denc-webcluster: add ModSecurity adjustments
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful

With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2023-02-12 23:46:22 +01:00
parent f69cd00888
commit c75e31c145
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57

View File

@ -125,6 +125,11 @@ nginx:
- proxy_pass: https://bookstack.themis.backend.syscid.com - proxy_pass: https://bookstack.themis.backend.syscid.com
- proxy_http_version: 1.1 - proxy_http_version: 1.1
- client_max_body_size: 20M - client_max_body_size: 20M
- modsecurity_rules: |-
'
SecRuleRemoveById 941160
SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
'
http.conf: http.conf:
config: config:
@ -147,6 +152,10 @@ nginx:
- proxy_pass: https://privatebin.themis.backend.syscid.com - proxy_pass: https://privatebin.themis.backend.syscid.com
- proxy_http_version: 1.1 - proxy_http_version: 1.1
- client_max_body_size: 50M - client_max_body_size: 50M
- modsecurity_rules: |-
'
SecRequestBodyNoFilesLimit 50000000
'
sso_private.conf: sso_private.conf:
config: config: