From 6cdfc8883fe2ce6f8d4f9d5db99c47458b1846b3 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 8 Jun 2022 04:28:02 +0200
Subject: [PATCH] fix(monitoring): Disable modsecurity

After some considerations regarding resource use and false-positives, it
seems like a good idea to disable modsecurity especially since it seems
to cause issues with oauth-proxy and general high entrophy workload.
---
 clusters/k8s01/monitoring/ingress.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/clusters/k8s01/monitoring/ingress.yaml b/clusters/k8s01/monitoring/ingress.yaml
index 6ac2222c1..d44a4fe9e 100644
--- a/clusters/k8s01/monitoring/ingress.yaml
+++ b/clusters/k8s01/monitoring/ingress.yaml
@@ -15,12 +15,6 @@ metadata:
                 ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
               end
             }
-        nginx.ingress.kubernetes.io/enable-modsecurity: "true"
-        nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
-        nginx.ingress.kubernetes.io/modsecurity-transaction-id: $request_id
-        nginx.ingress.kubernetes.io/modsecurity-snippet: |
-            SecRuleEngine On
-            SecRuleRemoveById 949110
 spec:
     rules:
         - host: ENC[AES256_GCM,data:k1mCBDKYvRLLC489r7yvk9PRDsQh5IgUpOaOfdhpQCwUNN8=,iv:AuBQnC2duZJM5/aYASq6gcovFPhECGk9EWjMaBgeRzQ=,tag:VdMb/Rn54dWpbDjxbEjPvA==,type:str]
-- 
GitLab