Re: [Mod-security-developers] SecRemoteRule behaviour with Nginx and MS3
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] SecRemoteRule behaviour with Nginx and MS3
|
From: Felipe C. <FC...@tr...> - 2016-12-12 21:59:14
|
Hi Michael,
What do you have in your configuration file?
Is it is something like:
http {
server { }
server { }
}
Or
http {
server {}
}
http {
server {}
}
For the first case you can specify the ModSecurity configuration inside
the http tag. The second one is something that we have to work on it.
I did not thought about this second case when I was designing this
configuration thing. It seems like it is a common approach in the distros,
to split up the configuration into multiple files.
Let me check if there is an option on nginx to specify a global config
entry, that can hit multiple sites without being specified in the root.
My guess is that other `addons’ already hit this very same issue.
The download is just one of the problems, we also have to take into
consideration that those multiple configuration are residing in memory...
consuming memory without really need to.
Br.,
Felipe “Zimmerle” Costa
Security Researcher, Lead Developer ModSecurity.
Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com <http://www.trustwave.com/>
On 12/12/16, 6:18 PM, "Muenz, Michael" <m....@sp...> wrote:
>Hi,
>
>with Nginx and the latest MS3 the restart/reload of ModSecurity takes
>ages (around 5min) when Commercial Rules are enabled in modsecurity.conf
>via SecRemoteRule.
>
>Finally I *thought* that I found the solution to enable it via
>modsecurity_rules_remote directive from nginx. Now the reload takes
>about 15sec.
>
>The problem is, I'm running 20 small virtual hosts on the nginx instance
>and for every instance the rules are downloaded again and again. Now I'm
>back at the 5min.
>
>I can't imagine that this behavior is expected by the founder because I
>even can't start nginx via init/systemd because it times out. Only when
>starting the daemon with /usb/sbin/nginx it starts.
>
>
>Isn't there a way to download the rules one time and let all sites
>reference to it? I know I could/should ask the Trustwave support, but
>I'm sure they will get back to you :)
>
>
>Thanks,
>
>Michael
>
>
>
>------------------------------------------------------------------------------
>Check out the vibrant tech community on one of the world's most
>engaging tech sites, http://scanmail.trustwave.com/?c=4062&d=vJTP2MkZt9f34BtiRZoc8XeeIhUD1pXrwMKjzeouqA&s=5&u=http%3a%2f%2fSlashDot%2eorg%21 http://scanmail.trustwave.com/?c=4062&d=vJTP2MkZt9f34BtiRZoc8XeeIhUD1pXrwMH-xu8o_Q&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot
>_______________________________________________
>mod-security-developers mailing list
>mod...@li...
>https://scanmail.trustwave.com/?c=4062&d=vJTP2MkZt9f34BtiRZoc8XeeIhUD1pXrwJapzOl9rg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers
>ModSecurity Services from Trustwave's SpiderLabs:
>https://www.trustwave.com/spiderLabs.php
________________________________
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
|
