LibertaCasa/salt
LibertaCasa/salt
9
1
Fork 0
Code Issues 5 Pull Requests Releases Activity

denc-webcluster: add ModSecurity adjustments
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details

Browse Source 
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2023-02-12 23:46:22 +01:00
parent f69cd00888
commit c75e31c145
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pillar/cluster/denc/web-proxy.sls
View File

@ -125,6 +125,11 @@ nginx:
- proxy_pass: https://bookstack.themis.backend.syscid.com
- proxy_http_version: 1.1
- client_max_body_size: 20M
- modsecurity_rules: |-
'
SecRuleRemoveById 941160
SecAction "id:900200, phase:1, nolog, pass, t:none, setvar:\'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH\'"
'
http.conf:
config:
@ -147,6 +152,10 @@ nginx:
- proxy_pass: https://privatebin.themis.backend.syscid.com
- proxy_http_version: 1.1
- client_max_body_size: 50M
- modsecurity_rules: |-
'
SecRequestBodyNoFilesLimit 50000000
'
sso_private.conf:
config: