Merge branch 'docs-update-modsec-clarify-disablement' into 'master'

Clarify ModSecurity docs- rule engine disablement See merge request gitlab-org/gitlab!21206

Merge branch 'docs-update-modsec-clarify-disablement' into 'master'
Clarify ModSecurity docs- rule engine disablement See merge request gitlab-org/gitlab!21206
d14ff97e · Evan Read · 72aa2d0b · 83b8fa2e · d14ff97e
Commit d14ff97e authored Dec 09, 2019 by Evan Read
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 7 deletions

doc/user/clusters/applications.md doc/user/clusters/applications.md +13 -7

No files found.
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -267,13 +267,19 @@ This feature:
  kubectl -n gitlab-managed-apps exec -it $(kubectl get pods -n gitlab-managed-apps | grep 'ingress-controller' | awk '{print $1}') -- tail -f /var/log/modsec/audit.log
  ```

-There is a small performance overhead by enabling `modsecurity`. However, if this is
-considered significant for your application, you can toggle the feature flag back to
-false by running the following command within the Rails console:
-
-```ruby
-Feature.disable(:ingress_modsecurity)
-```
+There is a small performance overhead by enabling `modsecurity`. If this is
+considered significant for your application, you can either:
+
+- Disable ModSecurity's rule engine for your deployed application by setting
+  [the deployment variable](../../topics/autodevops/index.md)
+  `AUTO_DEVOPS_MODSECURITY_SEC_RULE_ENGINE` to `Off`. This will prevent ModSecurity from
+  processing any requests for the given application or environment.
+- Toggle the feature flag to false by running the following command within your
+  instance's Rails console:
+
+  ```ruby
+  Feature.disable(:ingress_modsecurity)
+  ```

 Once disabled, you must [uninstall](#uninstalling-applications) and reinstall your Ingress
 application for the changes to take effect.