skip to Main Content

Ingress NGINX Modsecurity allowed_request_content_type is not recognized

We are unsing the ModSecurity-Annotation in our ingress-nginx-controller. We are using the OWAP-Core-Ruleset included with the modsecurity-snipped annotation: enable-modsecurity: "true" modsecurity-snippet: | Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf We've customized several rules and it works well. For some reason our last rule (allowing text/plain)…

VIEW QUESTION

Nginx – ModSecurity WAF log configuration

I'm using a ModSecurity WAF for my application that is defined within a k8s ingress. The configuration looks like this: nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true" nginx.ingress.kubernetes.io/enable-modsecurity: "true" nginx.ingress.kubernetes.io/modsecurity-snippet: | SecAuditEngine RelevantOnly SecRuleEngine On SecAuditLogParts AZ SecAuditLog /dev/stdout SecAuditLogFormat JSON SecRequestBodyAccess On SecRequestBodyLimit 104857600…

VIEW QUESTION
Back To Top
Search