.k8s/live/api-sandbox/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
external-dns.alpha.kubernetes.io/set-identifier: cccd-app-ingress-v1-cccd-api-sandbox-green
external-dns.alpha.kubernetes.io/aws-weight: "100"
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleRemoveById 920120
SecRuleEngine On
SecRequestBodyLimit 29360128
SecAction "id:900110,phase:1,nolog,pass,t:none,setvar:tx.inbound_anomaly_score_threshold=6"
SecAction "id:900200,phase:1,nolog,pass,t:none,setvar:tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE"
SecRuleRemoveById 200002
SecRuleRemoveById 200003
nginx.ingress.kubernetes.io/server-snippet: |
deny 116.204.211.188;
deny 94.154.188.130;
if ($http_spider_name ~* "crawlergo") {
return 403;
}
name: cccd-app-ingress-v1
namespace: cccd-api-sandbox
spec:
ingressClassName: modsec
rules:
- host: api-sandbox.claim-crown-court-defence.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cccd-app-service
port:
number: 80
tls:
- hosts:
- api-sandbox.claim-crown-court-defence.service.justice.gov.uk
secretName: cccd-api-sandbox-cert