Add custom modsecurity template to ingress-controller
What does this MR do?
Adds a custom template for overriding the default modsecurity.conf
, that ships with nginx-ingress
.
The override is currently quite simple: disabling a few settings: SecRuleEngine
(causing it to default to "Off"), SecAuditLogType
(defaulting to "Serial"), and SecStatusEngine
(disabling anonymous metric reporting).
Since these Directives can only be declared once, this provides flexibility in allowing overriding at a project-level via the auto-deploy chart.
This fixes a small ~bug in the previously merged chart MR (gitlab-org/charts/auto-deploy-app!12 (merged)) and gitlab-org/cluster-integration/auto-deploy-image!28 (merged) where the SecRuleEngine
setting was being ignored since it was already set (Why it doesn't throw a duplicate directive error is still unclear to me). The other two are future-proofing.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation created/updated or follow-up review issue created
- [-] Code review guidelines
- [-] Merge request performance guidelines
- [-] Style guides
- [-] Database guides
- [-] Separation of EE specific content