DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6520 commits 4 branches 217 tags 166 MiB
Commit graph

5 commits

Author SHA1 Message Date
Moh Basher
fea7fed6da
Disable default modsecurity_rules_file if modsecurity-snippet is specified (#8021) 
* Disabled default modsecurity_rules_file if modsecurity-snippet is specifed

The default modsecurity_rules_file overwrites the ModSecurity-snippet if it is specified with custom config settings like "SecRuleEngine On". This will not let Modsecurity be in blocking mode even if "SecRuleEngine On" is specified in the ModSecurity-snippet configuration

* Remove unnecessary comments

Only have the default Modsecurity conf settings in case Modsecurity configuration snippet is not present and remove unnecessary comments

* Fixed modsecurity default file only if Modsecurity snippet present

Fixed if condition  Modsecurity snippet present have modsecurity default config file

* Added e2e test to disabling modsecurity conf

Added e2e in case modsecurity-snippet enabled to disable settings in default modsecurity.conf

* Validate writing to a different location

Validate also modsecurity to write to a different location instead of the default directory

* Fixed the formatting

* Fixed if empty ModsecuritySnippet

* Fixed ModsecuritySnippet condition

* Fixed the condition also in ingress controller template

* Removed the default config condition  in ingress controller template

* Fixed the default config condition in ingress controller template

* Fixed pull-ingress-nginx-test

* Revert "Fixed the default config condition in ingress controller template"

This reverts commit 9d38eca40f.

* Revert template_test

* Adjusted the formating %v
 2021-12-23 03:34:38 -08:00
Ricardo Katz
67e13bf692
Add option to sanitize annotation inputs (#7874) 
* Add option to sanitize annotation inputs

* Fix e2e tests after string sanitization

* Add proxy_pass and serviceaccount as denied values
 2021-11-12 11:40:30 -08:00
Ricardo Katz
4fc57dcc49
Change enable-snippet to allow-snippet-annotation (#7670) 
Signed-off-by: Ricardo Pchevuzinske Katz <rkatz@vmware.com>
 2021-09-20 16:52:23 -07:00
Ricardo Katz
5e6ab651ec
Add option to force enabling snippet directives (#7665) 
Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>
 2021-09-19 12:40:08 -07:00
Elvin Efendi
33061b8cdf
put modsecurity e2e tests into their own packages (#7560) 2021-09-07 10:35:22 -07:00
Renamed from test/e2e/annotations/modsecurity.go (Browse further)