From 98c01767ab1754e45129d37926fd713a4afd73ff Mon Sep 17 00:00:00 2001
From: Jack Crawford <Jack.Crawford@Profisee.com>
Date: Thu, 15 Jun 2023 16:21:37 +1000
Subject: [PATCH 1/3] updated nginx ingress configuration

---
 profisee-platform/templates/ingress-profisee.yaml | 11 +++++++++++
 profisee-platform/values.yaml                     |  2 ++
 2 files changed, 13 insertions(+)

diff --git a/profisee-platform/templates/ingress-profisee.yaml b/profisee-platform/templates/ingress-profisee.yaml
index 9931afdd..b69ff20e 100644
--- a/profisee-platform/templates/ingress-profisee.yaml
+++ b/profisee-platform/templates/ingress-profisee.yaml
@@ -17,6 +17,17 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-read-timeout: "5400"
     nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "5400"
+    nginx.ingress.kubernetes.io/server-snippet: |
+      set $block 0;
+      if ($http_x_imperva_id !~* "{{.Values.ingress.impervaHeaderId}}" ) {
+         set $block 1;
+      }
+      if ($uri == "/healthcheck" ) {
+         set $block 0;
+      }
+      if ($block == 1) {
+         return 403;
+      }
     {{- if .Values.profiseeRunTime.isPaaS }}
     nginx.ingress.kubernetes.io/rewrite-target: /$1
     {{- end }}
diff --git a/profisee-platform/values.yaml b/profisee-platform/values.yaml
index 2cb33db1..82f619ed 100644
--- a/profisee-platform/values.yaml
+++ b/profisee-platform/values.yaml
@@ -3,6 +3,8 @@ sqlServer:
     databaseName: "$SQLDBNAME"
     userName: "$SQLUSERNAME"
     password: "$SQLUSERPASSWORD"
+ingress:
+    impervaHeaderId: ""
 profiseeRunTime:
     useLetsEncrypt: $USELETSENCRYPT
     adminAccount: "$ADMINACCOUNTNAME"

From 8f8808ebb2a9577cfdc1ed1808868455ed7d3eef Mon Sep 17 00:00:00 2001
From: Jack Crawford <Jack.Crawford@Profisee.com>
Date: Tue, 20 Jun 2023 09:52:39 +1000
Subject: [PATCH 2/3] updated helm version

---
 profisee-platform/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profisee-platform/Chart.yaml b/profisee-platform/Chart.yaml
index cbfcb3e0..8b8d79f7 100644
--- a/profisee-platform/Chart.yaml
+++ b/profisee-platform/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Profisee Platform on Kubernetes
 name: profisee-platform
 type: application
-version: 0.1.26
+version: 0.1.27

From 23ad8e130a239022ae1f12cd588e3ff15f3609ec Mon Sep 17 00:00:00 2001
From: Jack Crawford <Jack.Crawford@Profisee.com>
Date: Wed, 21 Jun 2023 11:34:31 +1000
Subject: [PATCH 3/3] modified condition logic

---
 profisee-platform/templates/ingress-profisee.yaml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/profisee-platform/templates/ingress-profisee.yaml b/profisee-platform/templates/ingress-profisee.yaml
index b69ff20e..21a26476 100644
--- a/profisee-platform/templates/ingress-profisee.yaml
+++ b/profisee-platform/templates/ingress-profisee.yaml
@@ -19,13 +19,16 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-send-timeout: "5400"
     nginx.ingress.kubernetes.io/server-snippet: |
       set $block 0;
-      if ($http_x_imperva_id !~* "{{.Values.ingress.impervaHeaderId}}" ) {
-         set $block 1;
+      if ($http_x_gateway_validated != 1) {
+        set $block 1;
       }
-      if ($uri == "/healthcheck" ) {
+      if ($http_x_from_agw != 1) {
+        set $block 0;
+      }
+      if ($uri = "/healthcheck" ) {
          set $block 0;
       }
-      if ($block == 1) {
+      if ($block = 1) {
          return 403;
       }
     {{- if .Values.profiseeRunTime.isPaaS }}