[Mod-security-developers] SecRemoteRule behaviour with Nginx and MS3
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] SecRemoteRule behaviour with Nginx and MS3
|
From: Muenz, M. <m....@sp...> - 2016-12-12 21:18:40
|
Hi, with Nginx and the latest MS3 the restart/reload of ModSecurity takes ages (around 5min) when Commercial Rules are enabled in modsecurity.conf via SecRemoteRule. Finally I *thought* that I found the solution to enable it via modsecurity_rules_remote directive from nginx. Now the reload takes about 15sec. The problem is, I'm running 20 small virtual hosts on the nginx instance and for every instance the rules are downloaded again and again. Now I'm back at the 5min. I can't imagine that this behavior is expected by the founder because I even can't start nginx via init/systemd because it times out. Only when starting the daemon with /usb/sbin/nginx it starts. Isn't there a way to download the rules one time and let all sites reference to it? I know I could/should ask the Trustwave support, but I'm sure they will get back to you :) Thanks, Michael |
