skip to Main Content

Ingress NGINX Modsecurity allowed_request_content_type is not recognized

We are unsing the ModSecurity-Annotation in our ingress-nginx-controller. We are using the OWAP-Core-Ruleset included with the modsecurity-snipped annotation: enable-modsecurity: "true" modsecurity-snippet: | Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf We've customized several rules and it works well. For some reason our last rule (allowing text/plain)…

VIEW QUESTION

Nginx – ModSecurity WAF log configuration

I'm using a ModSecurity WAF for my application that is defined within a k8s ingress. The configuration looks like this: nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true" nginx.ingress.kubernetes.io/enable-modsecurity: "true" nginx.ingress.kubernetes.io/modsecurity-snippet: | SecAuditEngine RelevantOnly SecRuleEngine On SecAuditLogParts AZ SecAuditLog /dev/stdout SecAuditLogFormat JSON SecRequestBodyAccess On SecRequestBodyLimit 104857600…

VIEW QUESTION

Block port 80 access in Azure Front door

I created a Standard tier Front Door with the necessary Azure WAF with default configurations. If I do this: Test-NetConnection -ComputerName "<frontdoorurl>-dev-xxxxxx.z01.azurefd.net" -Port 80 ComputerName : <frontdoorurl>-dev-xxxxxx.z01.azurefd.net RemoteAddress : xxxx:xxx:xx:x::xx RemotePort : 80 InterfaceAlias : Ethernet 7 SourceAddress : xxxx:xxxx:xx:xxx:xxxx:xxxx:xxx:xxxx…

VIEW QUESTION
Back To Top
Search