主页 » Tags

Ingress

Ingress ModSecurity防护

Ingress ModSecurity防护 Ingress Controller 全局配置 # 编辑集群网关 添加如下配置选项 data: enable-modsecurity: "true" enable-owasp-modsecurity-crs: "true" modsecurity-snippet: | SecRuleEngine On SecRequestBodyAccess On SecResponseBodyAccess On SecAuditEngine RelevantOnly SecAuditLogParts ABIJDEFHZ # Ingress 单路由配置 kind: Ingress apiVersion: networking.k8s.io/v1 metadata: name: xxxxx namespace: tools annotations: nginx.ingress.kubernetes.io/enable-modsecurity: 'false' # 关闭 nginx.ingress.kubernetes.io/modsecurity-snippet: | SecRuleEngine On #拦截恶意请求 #SecRuleEngine DetectionOnly #仅记录,不拦截 nginx.ingress.kubernetes.io/whitelist-source-range: 'x.x.x.x' 误判处理 kind: Ingress apiVersion: networking.k8s.io/v1 metadata: namespace: xxxx annotations: nginx.ingress.kubernetes.io/modsecurity-snippet: | # 移除指定ID的规则 SecRule REQUEST_URI "@rx ^/(js|cdn)/.*\.(js|css)$" "id:1000001,phase:1,nolog,pass,ctl:ruleRemoveById=959100" 辅助调试...

六月 11, 2025 · 1 分钟 · Sulan

K8s Ingress添加访问密码

在k8s节点上执行 密码生成 htpasswd -c auth <用户名> # 输入密码 创建保密字典 namespace=<K8s项目名称> kubectl create secret generic basic-auth --from-file=auth -n ${namespace} Ingress配置密钥 添加注解 nginx.ingress.kubernetes.io/auth-type: basic # 对应保密字典 nginx.ingress.kubernetes.io/auth-secret: basic-auth # 错误提示 nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required!'

二月 12, 2025 · 1 分钟 · Sulan