From af31ff6a6a187ae656cee93f55bff4b675bfc8af Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 4 Mar 2022 20:15:16 +0100
Subject: [PATCH] fix(longhorn): Properly enable modsecurity

---
 clusters/k8s01/longhorn/ingress.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/clusters/k8s01/longhorn/ingress.yaml b/clusters/k8s01/longhorn/ingress.yaml
index ad5bf6102..81f47f998 100644
--- a/clusters/k8s01/longhorn/ingress.yaml
+++ b/clusters/k8s01/longhorn/ingress.yaml
@@ -15,6 +15,11 @@ metadata:
                 ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
               end
             }
+        nginx.ingress.kubernetes.io/enable-modsecurity: "true"
+        nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
+        nginx.ingress.kubernetes.io/modsecurity-transaction-id: $request_id
+        nginx.ingress.kubernetes.io/modsecurity-snippet: |
+            SecRuleEngine On
 spec:
     rules:
         - host: ENC[AES256_GCM,data:eBQRvj0E4eODWDYTXe+1iu3p+koCwHhVcxw=,iv:DR0LwShFLl9pS13VgTuCuag8qo3uKug26g9eV2AAkLE=,tag:c7MwWxEsVuV0EvckG+nKqQ==,type:str]
@@ -37,8 +42,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-01-22T04:02:54Z"
-    mac: ENC[AES256_GCM,data:20jXv3xTGy4zoXEUgpRdw7zOq1OvEp/fvfvj8/e6N8yMluVQxpkuQSbHu1gecyhhyYu9fwASeacdLYgv7q33vIW8z1L9OAD9ZTOUf2OCtZqS+fHdBqA4PDSaT2WyAqdc1mcptcEC3Ml91p0nngPlDPowpny6/7P9Y+n+DVZrtCE=,iv:/XIiyCEmHBcKa/4tQfVOABRlSqGpVaPVZNu6bx9lUn0=,tag:V8TgJ8nZCYYbfuEZKw107g==,type:str]
+    lastmodified: "2022-03-04T19:13:47Z"
+    mac: ENC[AES256_GCM,data:hAmKECaw9YPNmeHjLE3V5F1jI0tEMQaPb4HE1QEuw4xsuKOoVbc8nMeAHLmEA+BC/jDWV2nhFs/EiUi8grg+taOIrzPz7XAwJns1dn1xs89SO+km16nFGHVl7E+q0VL+CoFib0Z7BtWRARDlWE1loUjcUCd+q2S7wO9WjtOoFJk=,iv:d//Y2ORQX+n81YKwD8HkafM19mGWMF8JtF6vH8sKK5Q=,tag:uiYFzOvgJqqygoVStl1oNA==,type:str]
     pgp:
         - created_at: "2022-01-22T02:43:51Z"
           enc: |-
-- 
GitLab