diff options
author | Georg Pfuetzenreuter | 2023-02-12 23:46:22 +0100 |
---|---|---|
committer | Georg Pfuetzenreuter | 2023-02-12 23:46:22 +0100 |
commit | c75e31c14542cd8db89e9b7616adb82e22e945ea (patch) | |
tree | d0bf1c622701cfb2e8e668555fda37076ac4ec26 | |
parent | f69cd00888636a9df5b996b0805e721ba47937e0 (diff) | |
download | salt-c75e31c14542cd8db89e9b7616adb82e22e945ea.tar.gz salt-c75e31c14542cd8db89e9b7616adb82e22e945ea.tar.bz2 salt-c75e31c14542cd8db89e9b7616adb82e22e945ea.zip |
denc-webcluster: add ModSecurity adjustments
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
-rw-r--r-- | pillar/cluster/denc/web-proxy.sls | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 9424091..61fd653 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -125,6 +125,11 @@ nginx: - proxy_pass: https://bookstack.themis.backend.syscid.com - proxy_http_version: 1.1 - client_max_body_size: 20M + - modsecurity_rules: |- + ' + SecRuleRemoveById 941160 + SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'" + ' http.conf: config: @@ -147,6 +152,10 @@ nginx: - proxy_pass: https://privatebin.themis.backend.syscid.com - proxy_http_version: 1.1 - client_max_body_size: 50M + - modsecurity_rules: |- + ' + SecRequestBodyNoFilesLimit 50000000 + ' sso_private.conf: config: |