Ingress-nginx: Add annotation enable-modsecurity = [true|false]
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
FEATURE REQUEST
NGINX Ingress controller version: 10.0.2
Add annotation enable-modsecurity with possible values of either true or false
kolima
All 2 comments
Hmm, i'm not sure about this as there is much more to modsecurity that "true" or "false".
For example;
- Should on just mean SecAuditLog?
- Should on mean SecAuditLog AND SecRuleEngine?
- Where should modsec write its logs?
Theres far too many configuration options for modsecurity to start putting in individual annotations, when all of them can be controller with a simple configuration snippet on the ingress in question:
nginx.ingress.kubernetes.io/configuration-snippet: |
modsecurity_rules '
SecRuleEngine DetectionOnly
SecAuditEngine RelevantOnly
';
For a full list of the wide range of configuration options check this page
Stono
on 10 Feb 2018
Closing. As @Stono mentioned you can do this kind of customizations using the configuration-snippet annotation.
Please keep in mind we cannot add annotations for all the possible configuration options
aledbf
on 11 Feb 2018
Related issues
bashofmann
路
3Comments
jwfang
路
3Comments
whereisaaron
路
3Comments
yuyang0
路
3Comments
sophaskins
路
3Comments
Most helpful comment
Hmm, i'm not sure about this as there is much more to modsecurity that "true" or "false".
For example;
Theres far too many configuration options for modsecurity to start putting in individual annotations, when all of them can be controller with a simple configuration snippet on the ingress in question:
For a full list of the wide range of configuration options check this page