Rancher 2 负载均衡器的 modsecurity + OWASP 规则
[英]modsecurity + OWASP rules for Rancher 2 load balancer
问题描述
I've already set "nginx.ingress.kubernetes.io/enable-modsecurity" to true in the load balancer annotations, but it doesn't seem to work.
我已经在负载均衡器注释中将“nginx.ingress.kubernetes.io/enable-modsecurity”设置为 true,但它似乎不起作用。
Is there any additional config required for the load balancer?负载平衡器是否需要任何其他配置?
Can the OWASP ruleset be loaded?可以加载 OWASP 规则集吗?
Rancher version is 2.2.7. Rancher 版本是 2.2.7。
1 个解决方案
解决方案1
0 2020-04-27 03:58:00
As stated in the NGINX ingress controller documentation , you have to enable the ModSecurity module in the ConfigMap for it to work and it starts by default in DetectionOnly mode with recommended configuration如 NGINX 入口控制器文档中所述,您必须在 ConfigMap 中启用 ModSecurity 模块才能使其工作,并且默认情况下它以推荐配置的DetectionOnly 模式启动
As for the OWASP ruleset, you can set this annotation:至于 OWASP 规则集,你可以设置这个注解:
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
Or you can include it in the nginx.ingress.kubernetes.io/modsecurity-snippet annotation.或者您可以将其包含在nginx.ingress.kubernetes.io/modsecurity-snippet注释中。 It's important to notice that those annotations can't be used together, as only the second one (snippet) will be read if you do so.重要的是要注意这些注释不能一起使用,因为如果这样做,只会读取第二个(片段)。
A simple example would be:一个简单的例子是:
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On
SecDebugLog /tmp/modsec_debug.log
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.