I've already set "nginx.ingress.kubernetes.io/enable-modsecurity" to true in the load balancer annotations, but it doesn't seem to work.
Is there any additional config required for the load balancer?
Can the OWASP ruleset be loaded?
Rancher version is 2.2.7.
As stated in the NGINX ingress controller documentation, you have to enable the ModSecurity module in the ConfigMap for it to work and it starts by default in DetectionOnly mode with recommended configuration
As for the OWASP ruleset, you can set this annotation:
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
Or you can include it in the nginx.ingress.kubernetes.io/modsecurity-snippet annotation. It’s important to notice that those annotations can’t be used together, as only the second one (snippet) will be read if you do so.
A simple example would be:
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On
SecDebugLog /tmp/modsec_debug.log
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
