Comments (7)
modsecurity_rules_file is valid in the server context too (but the doc says to put it in location context).
I had put it in 2 locations per server. Now i removed it and put it outside location block (only once per server in this case )
Even now nginx -t is consuming a lot of time to finish. I guess it needs to loop through all the crs file for each server?.
Following is the time taken for 36 domains in a 2 GB KVM vps
# time nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
real 0m23.287s
user 0m22.147s
sys 0m0.863s
I am sure this will be almost on a very big scale for servers hosting 500+ domains.
from modsecurity-nginx.
Hi @AnoopAlias,
any reason why not to use the configuration in the global (http) section ?
from modsecurity-nginx.
@zimmerle - Ok putting this in the http context works. I was just following the docs which mention about putting the rules file in location context.
So I guess the best way to do this put
modsecurity on;
modsecurity_rules_file /etc/nginx/conf.d/zz_modsecurity.conf;
in the http context and for vhost's that dont need mod_sec put
modsecurity off;
in the server section
?
from modsecurity-nginx.
That would be a good idea :)
Tell me if you face any problems.
from modsecurity-nginx.
@zimmerle I have the same problem here. Stopped the groups, increased sh.min and sh.memmax in /etc/sysctl.conf but nginx does not start again. I use mosecurity on in the server { block, but not in http because I don't want modsec to be turned for all customers, every customer has a user.conf.
from modsecurity-nginx.
@intelbg - if you set modsecurity off; in the server {} context it dosnt work for the vhost ,so is fine.
from modsecurity-nginx.
@AnoopAlias the problem exists even if mod security directive is not present on the vhosts. I created another post for that - even when modsec does not work work for the vhosts , only compiled in the nginx binary it has memory allocation problems and servers loads on 150+ immediately after nginx configtest or restart. Without modsec there isn't a problems.
from modsecurity-nginx.
Related Issues (20)
- About the implementation of dynamic configuration rules HOT 4
- Modsec phases and Nginx phases pratice HOT 3
- Issue with transaction variable and chained rule HOT 1
- exist memory leak! HOT 1
- getting error while starting ngnix server HOT 4
- Wordpress WooComerce checkout on Mobile Devices, rule exclusions not working, not identified HOT 2
- 'Host' header missing when HTTP3 is in use prevents "SecRule REQUEST_HEADERS:Host" rules from being effective. HOT 3
- Nginx Segfaulted HOT 24
- How to make lua script or nginx-plugin to send modsec-audit.log to redis not file transformer HOT 6
- regarding the Hidden field manipulation HOT 1
- OCSP validation not working
- Modsecurity STDOUT Logging
- GeoIP databases in ingress-nginx without maxmind GeoIP2 HOT 1
- macos 环境下编译错误 HOT 1
- Audtilog not works with nginx default-backend
- expirevar not working HOT 6
- Print ModSecurity version from nginx connector HOT 4
- CI workflow on Windows is missing HOT 1
- size of the LMDB database file does not change HOT 2
- No new version of the nginx connector has been cut in a long time(2 years) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity-nginx.