← Back to team overview

wordpress-charmers team mailing list archive

  1. wordpress-charmers team
  2. Mailing list archive
  3. Message #00824

[Merge] ~sajoupa/charm-k8s-wordpress:nginx-ingress-modsec into charm-k8s-wordpress:master

  Thread PreviousDate PreviousThread Next 
Laurent Sesquès has proposed merging ~sajoupa/charm-k8s-wordpress:nginx-ingress-modsec into charm-k8s-wordpress:master.

Requested reviews:
  Wordpress Charmers (wordpress-charmers)

For more details, see:
https://code.launchpad.net/~sajoupa/charm-k8s-wordpress/+git/charm-k8s-wordpress/+merge/414554
-- 
Your team Wordpress Charmers is requested to review the proposed merge of ~sajoupa/charm-k8s-wordpress:nginx-ingress-modsec into charm-k8s-wordpress:master.

diff --git a/src/charm.py b/src/charm.py
index c975c98..f26c714 100755
--- a/src/charm.py
+++ b/src/charm.py
@@ -267,6 +267,7 @@ class WordpressCharm(CharmBase):
                 "nginx.ingress.kubernetes.io/enable-owasp-modsecurity-crs": "true",
                 "nginx.ingress.kubernetes.io/modsecurity-snippet":
                     ("SecRuleEngine On\n"
+                     "SecAction \"id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1\"\n"
                      "Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf"),
             }
             resources["kubernetesResources"]["ingressResources"][0]["annotations"].update(modsec_annotations)
diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py
index 12d100e..83e1c6c 100644
--- a/tests/unit/test_charm.py
+++ b/tests/unit/test_charm.py
@@ -135,6 +135,8 @@ class TestWordpressCharm(unittest.TestCase):
                             "nginx.ingress.kubernetes.io/enable-owasp-modsecurity-crs": "true",
                             "nginx.ingress.kubernetes.io/modsecurity-snippet":
                                 ("SecRuleEngine On\n"
+                                 "SecAction "
+                                 "\"id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1\"\n"
                                  "Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf"),
                             "nginx.ingress.kubernetes.io/proxy-body-size": "10m",
                             "nginx.ingress.kubernetes.io/proxy-send-timeout": "300s",
@@ -195,6 +197,8 @@ class TestWordpressCharm(unittest.TestCase):
                             "nginx.ingress.kubernetes.io/enable-owasp-modsecurity-crs": "true",
                             "nginx.ingress.kubernetes.io/modsecurity-snippet":
                                 ("SecRuleEngine On\n"
+                                 "SecAction "
+                                 "\"id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1\"\n"
                                  "Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf"),
                             "nginx.ingress.kubernetes.io/proxy-body-size": "10m",
                             "nginx.ingress.kubernetes.io/proxy-send-timeout": "300s",

References

  Thread PreviousDate PreviousThread Next