Skip to content
Snippets Groups Projects
Verified Commit 007afae6 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(nextcloud): Enable modsecurity

This patch enables mod security for nextcloud and sets up the default
exceptions maintained by the CRS maintainers.

References:
https://github.com/coreruleset/coreruleset/blob/554fb063c2613ca9cb470524c721476c2eedf62f/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
parent f46dc430
No related branches found
No related tags found
No related merge requests found
......@@ -108,6 +108,11 @@ data:
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
}
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
persistence:
enabled: true
resources:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment