Re: [mod-security-users] nginx+modsecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] nginx+modsecurity
|
From: Felipe C. <FC...@tr...> - 2015-03-23 12:43:35
|
Hi Andrew, One thing that you can do to temporary circumvent this problem, is to disable the request body inspection: - https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#secrequestb odyaccess Br, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> From: Andrew Camilleri <and...@gm...> Reply-To: "mod...@li..." <mod...@li...> Date: Friday, March 20, 2015 at 11:39 AM To: "mod...@li..." <mod...@li...> Subject: [mod-security-users] nginx+modsecurity Hi! I am trying to enable modsecurity in nginx and I got stuck. Here are my steps: yum install -y gcc make automake autoconf libtool yum install -y pcre pcre-devel libxml2 libxml2-devel curl curl-devel httpd-devel from modsecurity folder: ./configure --enable-standalone-module --disable-mlogc make from nginx folder: ./configure --add-module=../mod_security/nginx/modsecurity make sudo make install All works so far. Tested nginx on its own, and it works fine. So proceed to enable modsecurity and owasp rules. I follow steps from here <http://scanmail.trustwave.com/?c=4062&d=orKM1dRb6eXC5-lgj2hU3D-lnMEvCq7u6t FhIQYCwA&s=5&u=http%3a%2f%2fcronylab%2epl%2fart%2cnginx%2cmodsecurity%2chow to%2c201%2ehtml> which basically suggest to catenate modsecurity.conf-recommended, modsecurity_crs_10_setup.conf.example and crs-rules/*.conf together and also copy the base_rules/*data files to nginx conf. I go and start nginx and it doesnt complain. Then I browse onto my test app and it seems to work, but when I attempt to POST for a login, nginx hangs and I get the following in the error.log: 2015/03/20 11:33:37 [notice] 37800#0: signal process started 2015/03/20 11:33:41 [notice] 37801#0: ModSecurity for nginx (STABLE)/2.9.0 (http://www.modsecurity.org/ <http://scanmail.trustwave.com/?c=4062&d=orKM1dRb6eXC5-lgj2hU3D-lnMEvCq7u6o VkeAtSnA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2f>) configured. 2015/03/20 11:33:41 [notice] 37801#0: ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" 2015/03/20 11:33:41 [notice] 37801#0: ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05" 2015/03/20 11:33:41 [notice] 37801#0: ModSecurity: LIBXML compiled version="2.7.6" 2015/03/20 11:33:41 [notice] 37801#0: ModSecurity: StatusEngine call: "2.9.0,nginx,1.3.9/1.3.9,7.8/7.8 2008-09-05,(null),2.7.6,bd9197350c776162590f1f3364fb3a831179d4fa" 2015/03/20 11:33:41 [notice] 37801#0: ModSecurity: StatusEngine call successfully sent. For more information visit:http://status.modsecurity.org/ <http://scanmail.trustwave.com/?c=4062&d=orKM1dRb6eXC5-lgj2hU3D-lnMEvCq7u6t cyIV1Tkw&s=5&u=http%3a%2f%2fstatus%2emodsecurity%2eorg%2f> 2015/03/20 11:34:07 [alert] 37802#0: worker process 37803 exited on signal 9 2015/03/20 11:34:15 [alert] 37802#0: worker process 37822 exited on signal 9 The response in the browser is completely empty. I am running this on a CentOS 6.6 VM. Can anyone help please? I have attempted this with both stable nginx 1.6.2 and Mainline 1.7.10. Many thanks for reading this...Cheers! Andrew ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
