From 0ade6b1a529828c72d68ae2c42d17a33dd61586e Mon Sep 17 00:00:00 2001
From: JingLu5 <lvjing5@huawei.com>
Date: Fri, 7 Sep 2018 16:18:15 +0800
Subject: Add ModSecurity config guide

This patch adds ModSecurity config guide.
This patch also deploy the modsecurity and ext_authz filter to clover-gateway namespace.

Change-Id: I5ab21e6337b8f8b839ddd028370df378686bd017
Signed-off-by: JingLu5 <lvjing5@huawei.com>
---
 .../scenarios/ingressgateway_ext_authz_filter.yaml | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 samples/scenarios/ingressgateway_ext_authz_filter.yaml

(limited to 'samples/scenarios/ingressgateway_ext_authz_filter.yaml')

diff --git a/samples/scenarios/ingressgateway_ext_authz_filter.yaml b/samples/scenarios/ingressgateway_ext_authz_filter.yaml
new file mode 100644
index 0000000..0960a50
--- /dev/null
+++ b/samples/scenarios/ingressgateway_ext_authz_filter.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: ext-authz
+  namespace: clover-gateway
+spec:
+  workloadLabels:
+    app: istio-ingressgateway
+  filters:
+  - insertPosition:
+      index: FIRST
+    listenerMatch:
+      portNumber: 80
+      listenerType: GATEWAY
+      listenerProtocol: HTTP
+    filterType: HTTP
+    filterName: "envoy.ext_authz"
+    filterConfig:
+      http_service:
+        server_uri:
+          uri: "http://modsecurity-crs.clover-gateway.svc.cluster.local"
+          cluster: "outbound|80||modsecurity-crs.clover-gateway.svc.cluster.local"
+          timeout: 0.5s
+      failure_mode_allow: false
-- 
cgit 1.2.3-korg