DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

reduce memory footprint and cpu usage when modsecurity and owasp rules are enabled globally

Browse source
This commit is contained in:
weltschraet 2019-05-16 09:09:34 +02:00 committed by Alexander Osterkamp
parent 19501b217d
commit abca32ba8e
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -137,6 +137,17 @@ http {
{{ end }}
{{ end }}
{{ if $all.Cfg.EnableModsecurity }}
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ if $all.Cfg.EnableOWASPCoreRules }}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }}
{{ end }}
{{ if $cfg.UseGeoIP }}
{{/* databases used to determine the country depending on the client IP address */}}
{{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}
@ -1102,15 +1113,17 @@ stream {
set $proxy_host $proxy_upstream_name;
{{ if (or $location.ModSecurity.Enable $all.Cfg.EnableModsecurity) }}
{{ if not $all.Cfg.EnableModsecurity }}
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ end }}
{{ if $location.ModSecurity.Snippet }}
modsecurity_rules '
{{ $location.ModSecurity.Snippet }}
';
{{ else if (or $location.ModSecurity.OWASPRules $all.Cfg.EnableOWASPCoreRules) }}
{{ else if (and ((not $all.Cfg.EnableOWASPCoreRules) $location.ModSecurity.OWASPRules))}}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }}