DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2018-05-30 11:45:09 +00:00
parent 6a5860ba2d
commit 93ffa9ba82
4 changed files with 32 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
examples/auth/basic/README/index.html
View file

@ -1057,7 +1057,8 @@
<h1 id="basic-authentication">Basic Authentication<a class="headerlink" href="#basic-authentication" title="Permanent link">&para;</a></h1> <h1 id="basic-authentication">Basic Authentication<a class="headerlink" href="#basic-authentication" title="Permanent link">&para;</a></h1>
<p>This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with <code class="codehilite">htpasswd</code>.</p> <p>This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with <code class="codehilite">htpasswd</code>.
It's important the file generated is named <code class="codehilite">auth</code> (actually - that the secret has a key <code class="codehilite">data.auth</code>), otherwise the ingress-controller returns a 503.</p>
<div class="codehilite"><pre><span></span><span class="gp">$</span> htpasswd -c auth foo <div class="codehilite"><pre><span></span><span class="gp">$</span> htpasswd -c auth foo
<span class="go">New password: &lt;bar&gt;</span> <span class="go">New password: &lt;bar&gt;</span>
<span class="go">New password:</span> <span class="go">New password:</span>

8
search/search_index.json
View file

@ -1127,12 +1127,12 @@
}, },
{ {
"location": "/user-guide/third-party-addons/modsecurity/", "location": "/user-guide/third-party-addons/modsecurity/",
"text": "ModSecurity Web Application Firewall\n\u00b6\n\n\nModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis - \nhttps://www.modsecurity.org\n\n\nThe \nModSecurity-nginx\n connector is the connection point between NGINX and libmodsecurity (ModSecurity v3).\n\n\nThe default ModSecurity configuration file is located in \n/etc/nginx/modsecurity/modsecurity.conf\n. This is the only file located in this directory and contains the default recommended configuration. Using a volume we can replace this file with the desired configuration.\nTo enable the ModSecurity feature we need to specify \nenable-modsecurity: \"true\"\n in the configuration configmap.\n\n\n\n\nNote:\n the default configuration use detection only, because that minimises the chances of post-installation disruption.\nThe file \n/var/log/modsec_audit.log\n contains the log of ModSecurity.\n\n\n\n\nThe OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.\nThe directory \n/etc/nginx/owasp-modsecurity-crs\n contains the \nhttps://github.com/SpiderLabs/owasp-modsecurity-crs repository\n.\nUsing \nenable-owasp-modsecurity-crs: \"true\"\n we enable the use of the rules.", "text": "ModSecurity Web Application Firewall\n\u00b6\n\n\nModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis - \nhttps://www.modsecurity.org\n\n\nThe \nModSecurity-nginx\n connector is the connection point between NGINX and libmodsecurity (ModSecurity v3).\n\n\nThe default ModSecurity configuration file is located in \n/etc/nginx/modsecurity/modsecurity.conf\n. This is the only file located in this directory and contains the default recommended configuration. Using a volume we can replace this file with the desired configuration.\nTo enable the ModSecurity feature we need to specify \nenable-modsecurity: \"true\"\n in the configuration configmap.\n\n\n\n\nNote:\n the default configuration use detection only, because that minimises the chances of post-installation disruption.\nThe file \n/var/log/modsec_audit.log\n contains the log of ModSecurity.\n\n\n\n\nThe OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.\nThe directory \n/etc/nginx/owasp-modsecurity-crs\n contains the \nowasp-modsecurity-crs repository\n.\nUsing \nenable-owasp-modsecurity-crs: \"true\"\n we enable the use of the rules.",
"title": "ModSecurity Web Application Firewall" "title": "ModSecurity Web Application Firewall"
}, },
{ {
"location": "/user-guide/third-party-addons/modsecurity/#modsecurity-web-application-firewall", "location": "/user-guide/third-party-addons/modsecurity/#modsecurity-web-application-firewall",
"text": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis - https://www.modsecurity.org The ModSecurity-nginx connector is the connection point between NGINX and libmodsecurity (ModSecurity v3). The default ModSecurity configuration file is located in /etc/nginx/modsecurity/modsecurity.conf . This is the only file located in this directory and contains the default recommended configuration. Using a volume we can replace this file with the desired configuration.\nTo enable the ModSecurity feature we need to specify enable-modsecurity: \"true\" in the configuration configmap. Note: the default configuration use detection only, because that minimises the chances of post-installation disruption.\nThe file /var/log/modsec_audit.log contains the log of ModSecurity. The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.\nThe directory /etc/nginx/owasp-modsecurity-crs contains the https://github.com/SpiderLabs/owasp-modsecurity-crs repository .\nUsing enable-owasp-modsecurity-crs: \"true\" we enable the use of the rules.", "text": "ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis - https://www.modsecurity.org The ModSecurity-nginx connector is the connection point between NGINX and libmodsecurity (ModSecurity v3). The default ModSecurity configuration file is located in /etc/nginx/modsecurity/modsecurity.conf . This is the only file located in this directory and contains the default recommended configuration. Using a volume we can replace this file with the desired configuration.\nTo enable the ModSecurity feature we need to specify enable-modsecurity: \"true\" in the configuration configmap. Note: the default configuration use detection only, because that minimises the chances of post-installation disruption.\nThe file /var/log/modsec_audit.log contains the log of ModSecurity. The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.\nThe directory /etc/nginx/owasp-modsecurity-crs contains the owasp-modsecurity-crs repository .\nUsing enable-owasp-modsecurity-crs: \"true\" we enable the use of the rules.",
"title": "ModSecurity Web Application Firewall" "title": "ModSecurity Web Application Firewall"
}, },
{ {
@ -1217,12 +1217,12 @@
}, },
{ {
"location": "/examples/auth/basic/README/", "location": "/examples/auth/basic/README/",
"text": "Basic Authentication\n\u00b6\n\n\nThis example shows how to add authentication in a Ingress rule using a secret that contains a file generated with \nhtpasswd\n.\n\n\n$\n htpasswd -c auth foo\n\nNew password: <bar>\n\n\nNew password:\n\n\nRe-type new password:\n\n\nAdding password for user foo\n\n\n\n\n\n\n$\n kubectl create secret generic basic-auth --from-file\n=\nauth\n\nsecret \"basic-auth\" created\n\n\n\n\n\n\n$\n kubectl get secret basic-auth -o yaml\n\napiVersion: v1\n\n\ndata:\n\n\n auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK\n\n\nkind: Secret\n\n\nmetadata:\n\n\n name: basic-auth\n\n\n namespace: default\n\n\ntype: Opaque\n\n\n\n\n\n\necho \"\n\n\napiVersion: extensions/v1beta1\n\n\nkind: Ingress\n\n\nmetadata:\n\n\n name: ingress-with-auth\n\n\n annotations:\n\n\n #\n \ntype\n of authentication\n\n nginx.ingress.kubernetes.io/auth-type: basic\n\n\n #\n name of the secret that contains the user/password definitions\n\n nginx.ingress.kubernetes.io/auth-secret: basic-auth\n\n\n #\n message to display with an appropriate context why the authentication is required\n\n nginx.ingress.kubernetes.io/auth-realm: \"Authentication Required - foo\"\n\n\nspec:\n\n\n rules:\n\n\n - host: foo.bar.com\n\n\n http:\n\n\n paths:\n\n\n - path: /\n\n\n backend:\n\n\n serviceName: http-svc\n\n\n servicePort: 80\n\n\n\" | kubectl create -f -\n\n\n\n\n\n\n$ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com'\n* Trying 10.2.29.4...\n* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)\n> GET / HTTP/1.1\n> Host: foo.bar.com\n> User-Agent: curl/7.43.0\n> Accept: */*\n>\n\n< HTTP\n/1.1\n \n401\n \nUnauthorized\n\n\n<\n \nServer:\n \nnginx/1.10.0\n\n\n<\n \nDate:\n \nWed,\n \n11\n \nMay\n \n2016\n \n05:27:23\n \nGMT\n\n\n<\n \nContent-Type:\n \ntext/html\n\n\n<\n \nContent-Length:\n \n195\n\n\n<\n \nConnection:\n \nkeep-alive\n\n\n<\n \nWWW-Authenticate:\n \nBasic\n \nrealm=\n\"Authentication Required - foo\"\n\n\n<\n\n\n<html\n>\n\n\n<head><title>\n401 Authorization Required\n</title></head>\n\n\n<body\n \nbgcolor=\n\"white\"\n>\n\n\n<center><h1>\n401 Authorization Required\n</h1></center>\n\n\n<hr><center>\nnginx/1.10.0\n</center>\n\n\n</body>\n\n\n</html>\n\n* Connection #0 to host 10.2.29.4 left intact\n\n\n\n\n\n$ curl -v http://10.2.29.4/ -H \n'Host: foo.bar.com'\n -u \n'foo:bar'\n\n* Trying \n10\n.2.29.4...\n* Connected to \n10\n.2.29.4 \n(\n10\n.2.29.4\n)\n port \n80\n \n(\n#0)\n\n* Server auth using Basic with user \n'foo'\n\n> GET / HTTP/1.1\n> Host: foo.bar.com\n> Authorization: Basic \nZm9vOmJhcg\n==\n\n> User-Agent: curl/7.43.0\n> Accept: */*\n>\n< HTTP/1.1 \n200\n OK\n< Server: nginx/1.10.0\n< Date: Wed, \n11\n May \n2016\n \n06\n:05:26 GMT\n< Content-Type: text/plain\n< Transfer-Encoding: chunked\n< Connection: keep-alive\n< Vary: Accept-Encoding\n<\nCLIENT VALUES:\n\nclient_address\n=\n10\n.2.29.4\n\ncommand\n=\nGET\nreal \npath\n=\n/\n\nquery\n=\nnil\n\nrequest_version\n=\n1\n.1\n\nrequest_uri\n=\nhttp://foo.bar.com:8080/\n\nSERVER VALUES:\n\nserver_version\n=\nnginx: \n1\n.9.11 - lua: \n10001\n\n\nHEADERS RECEIVED:\n\naccept\n=\n*/*\n\nauthorization\n=\nBasic \nZm9vOmJhcg\n==\n\n\nconnection\n=\nclose\n\nhost\n=\nfoo.bar.com\nuser-agent\n=\ncurl/7.43.0\nx-forwarded-for\n=\n10\n.2.29.1\nx-forwarded-host\n=\nfoo.bar.com\nx-forwarded-port\n=\n80\n\nx-forwarded-proto\n=\nhttp\nx-real-ip\n=\n10\n.2.29.1\nBODY:\n* Connection \n#0 to host 10.2.29.4 left intact\n\n-no body in request-", "text": "Basic Authentication\n\u00b6\n\n\nThis example shows how to add authentication in a Ingress rule using a secret that contains a file generated with \nhtpasswd\n.\nIt's important the file generated is named \nauth\n (actually - that the secret has a key \ndata.auth\n), otherwise the ingress-controller returns a 503.\n\n\n$\n htpasswd -c auth foo\n\nNew password: <bar>\n\n\nNew password:\n\n\nRe-type new password:\n\n\nAdding password for user foo\n\n\n\n\n\n\n$\n kubectl create secret generic basic-auth --from-file\n=\nauth\n\nsecret \"basic-auth\" created\n\n\n\n\n\n\n$\n kubectl get secret basic-auth -o yaml\n\napiVersion: v1\n\n\ndata:\n\n\n auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK\n\n\nkind: Secret\n\n\nmetadata:\n\n\n name: basic-auth\n\n\n namespace: default\n\n\ntype: Opaque\n\n\n\n\n\n\necho \"\n\n\napiVersion: extensions/v1beta1\n\n\nkind: Ingress\n\n\nmetadata:\n\n\n name: ingress-with-auth\n\n\n annotations:\n\n\n #\n \ntype\n of authentication\n\n nginx.ingress.kubernetes.io/auth-type: basic\n\n\n #\n name of the secret that contains the user/password definitions\n\n nginx.ingress.kubernetes.io/auth-secret: basic-auth\n\n\n #\n message to display with an appropriate context why the authentication is required\n\n nginx.ingress.kubernetes.io/auth-realm: \"Authentication Required - foo\"\n\n\nspec:\n\n\n rules:\n\n\n - host: foo.bar.com\n\n\n http:\n\n\n paths:\n\n\n - path: /\n\n\n backend:\n\n\n serviceName: http-svc\n\n\n servicePort: 80\n\n\n\" | kubectl create -f -\n\n\n\n\n\n\n$ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com'\n* Trying 10.2.29.4...\n* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)\n> GET / HTTP/1.1\n> Host: foo.bar.com\n> User-Agent: curl/7.43.0\n> Accept: */*\n>\n\n< HTTP\n/1.1\n \n401\n \nUnauthorized\n\n\n<\n \nServer:\n \nnginx/1.10.0\n\n\n<\n \nDate:\n \nWed,\n \n11\n \nMay\n \n2016\n \n05:27:23\n \nGMT\n\n\n<\n \nContent-Type:\n \ntext/html\n\n\n<\n \nContent-Length:\n \n195\n\n\n<\n \nConnection:\n \nkeep-alive\n\n\n<\n \nWWW-Authenticate:\n \nBasic\n \nrealm=\n\"Authentication Required - foo\"\n\n\n<\n\n\n<html\n>\n\n\n<head><title>\n401 Authorization Required\n</title></head>\n\n\n<body\n \nbgcolor=\n\"white\"\n>\n\n\n<center><h1>\n401 Authorization Required\n</h1></center>\n\n\n<hr><center>\nnginx/1.10.0\n</center>\n\n\n</body>\n\n\n</html>\n\n* Connection #0 to host 10.2.29.4 left intact\n\n\n\n\n\n$ curl -v http://10.2.29.4/ -H \n'Host: foo.bar.com'\n -u \n'foo:bar'\n\n* Trying \n10\n.2.29.4...\n* Connected to \n10\n.2.29.4 \n(\n10\n.2.29.4\n)\n port \n80\n \n(\n#0)\n\n* Server auth using Basic with user \n'foo'\n\n> GET / HTTP/1.1\n> Host: foo.bar.com\n> Authorization: Basic \nZm9vOmJhcg\n==\n\n> User-Agent: curl/7.43.0\n> Accept: */*\n>\n< HTTP/1.1 \n200\n OK\n< Server: nginx/1.10.0\n< Date: Wed, \n11\n May \n2016\n \n06\n:05:26 GMT\n< Content-Type: text/plain\n< Transfer-Encoding: chunked\n< Connection: keep-alive\n< Vary: Accept-Encoding\n<\nCLIENT VALUES:\n\nclient_address\n=\n10\n.2.29.4\n\ncommand\n=\nGET\nreal \npath\n=\n/\n\nquery\n=\nnil\n\nrequest_version\n=\n1\n.1\n\nrequest_uri\n=\nhttp://foo.bar.com:8080/\n\nSERVER VALUES:\n\nserver_version\n=\nnginx: \n1\n.9.11 - lua: \n10001\n\n\nHEADERS RECEIVED:\n\naccept\n=\n*/*\n\nauthorization\n=\nBasic \nZm9vOmJhcg\n==\n\n\nconnection\n=\nclose\n\nhost\n=\nfoo.bar.com\nuser-agent\n=\ncurl/7.43.0\nx-forwarded-for\n=\n10\n.2.29.1\nx-forwarded-host\n=\nfoo.bar.com\nx-forwarded-port\n=\n80\n\nx-forwarded-proto\n=\nhttp\nx-real-ip\n=\n10\n.2.29.1\nBODY:\n* Connection \n#0 to host 10.2.29.4 left intact\n\n-no body in request-",
"title": "Basic Authentication" "title": "Basic Authentication"
}, },
{ {
"location": "/examples/auth/basic/README/#basic-authentication", "location": "/examples/auth/basic/README/#basic-authentication",
"text": "This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with htpasswd . $ htpasswd -c auth foo New password: <bar> New password: Re-type new password: Adding password for user foo $ kubectl create secret generic basic-auth --from-file = auth secret \"basic-auth\" created $ kubectl get secret basic-auth -o yaml apiVersion: v1 data: auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK kind: Secret metadata: name: basic-auth namespace: default type: Opaque echo \" apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-with-auth annotations: # type of authentication nginx.ingress.kubernetes.io/auth-type: basic # name of the secret that contains the user/password definitions nginx.ingress.kubernetes.io/auth-secret: basic-auth # message to display with an appropriate context why the authentication is required nginx.ingress.kubernetes.io/auth-realm: \"Authentication Required - foo\" spec: rules: - host: foo.bar.com http: paths: - path: / backend: serviceName: http-svc servicePort: 80 \" | kubectl create -f - $ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com'\n* Trying 10.2.29.4...\n* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)\n> GET / HTTP/1.1\n> Host: foo.bar.com\n> User-Agent: curl/7.43.0\n> Accept: */*\n> < HTTP /1.1 401 Unauthorized < Server: nginx/1.10.0 < Date: Wed, 11 May 2016 05:27:23 GMT < Content-Type: text/html < Content-Length: 195 < Connection: keep-alive < WWW-Authenticate: Basic realm= \"Authentication Required - foo\" < <html > <head><title> 401 Authorization Required </title></head> <body bgcolor= \"white\" > <center><h1> 401 Authorization Required </h1></center> <hr><center> nginx/1.10.0 </center> </body> </html> \n* Connection #0 to host 10.2.29.4 left intact $ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com' -u 'foo:bar' \n* Trying 10 .2.29.4...\n* Connected to 10 .2.29.4 ( 10 .2.29.4 ) port 80 ( #0) \n* Server auth using Basic with user 'foo' \n> GET / HTTP/1.1\n> Host: foo.bar.com\n> Authorization: Basic Zm9vOmJhcg == \n> User-Agent: curl/7.43.0\n> Accept: */*\n>\n< HTTP/1.1 200 OK\n< Server: nginx/1.10.0\n< Date: Wed, 11 May 2016 06 :05:26 GMT\n< Content-Type: text/plain\n< Transfer-Encoding: chunked\n< Connection: keep-alive\n< Vary: Accept-Encoding\n<\nCLIENT VALUES: client_address = 10 .2.29.4 command = GET\nreal path = / query = nil request_version = 1 .1 request_uri = http://foo.bar.com:8080/\n\nSERVER VALUES: server_version = nginx: 1 .9.11 - lua: 10001 \n\nHEADERS RECEIVED: accept = */* authorization = Basic Zm9vOmJhcg == connection = close host = foo.bar.com\nuser-agent = curl/7.43.0\nx-forwarded-for = 10 .2.29.1\nx-forwarded-host = foo.bar.com\nx-forwarded-port = 80 \nx-forwarded-proto = http\nx-real-ip = 10 .2.29.1\nBODY:\n* Connection #0 to host 10.2.29.4 left intact \n-no body in request-", "text": "This example shows how to add authentication in a Ingress rule using a secret that contains a file generated with htpasswd .\nIt's important the file generated is named auth (actually - that the secret has a key data.auth ), otherwise the ingress-controller returns a 503. $ htpasswd -c auth foo New password: <bar> New password: Re-type new password: Adding password for user foo $ kubectl create secret generic basic-auth --from-file = auth secret \"basic-auth\" created $ kubectl get secret basic-auth -o yaml apiVersion: v1 data: auth: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK kind: Secret metadata: name: basic-auth namespace: default type: Opaque echo \" apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress-with-auth annotations: # type of authentication nginx.ingress.kubernetes.io/auth-type: basic # name of the secret that contains the user/password definitions nginx.ingress.kubernetes.io/auth-secret: basic-auth # message to display with an appropriate context why the authentication is required nginx.ingress.kubernetes.io/auth-realm: \"Authentication Required - foo\" spec: rules: - host: foo.bar.com http: paths: - path: / backend: serviceName: http-svc servicePort: 80 \" | kubectl create -f - $ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com'\n* Trying 10.2.29.4...\n* Connected to 10.2.29.4 (10.2.29.4) port 80 (#0)\n> GET / HTTP/1.1\n> Host: foo.bar.com\n> User-Agent: curl/7.43.0\n> Accept: */*\n> < HTTP /1.1 401 Unauthorized < Server: nginx/1.10.0 < Date: Wed, 11 May 2016 05:27:23 GMT < Content-Type: text/html < Content-Length: 195 < Connection: keep-alive < WWW-Authenticate: Basic realm= \"Authentication Required - foo\" < <html > <head><title> 401 Authorization Required </title></head> <body bgcolor= \"white\" > <center><h1> 401 Authorization Required </h1></center> <hr><center> nginx/1.10.0 </center> </body> </html> \n* Connection #0 to host 10.2.29.4 left intact $ curl -v http://10.2.29.4/ -H 'Host: foo.bar.com' -u 'foo:bar' \n* Trying 10 .2.29.4...\n* Connected to 10 .2.29.4 ( 10 .2.29.4 ) port 80 ( #0) \n* Server auth using Basic with user 'foo' \n> GET / HTTP/1.1\n> Host: foo.bar.com\n> Authorization: Basic Zm9vOmJhcg == \n> User-Agent: curl/7.43.0\n> Accept: */*\n>\n< HTTP/1.1 200 OK\n< Server: nginx/1.10.0\n< Date: Wed, 11 May 2016 06 :05:26 GMT\n< Content-Type: text/plain\n< Transfer-Encoding: chunked\n< Connection: keep-alive\n< Vary: Accept-Encoding\n<\nCLIENT VALUES: client_address = 10 .2.29.4 command = GET\nreal path = / query = nil request_version = 1 .1 request_uri = http://foo.bar.com:8080/\n\nSERVER VALUES: server_version = nginx: 1 .9.11 - lua: 10001 \n\nHEADERS RECEIVED: accept = */* authorization = Basic Zm9vOmJhcg == connection = close host = foo.bar.com\nuser-agent = curl/7.43.0\nx-forwarded-for = 10 .2.29.1\nx-forwarded-host = foo.bar.com\nx-forwarded-port = 80 \nx-forwarded-proto = http\nx-real-ip = 10 .2.29.1\nBODY:\n* Connection #0 to host 10.2.29.4 left intact \n-no body in request-",
"title": "Basic Authentication" "title": "Basic Authentication"
}, },
{ {

50
sitemap.xml
View file

@ -4,7 +4,7 @@
<url> <url>
<loc>/</loc> <loc>/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
@ -13,19 +13,19 @@
<url> <url>
<loc>/deploy/</loc> <loc>/deploy/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/deploy/rbac/</loc> <loc>/deploy/rbac/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/deploy/upgrade/</loc> <loc>/deploy/upgrade/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
