Disable Modsecurity from internal processing which affects large ingr…

…esses (#10316) * Disable Modsecurity from interanl processing * Fix modsecurity check logic
kubernetes · Aug 14, 2023 · 8a578c9 · 8a578c9
1 parent 6b05e9b
commit 8a578c9
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
@@ -709,6 +709,11 @@ http {
 
     # default server, used for NGINX healthcheck and access to nginx stats
     server {
+        # Ensure that modsecurity will not run on an internal location as this is not accessible from outside
+        {{ if $all.Cfg.EnableModsecurity }}
+        modsecurity off;
+        {{ end }}
+
         listen 127.0.0.1:{{ .StatusPort }};
         set $proxy_upstream_name "internal";