-waf)|"true" or "false"|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-score-threshold](#lua-resty-waf)|number|
|
||||
|[nginx.ingress.kubernetes.io/lua-resty-waf-process-multipart-body](#lua-resty-waf)|"true" or "false"|
|
||||
|[nginx.ingress.kubernetes.io/enable-influxdb](#influxdb)|"true" or "false"|
|
||||
|[nginx.ingress.kubernetes.io/influxdb-measurement](#influxdb)|string|
|
||||
|[nginx.ingress.kubernetes.io/influxdb-port](#influxdb)|string|
|
||||
|
|
@ -566,14 +566,14 @@ We can enable the following annotation for allow all contents type:
|
|||
|
||||
|
||||
```yaml
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-allow-unknown-content: "true"
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-allow-unknown-content-types: "true"
|
||||
```
|
||||
|
||||
The default score of lua-resty-waf is 5, which usually triggered if hitting 2 default rules, you can modify the score threshold with following annotation:
|
||||
|
||||
|
||||
```yaml
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-score: "10"
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-score-threshold: "10"
|
||||
```
|
||||
|
||||
When you enabled HTTPS in the endpoint and since resty-lua will return 500 error when processing "multipart" contents
|
||||
|
|
@ -581,21 +581,7 @@ Reference for this [issue](https://github.com/p0pr0ck5/lua-resty-waf/issues/166)
|
|||
You may enable the following annotation for work around:
|
||||
|
||||
```yaml
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-disable-multipart-body: "true"
|
||||
```
|
||||
|
||||
For details on how to write WAF rules, please refer to [https://github.com/p0pr0ck5/lua-resty-waf](https://github.com/p0pr0ck5/lua-resty-waf).
|
||||
|
||||
|
||||
```yaml
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-allow-unknown-content: "true"
|
||||
```
|
||||
|
||||
The default score of lua-resty-waf is 5, which usually triggered if hitting 2 default rules, you can modify the score threshold with following annotation:
|
||||
|
||||
|
||||
```yaml
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-score: "10"
|
||||
nginx.ingress.kubernetes.io/lua-resty-waf-process-multipart-body: "false"
|
||||
```
|
||||
|
||||
For details on how to write WAF rules, please refer to [https://github.com/p0pr0ck5/lua-resty-waf](https://github.com/p0pr0ck5/lua-resty-waf).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue