DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disabled default modsecurity_rules_file if modsecurity-snippet is specifed

Browse source 
The default modsecurity_rules_file overwrites the ModSecurity-snippet if it is specified with custom config settings like "SecRuleEngine On". This will not let Modsecurity be in blocking mode even if "SecRuleEngine On" is specified in the ModSecurity-snippet configuration
This commit is contained in:
besha100 2021-12-08 13:45:58 +01:00 committed by GitHub
parent 84db822a94
commit f9b6e70d01
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -154,9 +154,12 @@ http {
{{ $all.Cfg.ModsecuritySnippet }} {{ $all.Cfg.ModsecuritySnippet }}
'; ';
{{ end }} {{ end }}
{{ if (not (empty $all.Cfg.ModsecuritySnippet)) }}
# modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ else }}
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf; modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ end }}
{{ if $all.Cfg.EnableOWASPCoreRules }} {{ if $all.Cfg.EnableOWASPCoreRules }}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf; modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }} {{ end }}