kuberneteskubernetes-ingressmod-security2nginx-ingress

Nginx ingress controller modsecurity


I enabled modsecurity: "true" and enable-owasp-modsecurity-crs: "true" via the configmap of the nginx ingresss controller according to this link . In the annotation of the ingress I set SecRuleEngine On. When I use nikto to do some scans and try to trigger the owasp rules I only see 400 responses in the ingress logging. I would expect 403 responses. Anyone any idea on what I am doing wrong or what to check?


Solution

  • Followed the instructions on: https://karlstoney.com/2018/02/23/nginx-ingress-modsecurity-and-secchatops/

    The only thing I had to change was "SecAuditLog /var/log/modsec/audit.log". Changed it to SecAuditLog /var/log/modsec_audit.log