From 7cea4feade09b49de6b6e28d92e3538c19732e65 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 8 Jun 2022 04:29:28 +0200
Subject: [PATCH] fix(matrix): Disable modsecurity

After some considerations regarding resource use and false-positives, it
seems like a good idea to disable modsecurity especially since it seems
to cause issues with synapse, especially SSO, therefore it seems like a
good idea, to disable it for now and maybe revisit in the future.
---
 apps/k8s01/matrix/matrix-synapse-values.yaml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/apps/k8s01/matrix/matrix-synapse-values.yaml b/apps/k8s01/matrix/matrix-synapse-values.yaml
index 6a0b64c64..d7c37ea8b 100644
--- a/apps/k8s01/matrix/matrix-synapse-values.yaml
+++ b/apps/k8s01/matrix/matrix-synapse-values.yaml
@@ -62,12 +62,6 @@ spec:
             annotations:
                 nginx.ingress.kubernetes.io/proxy-body-size: 10m
                 nginx.ingress.kubernetes.io/use-regex: "true"
-                nginx.ingress.kubernetes.io/enable-modsecurity: "true"
-                nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
-                nginx.ingress.kubernetes.io/modsecurity-transaction-id: $request_id
-                nginx.ingress.kubernetes.io/modsecurity-snippet: |
-                    SecRuleEngine On
-                    SecRuleRemoveById 949110
             csHosts:
                 - ENC[AES256_GCM,data:06VwYW6gTQxXCCRJozMkfFAWRSQxg0CqLMw=,iv:IaZkdxzcdhjvHyZvhjzpj1tRADcZGBmMkDjQ1LJxIwc=,tag:1YmKNYfMoTsZiaZcfTS6Vg==,type:str]
             includeServerName: ENC[AES256_GCM,data:kiajuG0=,iv:EBVbKqOeguzlo1HOUc2J44dEiGEZD3tBJVWARp/zEjQ=,tag:KFgh04r1pojb2DSNrrO+uQ==,type:bool]
-- 
GitLab