Use Modsec for all Cloud Platform apps that have ingress

[poornima-krishnasamy]

And CP app that open in the internet which has ingress, Check if those apps need a ingress and should be accessed externally. If yes, configure to be behind the modsecurity.

reports.cloud-platform.service.justice.gov.uk/dashboard modules.apps.live.cloud-platform.service.justice.gov.uk cloud-platform-metrics.apps.live.cloud-platform.service.justice.gov.uk (if possible perhaps we don't need this URL to be external - it's used by prometheus to scrape and could probably be removed and an internal URL used instead)

Communicate changes

• [ ] post for #cloud-platform-update
• [ ] Weeknotes item
• [ ] Show the Thing/P&A All Hands/User CoP
• [ ] Announcements channel

Questions / Assumptions

Definition of done

• [ ] readme has been updated
• [ ] user docs have been updated
• [ ] another team member has reviewed
• [ ] smoke tests are green
• [ ] prepare demo for the team

Reference

How to write good user stories

[mikebell]

hoodaw is now running on modsec

[mikebell]

go-get-module done

[mikebell]

Paused the rollout of metrics. Switching to modsec didn't go as planned. Possibly due to the custom deny headers in the ingress definition but needs testing properly after the firebreak.