Description
As discussed in this thread https://mojdt.slack.com/archives/C57UPMZLY/p1611057689075100
It seems there was a bug introduced into the the newer version of mod_security which was rolled out with nginx-ingress updates.
helm chart versions:
2.13.0 -> 3.6.0
Includes:
nginx-ingress
0.35.0 -> 0.40.2
Currently it is not possible to troubleshoot why a particular request was blocked. This is potentially a big problem for teams who want to use mod_security. There are hundred of rules and almost limitless ways in which to trigger them.
There is a service we would like to enable mod_security on, however it is unlikely we can practically do it without being able to diagnose any potential blocked requests.
Raising this ticket for visibility in the CP team - and maybe a work around can be found.