DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[release-1.8] Disable Modsecurity from internal processing which affects large ingresses (#10375)

Browse source 
* Disable Modsecurity from interanl processing

* Fix modsecurity check logic

---------

Co-authored-by: mley <mley@intraedge.com>
This commit is contained in:
k8s-infra-cherrypick-robot 2023-09-07 12:01:23 -07:00 committed by GitHub
parent 98170bd6bf
commit fb80e6d53f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -710,6 +710,11 @@ http {
# default server, used for NGINX healthcheck and access to nginx stats # default server, used for NGINX healthcheck and access to nginx stats
server { server {
# Ensure that modsecurity will not run on an internal location as this is not accessible from outside
{{ if $all.Cfg.EnableModsecurity }}
modsecurity off;
{{ end }}
listen 127.0.0.1:{{ .StatusPort }}; listen 127.0.0.1:{{ .StatusPort }};
set $proxy_upstream_name "internal"; set $proxy_upstream_name "internal";