@ -41,55 +41,55 @@
<url> <url>
<loc>/user-guide/cli-arguments/</loc> <loc>/user-guide/cli-arguments/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/custom-errors/</loc> <loc>/user-guide/custom-errors/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/default-backend/</loc> <loc>/user-guide/default-backend/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/exposing-tcp-udp-services/</loc> <loc>/user-guide/exposing-tcp-udp-services/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/external-articles/</loc> <loc>/user-guide/external-articles/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/miscellaneous/</loc> <loc>/user-guide/miscellaneous/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/multiple-ingress/</loc> <loc>/user-guide/multiple-ingress/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/nginx-status-page/</loc> <loc>/user-guide/nginx-status-page/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/user-guide/tls/</loc> <loc>/user-guide/tls/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
@ -105,19 +105,19 @@
<url> <url>
<loc>/examples/</loc> <loc>/examples/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/examples/PREREQUISITES/</loc> <loc>/examples/PREREQUISITES/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/examples/affinity/cookie/README/</loc> <loc>/examples/affinity/cookie/README/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
@ -135,37 +135,37 @@
<url> <url>
<loc>/examples/docker-registry/README/</loc> <loc>/examples/docker-registry/README/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/examples/grpc/README/</loc> <loc>/examples/grpc/README/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/examples/multi-tls/README/</loc> <loc>/examples/multi-tls/README/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/examples/rewrite/README/</loc> <loc>/examples/rewrite/README/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/examples/static-ip/README/</loc> <loc>/examples/static-ip/README/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
<url> <url>
<loc>/examples/tls-termination/README/</loc> <loc>/examples/tls-termination/README/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
@ -174,7 +174,7 @@
<url> <url>
<loc>/development/</loc> <loc>/development/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
@ -182,7 +182,7 @@
<url> <url>
<loc>/ingress-controller-catalog/</loc> <loc>/ingress-controller-catalog/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>
@ -190,7 +190,7 @@
<url> <url>
<loc>/troubleshooting/</loc> <loc>/troubleshooting/</loc>
<lastmod>2018-05-25</lastmod> <lastmod>2018-05-30</lastmod>
<changefreq>daily</changefreq> <changefreq>daily</changefreq>
</url> </url>

2
user-guide/third-party-addons/modsecurity/index.html
View file

@ -1066,7 +1066,7 @@ To enable the ModSecurity feature we need to specify <code class="codehilite">en
The file <code class="codehilite">/var/log/modsec_audit.log</code> contains the log of ModSecurity.</p> The file <code class="codehilite">/var/log/modsec_audit.log</code> contains the log of ModSecurity.</p>
</blockquote> </blockquote>
<p>The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. <p>The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
The directory <code class="codehilite">/etc/nginx/owasp-modsecurity-crs</code> contains the <a href="https://github.com/SpiderLabs/owasp-modsecurity-crs repository">https://github.com/SpiderLabs/owasp-modsecurity-crs repository</a>. The directory <code class="codehilite">/etc/nginx/owasp-modsecurity-crs</code> contains the <a href="https://github.com/SpiderLabs/owasp-modsecurity-crs">owasp-modsecurity-crs repository</a>.
Using <code class="codehilite">enable-owasp-modsecurity-crs: &quot;true&quot;</code> we enable the use of the rules.</p> Using <code class="codehilite">enable-owasp-modsecurity-crs: &quot;true&quot;</code> we enable the use of the rules.</p>