.k8s/live/dev-lgfs/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
external-dns.alpha.kubernetes.io/set-identifier: cccd-app-ingress-v1-cccd-dev-lgfs-green
external-dns.alpha.kubernetes.io/aws-weight: "100"
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleRemoveById 920120
SecRuleEngine On
SecRequestBodyLimit 29360128
SecDefaultAction "phase:2,pass,log,tag:github_team=crime-billing-online"
SecAction "id:900110,phase:1,nolog,pass,t:none,setvar:tx.inbound_anomaly_score_threshold=6"
SecAction "id:900200,phase:1,nolog,pass,t:none,setvar:tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE"
SecRuleRemoveById 200002
SecRuleRemoveById 200003
SecRule REQUEST_URI "@contains /messages" "id:1000,phase:2,pass,nolog,ctl:ruleRemoveById=921110,ctl:ruleRemoveById=933210"
nginx.ingress.kubernetes.io/server-snippet: |
deny 116.204.211.188;
deny 94.154.188.130;
if ($http_spider_name ~* "crawlergo") {
return 403;
}
name: cccd-app-ingress-v1
namespace: cccd-dev-lgfs
spec:
ingressClassName: modsec
rules:
- host: dev-lgfs.claim-crown-court-defence.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cccd-app-service
port:
number: 80
- host: dev-clar.claim-crown-court-defence.service.justice.gov.uk
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: cccd-app-service
port:
number: 80
tls:
- hosts:
- dev-lgfs.claim-crown-court-defence.service.justice.gov.uk
- dev-clar.claim-crown-court-defence.service.justice.gov.uk
secretName: cccd-dev-lgfs-cert