K
Q

Nginx ingress controller modsecurity

9/27/2018

I enabled modsecurity: "true" and enable-owasp-modsecurity-crs: "true" via the configmap of the nginx ingresss controller according to this link . In the annotation of the ingress I set SecRuleEngine On. When I use nikto to do some scans and try to trigger the owasp rules I only see 400 responses in the ingress logging. I would expect 403 responses. Anyone any idea on what I am doing wrong or what to check?

-- bramvdk
kubernetes
kubernetes-ingress
mod-security2
nginx-ingress

Similar Questions

Invalid value for field 'instance.networkInterfaces[0].accessConfigs[0].natIP': The specified external IP address is not reserved in region
kubectl losing connection to minikube
golang template - how are the semantics for default
Monitoring pod resource usage on Kubernetes nodes
Argo workflows UI not working with AWS Ingress Controller
Get access token for k8s rbac user

1 Answer

10/10/2018

Followed the instructions on: https://karlstoney.com/2018/02/23/nginx-ingress-modsecurity-and-secchatops/

The only thing I had to change was "SecAuditLog /var/log/modsec/audit.log". Changed it to SecAuditLog /var/log/modsec_audit.log

-- bramvdk
Source: StackOverflow