DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ingress-nginx-helm/internal/ingress/controller
History
Moh Basher fea7fed6da
Disable default modsecurity_rules_file if modsecurity-snippet is specified (#8021) 
* Disabled default modsecurity_rules_file if modsecurity-snippet is specifed

The default modsecurity_rules_file overwrites the ModSecurity-snippet if it is specified with custom config settings like "SecRuleEngine On". This will not let Modsecurity be in blocking mode even if "SecRuleEngine On" is specified in the ModSecurity-snippet configuration

* Remove unnecessary comments

Only have the default Modsecurity conf settings in case Modsecurity configuration snippet is not present and remove unnecessary comments

* Fixed modsecurity default file only if Modsecurity snippet present

Fixed if condition  Modsecurity snippet present have modsecurity default config file

* Added e2e test to disabling modsecurity conf

Added e2e in case modsecurity-snippet enabled to disable settings in default modsecurity.conf

* Validate writing to a different location

Validate also modsecurity to write to a different location instead of the default directory

* Fixed the formatting

* Fixed if empty ModsecuritySnippet

* Fixed ModsecuritySnippet condition

* Fixed the condition also in ingress controller template

* Removed the default config condition  in ingress controller template

* Fixed the default config condition in ingress controller template

* Fixed pull-ingress-nginx-test

* Revert "Fixed the default config condition in ingress controller template"

This reverts commit 9d38eca40f.

* Revert template_test

* Adjusted the formating %v
2021-12-23 03:34:38 -08:00
..
config Add ssl_reject_handshake to defaul server (#7977) 2021-11-29 08:33:23 -08:00
ingressclass Print warning only instead of error if no permission on ingressclass (#7578) 2021-10-10 12:48:37 -07:00
process Migrate to klog v2 2020-08-08 21:01:03 -04:00
store Change sanitization message from error to warning (#7963) 2021-11-23 18:25:20 -03:00
template Disable default modsecurity_rules_file if modsecurity-snippet is specified (#8021) 2021-12-23 03:34:38 -08:00
certificate.go Fix verification of boilerplate, style and file headers 2017-12-03 13:58:23 -03:00
checker.go Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
checker_test.go fix: use exponential backoff mechanism to listen on nginx.StatusPort 2021-05-13 15:02:11 +08:00
controller.go add canary-weight-total annotation (#6338) 2021-12-07 08:40:00 -08:00
controller_test.go Trim spaces from badword items (#7921) 2021-11-15 20:37:29 -03:00
endpoints.go getEndpoints uses service target port directly if it's a number and mismatch with port name in endpoint (#7393) 2021-09-07 11:15:16 -07:00
endpoints_test.go getEndpoints uses service target port directly if it's a number and mismatch with port name in endpoint (#7393) 2021-09-07 11:15:16 -07:00
location.go Release v1 (#7470) 2021-08-21 13:42:00 -07:00
nginx.go support watch namespaces matched namespace selector (#7472) 2021-11-12 11:46:28 -08:00
nginx_test.go Update go version, modules and remove ioutil 2021-08-06 14:15:21 -03:00
status.go Refactor extraction of ingress pod details 2020-11-19 17:31:28 -03:00
tcp.go Release v1 (#7470) 2021-08-21 13:42:00 -07:00
util.go Release v1 (#7470) 2021-08-21 13:42:00 -07:00
util_test.go rename sysctlFSFileMax to rlimitMaxNumFiles to reflect what it actually does 2019-01-15 15:34:17 -05:00