summaryrefslogtreecommitdiffstats
path: root/pillar/cluster/denc
diff options
context:
space:
mode:
authorGeorg Pfuetzenreuter2023-02-12 23:46:22 +0100
committerGeorg Pfuetzenreuter2023-02-12 23:46:22 +0100
commitc75e31c14542cd8db89e9b7616adb82e22e945ea (patch)
treed0bf1c622701cfb2e8e668555fda37076ac4ec26 /pillar/cluster/denc
parentf69cd00888636a9df5b996b0805e721ba47937e0 (diff)
downloadsalt-c75e31c14542cd8db89e9b7616adb82e22e945ea.tar.gz
salt-c75e31c14542cd8db89e9b7616adb82e22e945ea.tar.bz2
salt-c75e31c14542cd8db89e9b7616adb82e22e945ea.zip
denc-webcluster: add ModSecurity adjustments
With the rollout of our Salted configuration, ModSecurity came enforced. This adds necessary rules to PrivateBin and BookStack for correct operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar/cluster/denc')
-rw-r--r--pillar/cluster/denc/web-proxy.sls9
1 files changed, 9 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls
index 9424091..61fd653 100644
--- a/pillar/cluster/denc/web-proxy.sls
+++ b/pillar/cluster/denc/web-proxy.sls
@@ -125,6 +125,11 @@ nginx:
- proxy_pass: https://bookstack.themis.backend.syscid.com
- proxy_http_version: 1.1
- client_max_body_size: 20M
+ - modsecurity_rules: |-
+ '
+ SecRuleRemoveById 941160
+ SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
+ '
http.conf:
config:
@@ -147,6 +152,10 @@ nginx:
- proxy_pass: https://privatebin.themis.backend.syscid.com
- proxy_http_version: 1.1
- client_max_body_size: 50M
+ - modsecurity_rules: |-
+ '
+ SecRequestBodyNoFilesLimit 50000000
+ '
sso_private.conf:
config: