Add documentation for OWASP ModSecurity#413
Conversation
weiiwang01
requested review from
alithethird and
f-atwi
and removed request for
a team
weiiwang01
added
documentation
erinecon
left a comment
erinecon
left a comment
There was a problem hiding this comment.
Thanks for adding this guide! Mostly nits, but the PR preview of the how-to landing page currently contains three entries for the new how-to guide, so I won't give an approval until the headers are updated :)
| `owasp-modsecurity-crs` and `owasp-modsecurity-custom-rules` charm | ||
| configuration options. | ||
|
|
||
| # Enable OWASP ModSecurity with core rule set |
There was a problem hiding this comment.
| # Enable OWASP ModSecurity with core rule set | |
| ## Enable OWASP ModSecurity with core rule set |
| juju config nginx-ingress-integrator owasp-modsecurity-crs=true | ||
| ``` | ||
|
|
||
| # Customize ModSecurity rules |
There was a problem hiding this comment.
| # Customize ModSecurity rules | |
| ## Customize ModSecurity rules |
| and Nginx that is developed by OWASP. You can enable the ModSecurity | ||
| firewall in the Nginx ingress integrator charm using the |
There was a problem hiding this comment.
| and Nginx that is developed by OWASP. You can enable the ModSecurity | |
| firewall in the Nginx ingress integrator charm using the | |
| and NGINX that is developed by OWASP. You can enable the ModSecurity | |
| firewall in the NGINX ingress integrator charm using the |
My understanding is that "NGINX" should be formatted in all caps
|
|
||
| The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack | ||
| detection rules for use with ModSecurity or compatible web application | ||
| firewalls. You can enable OWASP ModSecurity and the core rule set by |
There was a problem hiding this comment.
| firewalls. You can enable OWASP ModSecurity and the core rule set by | |
| firewalls. Enable OWASP ModSecurity and the core rule set by |
Nitpick, but I think we should drop the "You can..." framing in the subsections. I think it's fine to use "You can..." in the introduction, as a way of introducing the content in the guide as an optional task that users can do for their deployment. But now that we're in the subsections and discussing the tasks, we should be more authoritative about the user's actions.
| setting the `owasp-modsecurity-crs` charm configuration to `true`. For | ||
| example: |
There was a problem hiding this comment.
Nitpick: "For example" reads like there's some other way to set this configuration to true. I understand that the user might rename their deployed nginx-ingress-integrator, so the command could be different for their setup, but for conciseness, I think we can drop "For example".
| setting the `owasp-modsecurity-crs` charm configuration to `true`. For | |
| example: | |
| setting the `owasp-modsecurity-crs` charm configuration to `true`: |
| You can also enable additional rules outside the core rule set by | ||
| setting the `owasp-modsecurity-custom-rules` charm configuration option. | ||
| The `owasp-modsecurity-custom-rules` configuration option will be put in | ||
| the `nginx.ingress.kubernetes.io/modsecurity-snippet` Nginx ingress | ||
| annotation with other charm-generated configuration snippets. |
There was a problem hiding this comment.
| You can also enable additional rules outside the core rule set by | |
| setting the `owasp-modsecurity-custom-rules` charm configuration option. | |
| The `owasp-modsecurity-custom-rules` configuration option will be put in | |
| the `nginx.ingress.kubernetes.io/modsecurity-snippet` Nginx ingress | |
| annotation with other charm-generated configuration snippets. | |
| Enable additional rules outside the core rule set by | |
| setting the `owasp-modsecurity-custom-rules` charm configuration option. | |
| This configuration option will be put in | |
| the `nginx.ingress.kubernetes.io/modsecurity-snippet` NGINX ingress | |
| annotation with other charm-generated configuration snippets. |
Nits around authoritative writing, NGINX capitalization, conciseness
| This option is only effective when `owasp-modsecurity-crs` is set to | ||
| `true`. |
There was a problem hiding this comment.
Nit: Consider placing this text into a warning admonition so that it's highlighted more, e.g.
```{warning}
This option is only effective when `owasp-modsecurity-crs` is set to
`true`.
```
3 participants
Applicable spec:
Overview
Add documentation for OWASP ModSecurity related charm configurations.
Rationale
Juju events changes
Module changes
Library changes
Checklist
urgent,trivial,senior-review-required)