Lead Security Researcher, SpiderLabs
Trustwave | SMART SECURITY ON DEMAND
I am using nginx 1.4 and modsecurity 2.7.7
Apart from the base rules I am trying to use the "optional_rules/modsecurity_crs_43_csrf_protection.conf" in nginx.
But when i start the nginx with the above said rules i get the following error "Unknown command in config: <LocationMatch " and the nginx refuses to start
When i did searched for the info, one of the sites says the LocationMatch(Apache directive) support is not there for IIS and it will be provided shortly
Does this hold true for nginx as well ?
And if i comment out LocationMatch, nginx starts properly and if i do so then i fear i may not be able to add the CSRF support with nginx+modsecurity
Or is it any particular segment that i can comment out in the file "optional_rules/modsecurity_crs_43_csrf_protection.conf" and add CSRF support