DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4091 from weltschraet/modsecurity-memory

Browse source 
reduce memory footprint and cpu usage when modsecurity and owasp rule…
This commit is contained in:
Kubernetes Prow Robot 2019-05-19 06:27:11 -07:00 committed by GitHub
commit ff80dca51e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -137,6 +137,17 @@ http {
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ if $all.Cfg.EnableModsecurity }}
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ if $all.Cfg.EnableOWASPCoreRules }}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }}
{{ end }}
{{ if $cfg.UseGeoIP }} {{ if $cfg.UseGeoIP }}
{{/* databases used to determine the country depending on the client IP address */}} {{/* databases used to determine the country depending on the client IP address */}}
{{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}} {{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}
@ -1102,15 +1113,17 @@ stream {
set $proxy_host $proxy_upstream_name; set $proxy_host $proxy_upstream_name;
{{ if (or $location.ModSecurity.Enable $all.Cfg.EnableModsecurity) }} {{ if (or $location.ModSecurity.Enable $all.Cfg.EnableModsecurity) }}
{{ if not $all.Cfg.EnableModsecurity }}
modsecurity on; modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf; modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
{{ end }}
{{ if $location.ModSecurity.Snippet }} {{ if $location.ModSecurity.Snippet }}
modsecurity_rules ' modsecurity_rules '
{{ $location.ModSecurity.Snippet }} {{ $location.ModSecurity.Snippet }}
'; ';
{{ else if (or $location.ModSecurity.OWASPRules $all.Cfg.EnableOWASPCoreRules) }} {{ else if (and ((not $all.Cfg.EnableOWASPCoreRules) $location.ModSecurity.OWASPRules))}}
modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf; modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
{{ end }} {{ end }}