Enable WAF with Modsecurity from Ingress Nginx

Export modsecurity.conf from ingress nginx controller

POD_NAME=$(kubectl get pods --namespace ingress-nginx -l "app.kubernetes.io/component=controller,app.kubernetes.io/name=ingress-nginx" -o jsonpath="{.items[0].metadata.name}")

kubectl exec -it $POD_NAME -n ingress-nginx -- cat /etc/nginx/modsecurity/modsecurity.conf > modsecurity.conf

Change configuration to support JSON and serial log

# SecAuditLogType Concurrent
# SecAuditLog /var/log/modsec_audit.log

SecAuditLogType Serial
SecAuditLog /dev/stdout
SecAuditLogFormat JSON

Create a configmap to use customized modsecurity.conf settings

kubectl create configmap modsecurity --from-file=modsecurity.conf=modsecurity.conf -n=ingress-nginx

Update ingress nginx helm values

  ## Additional volumeMounts to the controller main container.
    - name: modsecurity
      mountPath: /etc/nginx/modsecurity/modsecurity.conf
      subPath: modsecurity.conf
      readOnly: true

  ## Additional volumes to the controller pod.
    - name: modsecurity
        name: modsecurity

helm upgrade <name> ingress-nginx/ingress-nginx -n ingress-nginx -f nginx_values.yaml

Create nginx ingress object and annotate it in below

    nginx.ingress.kubernetes.io/enable-modsecurity: "true"
    nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
    nginx.ingress.kubernetes.io/modsecurity-snippet: |
      # SecRuleEngine DetectionOnly
      SecRuleEngine Off
      SecRuleRemoveById 920350

Share Tweet Send
You've successfully subscribed to Unofficial Azure Club
Great! Next, complete checkout for full access to Unofficial Azure Club
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.