From 98c4073e9dca7543b63834538bcce591ac3837c1 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 4 Mar 2022 22:02:23 +0100
Subject: [PATCH] fix(matrix): Enable core-crs-rules

This patch should enable the core-crs-rules for good, since one ahs to
add them into the snippet explicitly according to the documentation

Reference:
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#modsecurity
---
 apps/k8s01/matrix/matrix-synapse-values.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/k8s01/matrix/matrix-synapse-values.yaml b/apps/k8s01/matrix/matrix-synapse-values.yaml
index 162026b57..f9ed32be0 100644
--- a/apps/k8s01/matrix/matrix-synapse-values.yaml
+++ b/apps/k8s01/matrix/matrix-synapse-values.yaml
@@ -65,6 +65,7 @@ spec:
                 nginx.ingress.kubernetes.io/modsecurity-transaction-id: $request_id
                 nginx.ingress.kubernetes.io/modsecurity-snippet: |
                     SecRuleEngine On
+                    Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
             hosts:
                 - ENC[AES256_GCM,data:xBwjUfo+b3uBTCqPlx3XZ/IKkTxFXvbgy0w=,iv:ZN/5A/YHSPW7c3Fcx1Fi75uMYBijX0styxTuthv3p2E=,tag:sZ9tihrcgy4pHobebszDTg==,type:str]
             includeServerName: ENC[AES256_GCM,data:U6KM0h8=,iv:+MkU2Bq56rlvL0NXVpJI3du8uA+pQ7/7opsQbNCoO5E=,tag:mJhCmEtymqAJtAfSBWdg5g==,type:bool]
@@ -79,8 +80,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-03-04T20:50:57Z"
-    mac: ENC[AES256_GCM,data:GKNWDvY0yytwF5RUCNNBE1mKDHLtmA85Ogpy3aBOFVFxFoaJgZ9QHysW9fihEH+c3lm3IUXLXO+NsbjldovV9+jKDScJZvvApULYARGmREDVEVi/v7lBjDyu1cX9MXb0AqRSG0Hy94QETnBqZKcLGUjb9H08cDgjjdK1Yn/pwrg=,iv:XVCA6o3dph+FVJJQ754GZSQtxrud2i/uIxlOgE9+WmM=,tag:f/icntdqN4QHcH1D8q8UrQ==,type:str]
+    lastmodified: "2022-03-04T21:02:14Z"
+    mac: ENC[AES256_GCM,data:1AOCp+ry6MOvx956LV5ZB7m/XFtv+84KK8xYapE2+WxHeWKVoSOGE+Zoppd9ID8BJDqnVvQJK1zF1zieZ+GlU64qvwaAHmH+lvoivQseDU1B4DUrhqeip6fDyskbJOjS3CytEsV3qWaPQQBZGrfonfqLoa0njgyO86g7ivMam0g=,iv:yXvCGrg3BwCocjY9dWDt2kAEJd4c1NST4Qpumn430Vw=,tag:li90QQ55km+zE2z2vxaZPg==,type:str]
     pgp:
         - created_at: "2022-02-18T22:15:21Z"
           enc: |-
-- 
GitLab