WAF (Web Application Firewall) with the ingress-nginx controller using ModSecurity

[jessebot]

Hi community friends!

I just wanted to do a quick post talking about ModSecurity, which is a Web Application Firewall or WAF for short. I recently updated the ingress-nginx docs to include an example of how to setup ModSecurity with the ingress-nginx helm chart.

If you're not familiar with ModSecurity, people traditionally use the OWASP Core Rule Set, which are a set of rules which contain known suspicious/malicious patterns that attackers use when trying to compromise your websites.

In the latest version of the rule set, they've introduced the concept of Plugins. Plugins are a set of any kind of rules, but most frequently, they're used to allow you to exclude or modify rules for specific traffic that may look suspicious, but is actually normal for a given web app. Here's where the coreruleset/nextcloud-rule-exclusions-plugin comes in, which I personally use to exclude common legitimate Nextcloud traffic. I typically include it as a ConfigMap. Please see an example here.

The maintainers of the Nextcloud Rule Exclusions Plugin have been really kind and informative, so if you're running ingress-nginx as your Ingress Controller for Kubernetes, and would like to add a WAF, I highly recommend giving it a look through :)

Update: supported Nextcloud apps are listed here.