Re: [Mod-security-developers] SecRemoteRule behaviour with Nginx and MS3
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] SecRemoteRule behaviour with Nginx and MS3
|
From: Muenz, M. <m....@sp...> - 2016-12-13 05:14:52
|
Am 12.12.2016 um 22:59 schrieb Felipe Costa:
> Hi Michael,
>
> What do you have in your configuration file?
>
> Is it is something like:
>
> http {
> server { }
> server { }
> }
>
> Or
>
> http {
> server {}
> }
>
> http {
> server {}
> }
>
>
> For the first case you can specify the ModSecurity configuration inside
> the http tag. The second one is something that we have to work on it.
> I did not thought about this second case when I was designing this
> configuration thing. It seems like it is a common approach in the distros,
> to split up the configuration into multiple files.
>
> Let me check if there is an option on nginx to specify a global config
> entry, that can hit multiple sites without being specified in the root.
> My guess is that other `addons’ already hit this very same issue.
>
> The download is just one of the problems, we also have to take into
> consideration that those multiple configuration are residing in memory...
> consuming memory without really need to.
>
>
Hi Felipe,
In my main nginx.conf ist just the http {} with all the backend servers
(it's a reverse proxy).
All the virtual hosts are stored in a subdirectory only with the server
{} stuff and were included within the http {}from above.
So then it must be the first case, but when I set this in http {]
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
modsecurity_rules_remote key
https://dashboard.modsecurity.org/rules/download/plain;
Nothing happens. nginx -t doesn't report any problems but when I reload
nginx and follow the traffic with tcpdump, it doesn't try to download
the rules.
Thanks,
Michael
|
