diff options
author | Georg Pfuetzenreuter | 2023-02-13 01:06:56 +0100 |
---|---|---|
committer | Georg Pfuetzenreuter | 2023-02-13 01:06:56 +0100 |
commit | 2c2a37ef8b0e1935f5cf7314eb89adcd76e116bf (patch) | |
tree | d0bf1c622701cfb2e8e668555fda37076ac4ec26 /pillar/cluster | |
parent | f69cd00888636a9df5b996b0805e721ba47937e0 (diff) | |
parent | c75e31c14542cd8db89e9b7616adb82e22e945ea (diff) | |
download | salt-2c2a37ef8b0e1935f5cf7314eb89adcd76e116bf.tar.gz salt-2c2a37ef8b0e1935f5cf7314eb89adcd76e116bf.tar.bz2 salt-2c2a37ef8b0e1935f5cf7314eb89adcd76e116bf.zip |
Merge pull request 'denc-webcluster: add ModSecurity adjustments' (#30) from import-denc-webcluster-nginx-modsec into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/30
Diffstat (limited to 'pillar/cluster')
-rw-r--r-- | pillar/cluster/denc/web-proxy.sls | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 9424091..61fd653 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -125,6 +125,11 @@ nginx: - proxy_pass: https://bookstack.themis.backend.syscid.com - proxy_http_version: 1.1 - client_max_body_size: 20M + - modsecurity_rules: |- + ' + SecRuleRemoveById 941160 + SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'" + ' http.conf: config: @@ -147,6 +152,10 @@ nginx: - proxy_pass: https://privatebin.themis.backend.syscid.com - proxy_http_version: 1.1 - client_max_body_size: 50M + - modsecurity_rules: |- + ' + SecRequestBodyNoFilesLimit 50000000 + ' sso_private.conf: config: |