diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/development/pipelines.md | 4 | ||||
| -rw-r--r-- | doc/user/clusters/applications.md | 28 |
2 files changed, 12 insertions, 20 deletions
diff --git a/doc/development/pipelines.md b/doc/development/pipelines.md index 1269087c38d..ba50b013c9f 100644 --- a/doc/development/pipelines.md +++ b/doc/development/pipelines.md @@ -264,10 +264,6 @@ subgraph "`qa` stage" dast -.-> |needs and depends on| G; end -subgraph "`notification` stage" - NOTIFICATION2["package-and-qa:notify-failure<br>(manual)"] -.-> |needs| Q; - end - subgraph "`post-test` stage" M end diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index a7753e3f3a4..0b889a29674 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -248,10 +248,10 @@ use an A record. If your external endpoint is a hostname, use a CNAME record. #### Web Application Firewall (ModSecurity) -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/issues/65192) in GitLab 12.3 (enabled using `ingress_modsecurity` [feature flag](../../development/feature_flags/development.md#enabling-a-feature-flag-in-development)). +> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/21966) in GitLab 12.7. Out of the box, GitLab provides you real-time security monitoring with -[`modsecurity`](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#modsecurity) +[ModSecurity](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#modsecurity). Modsecurity is a toolkit for real-time web application monitoring, logging, and access control. With GitLab's offering, the [OWASP's Core Rule Set](https://www.modsecurity.org/CRS/Documentation/), which provides generic attack detection capabilities, @@ -267,22 +267,18 @@ This feature: kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec/audit.log ``` -There is a small performance overhead by enabling `modsecurity`. If this is -considered significant for your application, you can either: +To enable ModSecurity, check the **Enable Web Application Firewall** checkbox +when installing your [Ingress application](#ingress). -- Disable ModSecurity's rule engine for your deployed application by setting - [the deployment variable](../../topics/autodevops/index.md) - `AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE` to `Off`. This will prevent ModSecurity from - processing any requests for the given application or environment. -- Toggle the feature flag to false by running the following command within your - instance's Rails console: +There is a small performance overhead by enabling ModSecurity. If this is +considered significant for your application, you can disable ModSecurity's +rule engine for your deployed application by setting +[the deployment variable](../../topics/autodevops/index.md) +`AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE` to `Off`. This will prevent ModSecurity +from processing any requests for the given application or environment. - ```ruby - Feature.disable(:ingress_modsecurity) - ``` - -Once disabled, you must [uninstall](#uninstalling-applications) and reinstall your Ingress -application for the changes to take effect. +To permanently disable it, you must [uninstall](#uninstalling-applications) and +reinstall your Ingress application for the changes to take effect. ### JupyterHub |