From f9b6e70d01a2c4edb779511878ab189b3717cf45 Mon Sep 17 00:00:00 2001
From: besha100 <36448614+besha100@users.noreply.github.com>
Date: Wed, 8 Dec 2021 13:45:58 +0100
Subject: [PATCH] Disabled default modsecurity_rules_file if
 modsecurity-snippet is specifed

The default modsecurity_rules_file overwrites the ModSecurity-snippet if it is specified with custom config settings like "SecRuleEngine On". This will not let Modsecurity be in blocking mode even if "SecRuleEngine On" is specified in the ModSecurity-snippet configuration
---
 rootfs/etc/nginx/template/nginx.tmpl | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index c6e978ffe..c71c22a73 100755
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -154,9 +154,12 @@ http {
       {{ $all.Cfg.ModsecuritySnippet }}
     ';
     {{ end }}
-
+    
+    {{ if (not (empty $all.Cfg.ModsecuritySnippet)) }}
+    # modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
+    {{ else }}
     modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
-
+    {{ end }}
     {{ if $all.Cfg.EnableOWASPCoreRules }}
     modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
     {{ end }}