CDPT-1958 Enable modsec in non-prod namespaces (#787)

vertism · web-flow · commit 8e62bc947771 · 2024-08-21T12:08:58.000+01:00
diff --git a/config/kubernetes/qa/ingress.yml b/config/kubernetes/qa/ingress.yml
@@ -15,8 +15,12 @@ metadata:
       location ~* \.(php|cgi|xml)$ {
         deny all; access_log off;
       }
+    nginx.ingress.kubernetes.io/enable-modsecurity: "true"
+    nginx.ingress.kubernetes.io/modsecurity-snippet: |
+      SecRuleEngine On
+      SecDefaultAction "phase:2,pass,log,tag:github_team=central-digital-product-team,tag:namespace=disclosure-checker-qa"
 spec:
-  ingressClassName: default
+  ingressClassName: modsec
   tls:
   - hosts:
     - disclosure-checker-qa.apps.live.cloud-platform.service.justice.gov.uk
diff --git a/config/kubernetes/staging/ingress.yml b/config/kubernetes/staging/ingress.yml
@@ -15,8 +15,12 @@ metadata:
       location ~* \.(php|cgi|xml)$ {
         deny all; access_log off;
       }
+    nginx.ingress.kubernetes.io/enable-modsecurity: "true"
+    nginx.ingress.kubernetes.io/modsecurity-snippet: |
+      SecRuleEngine On
+      SecDefaultAction "phase:2,pass,log,tag:github_team=central-digital-product-team,tag:namespace=disclosure-checker-staging"
 spec:
-  ingressClassName: default
+  ingressClassName: modsec
   tls:
   - hosts:
     - disclosure-checker-staging.apps.live.cloud-platform.service.justice.gov.uk
