We (likely newbie) recently started to use Kong Gateway to expose services to internet. Earlier we were using ingress-nginx and on the top of it, we install ModSecurity in order to implement some security rules for exposed APIs.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: demo-app-ext
namespace: kong
annotations:
konghq.com/protocols: "https"
konghq.com/https-redirect-status-code: "308"
konghq.com/plugins: "app-user-ext-acl, rate-limit-ext"
Considering Kong is built on top of Nginx, is this advisable to use kong and modsecurity annotations together in a same Ingress object? If not, please enlighten. Or any kong plugin available to achieve the same?
nginx.ingress.kubernetes.io/enable-modsecurity: "true"
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
nginx.ingress.kubernetes.io/modsecurity-snippet: |
SecRuleEngine On