fix(matrix): Disable rule mod security for anomaly detection

This patch disabled the CRS modsecurity role for anomaly detection, since apparently ~80% of all requests are anomalies. This patch adds an explicit exclude for this rule to the modsecurity config snippet which should help to keep synapse working, while utilising modsecurity.

fix(matrix): Disable rule mod security for anomaly detection
395eb8b0 · Sheogorath · 283e69bc · 395eb8b0
Verified Commit 395eb8b0 authored 3 years ago by Sheogorath
--- a/apps/k8s01/matrix/matrix-synapse-values.yaml
+++ b/apps/k8s01/matrix/matrix-synapse-values.yaml
@@ -66,6 +66,7 @@ spec:
                nginx.ingress.kubernetes.io/modsecurity-snippet: |
                    SecRuleEngine On
                    Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
+                    SecRuleRemoveById 949110
            hosts:
                - ENC[AES256_GCM,data:xBwjUfo+b3uBTCqPlx3XZ/IKkTxFXvbgy0w=,iv:ZN/5A/YHSPW7c3Fcx1Fi75uMYBijX0styxTuthv3p2E=,tag:sZ9tihrcgy4pHobebszDTg==,type:str]
            includeServerName: ENC[AES256_GCM,data:U6KM0h8=,iv:+MkU2Bq56rlvL0NXVpJI3du8uA+pQ7/7opsQbNCoO5E=,tag:mJhCmEtymqAJtAfSBWdg5g==,type:bool]
@@ -80,8 +81,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2022-03-04T21:02:14Z"
+    lastmodified: "2022-03-04T22:23:29Z"
-    mac: ENC[AES256_GCM,data:1AOCp+ry6MOvx956LV5ZB7m/XFtv+84KK8xYapE2+WxHeWKVoSOGE+Zoppd9ID8BJDqnVvQJK1zF1zieZ+GlU64qvwaAHmH+lvoivQseDU1B4DUrhqeip6fDyskbJOjS3CytEsV3qWaPQQBZGrfonfqLoa0njgyO86g7ivMam0g=,iv:yXvCGrg3BwCocjY9dWDt2kAEJd4c1NST4Qpumn430Vw=,tag:li90QQ55km+zE2z2vxaZPg==,type:str]
+    mac: ENC[AES256_GCM,data:HSUoauj/2F2UTZT3U8KjuTYjmWG+xbT6xEQZrbOE3+cCrI0AqL6WBFx+XmC2z0X51fICdA/9Yx13WV+KIfSep8ya1rDKpAVQpTk7fh0SOIuQmTwEH2YCWOLhGCWuyECUd5P+urrK9cWFMfwMBifwuiR8c5hOXBtPYYQO1dUeRdk=,iv:w+F7GugZLsLE0B/DMdWBM+zfRkweamaI6Nvo42Czr+c=,tag:7+gPk0KnQ3355wTxoNmdmw==,type:str]
    pgp:
        - created_at: "2022-02-18T22:15:21Z"
          enc: |-