Fix kubernetes#4629 - (and ((not false) false)) = true

somehow, this is weird but true. Previously, either owasp was disabled globally and rendered in all locations, or it was enabled globally. This commit fixes the logic issue by fixing the and-clause in the if-statement. This reduces baseline global modsecurity-enabled resource usage.
MMeent · Nov 28, 2019 · 44c55ae · 44c55ae
1 parent de12fc1
commit 44c55ae
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
@@ -1041,7 +1041,7 @@ stream {
             modsecurity_rules '
                 {{ $location.ModSecurity.Snippet }}
             ';
-            {{ else if (and ((not $all.Cfg.EnableOWASPCoreRules) $location.ModSecurity.OWASPRules))}}
+            {{ else if (and (not $all.Cfg.EnableOWASPCoreRules) ($location.ModSecurity.OWASPRules))}}
             modsecurity_rules_file /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf;
             {{ end }}