Re: [mod-security-users] Handling multiple clients with modsecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Handling multiple clients with modsecurity
|
From: Christian V. <cv...@it...> - 2021-03-08 11:28:59
|
Hi Blason, Is better if you separate everything as you mention, in that way you can configure by app: exclusions, rules, custom configuration, etc... If you are in a Debian distribution, you could use Waf2Py, will do what you are looking for with a easy web interface https://github.com/ITSec-Chile/Waf2Py Cheers Chris -- > On lunes, mar. 08, 2021 at 3:59 a. m., Blason R <bla...@gm... (mailto:bla...@gm...)> wrote: > Hi Folks, > > Here is my requirement and seeking any heads up from community - > I already have nginx server running for our multiple customers in reverse proxy mode > So Nginx reverse proxy is sending requests to customer web servers > lets say - > > Customer-1 exmaple.com (http://exmaple.com) -> web site example.com (http://example.com) > Customer-2 www.test.com (http://www.test.com) -. www.test.com (http://www.test.com) > Customer3- acme.com (http://acme.com) -> www.acme.com (http://www.acme.com) > > > Now I am trying to integrate modsecurity with Nginx > So my question is - Do I need to create a separate config file for every customer location? > like /etc/nginx/modsec/example.com/main.conf (http://example.com/main.conf) > > /etc/nginx/modsec/example.com/modsecurity.conf (http://example.com/modsecurity.conf) > /etc/nginx/modsec/example.com/coreruleset/rules/*.conf (http://example.com/coreruleset/rules/*.conf) > /etc/nginx/modsec/example.com/coreruleset/cor-ruleset.conf (http://example.com/coreruleset/cor-ruleset.conf) > > ################## > /etc/nginx/modsec/test.com/main.conf (http://test.com/main.conf) > /etc/nginx/modsec/test.com/modsecurity.conf (http://test.com/modsecurity.conf) > /etc/nginx/modsec/test.com/coreruleset/rules/*.conf (http://test.com/coreruleset/rules/*.conf) > /etc/nginx/modsec/test.com/coreruleset/cor-ruleset.conf (http://test.com/coreruleset/cor-ruleset.conf) > ################## > /etc/nginx/modsec/acme.com/main.conf (http://acme.com/main.conf) > /etc/nginx/modsec/acme.com/modsecurity.conf (http://acme.com/modsecurity.conf) > /etc/nginx/modsec/acme.com/coreruleset/rules/*.conf (http://acme.com/coreruleset/rules/*.conf) > /etc/nginx/modsec/acme.com/coreruleset/cor-ruleset.conf (http://acme.com/coreruleset/cor-ruleset.conf) > Is this correct method to manage rules/exceptions/blacklisting/whitelisting for multiple customers? Or is there any other alternative? > Plus logs should be separate for every customer which I am thinking to generate in json file > > > Please let me know if this is the correct option considering around 15-20 sites protected by nginx and customers. > > > SecAuditEngine RelevantOnly > SecAuditLogRelevantStatus "^(?:5|4(?!04))" > > > SecAuditLogParts ABIJDEFHZ > SecAuditLogFormat JSON > SecAuditLog /var/log/modsec_audit.log > > TIA > Blason R > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
