Re: [Mod-security-developers] ModSecurity extension for Nginx
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSecurity extension for Nginx
|
From: Carlos V. <ca...@ta...> - 2014-10-20 08:54:40
|
I use the Core rules too, but with some escape routes. I don't know how your web site works, but in most cases you can identify a few usage patterns. In my case, a request can be authenticated, under authentication, or public. As a webmail has very few public requests (normally only access to js, css, icons, and images), rules are more stringent there. If it is under authentication, we count the number of "bad password" answer and block the IP for 10 minutes after 3. If the user is authenticated and the URI falls in a set of "normal" paths, we accept the request right-away, minimizing the performance impact. In other words, the Core rules are a good starting point, but there is no "one size fits all" approach. If you apply all the rules to all your requests you will pay a performance penalty, and parts of your site will not work, because of false-positives. So you have to spend some time analyzing what to filter and how. On Mon, Oct 20, 2014 at 10:16 AM, Hoang Hai Nam <na...@gm...> wrote: > Hi Carlos, > How many rules you applied for your system? I intend to use the whole the > "Core rule set", It has a lot of rules, than if I use it each user's > request will be inspect by hundreds of rules. > Meanwhile reverse proxy ModSecurity becomes the bottleneck of the whole > system. > > On Mon, Oct 20, 2014 at 2:40 PM, Carlos Vidal <ca...@ta...> wrote: > >> I'm using nginx+modsec with a webmail system (Zimbra) hosting 25K users >> and it works pretty well. Performance depends of course on the number of >> rules you apply and in which phases. You can define hundreds of rules but >> have only a few that are used in the most common requests. If performance >> is paramount for your site, you will need to spend some time analyzing >> modsec logs to find which rules give you the highest "protection/load" >> ratio. >> >> On Mon, Oct 20, 2014 at 6:27 AM, Hoang Hai Nam <na...@gm...> wrote: >> >>> Hi everyone, >>> I'm planning to use ModSecurity for Nginx (reverse proxy form) to >>> protect the multipe my company's website, but I confused for Development >>> Status: BETA, and I do not know that ModSecurity for Nginx has stable >>> performance with Core Rule Set or not? >>> >>> Nginx has a very good performance when used as a reverse proxy, so I want >>> to ask for advices on the using Nginx with ModSecurity >>> >>> Looking forward to reply, Thanks all very much. >>> >>> -- >>> Best regards, >>> >>> ----------------------------------------------------------------------------- >>> *Hoang Hai Nam, senior* >>> Department of Software Engineering >>> School of Information and Communication Technology (SoICT, >>> http://www.soict.hut.edu.vn) >>> Hanoi University of Science and Technology (HUST, http://www.hut.edu.vn) >>> C1 Building - No 1, Dai Co Viet Street, Ha Noi, Vietnam >>> Yahoo: soap412 >>> Mobile: +84 (0)9.13.09.66.46 >>> Facebook: https://www.facebook.com/nam.hoanghai >>> E-mail: na...@gm... >>> nam...@ho... >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Comprehensive Server Monitoring with Site24x7. >>> Monitor 10 servers for $9/Month. >>> Get alerted through email, SMS, voice calls or mobile push notifications. >>> Take corrective actions from your mobile device. >>> http://p.sf.net/sfu/Zoho >>> _______________________________________________ >>> mod-security-developers mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >>> ModSecurity Services from Trustwave's SpiderLabs: >>> https://www.trustwave.com/spiderLabs.php >>> >> >> >> >> ------------------------------------------------------------------------------ >> Comprehensive Server Monitoring with Site24x7. >> Monitor 10 servers for $9/Month. >> Get alerted through email, SMS, voice calls or mobile push notifications. >> Take corrective actions from your mobile device. >> http://p.sf.net/sfu/Zoho >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > > > -- > Best regards, > > ----------------------------------------------------------------------------- > *Hoang Hai Nam, senior* > Department of Software Engineering > School of Information and Communication Technology (SoICT, > http://www.soict.hut.edu.vn) > Hanoi University of Science and Technology (HUST, http://www.hut.edu.vn) > C1 Building - No 1, Dai Co Viet Street, Ha Noi, Vietnam > Yahoo: soap412 > Mobile: +84 (0)9.13.09.66.46 > Facebook: https://www.facebook.com/nam.hoanghai > E-mail: na...@gm... > nam...@ho... > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
