DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disable Modsecurity from internal processing which affects large ingresses (#10316)

Browse source 
* Disable Modsecurity from interanl processing

* Fix modsecurity check logic
This commit is contained in:
Mark Ley 2023-08-14 10:35:21 -07:00 committed by GitHub
parent 6b05e9b06e
commit 8a578c9f4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -709,6 +709,11 @@ http {
# default server, used for NGINX healthcheck and access to nginx stats # default server, used for NGINX healthcheck and access to nginx stats
server { server {
# Ensure that modsecurity will not run on an internal location as this is not accessible from outside
{{ if $all.Cfg.EnableModsecurity }}
modsecurity off;
{{ end }}
listen 127.0.0.1:{{ .StatusPort }}; listen 127.0.0.1:{{ .StatusPort }};
set $proxy_upstream_name "internal"; set $proxy_upstream_name "internal";