From 8a578c9f4a268cba2d75fc40d4e5f4bb3e17a714 Mon Sep 17 00:00:00 2001
From: Mark Ley <markhley@users.noreply.github.com>
Date: Mon, 14 Aug 2023 10:35:21 -0700
Subject: [PATCH] Disable Modsecurity from internal processing which affects
 large ingresses  (#10316)

* Disable Modsecurity from interanl processing

* Fix modsecurity check logic
---
 rootfs/etc/nginx/template/nginx.tmpl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 0f44efc3d2..0a031442cc 100644
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -709,6 +709,11 @@ http {
 
     # default server, used for NGINX healthcheck and access to nginx stats
     server {
+        # Ensure that modsecurity will not run on an internal location as this is not accessible from outside
+        {{ if $all.Cfg.EnableModsecurity }}
+        modsecurity off;
+        {{ end }}
+
         listen 127.0.0.1:{{ .StatusPort }};
         set $proxy_upstream_name "internal";