Re: [mod-security-users] Handling multiple clients with modsecurity

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks for the reply and heads up.

Any clue to for logs parsing tool apart from elk? I am looking for
multi-tenant facility.

On Mon, 8 Mar 2021, 17:01 Christian Varas via mod-security-users, <
mod...@li...> wrote:

> Hi Blason,
>
> Is better if you separate everything as you mention, in that way you can
> configure by app: exclusions, rules, custom configuration, etc...
>
> If you are in a Debian distribution, you could use Waf2Py, will do what
> you are looking for with a easy web interface
> https://github.com/ITSec-Chile/Waf2Py
>
> Cheers
> Chris
> --
>
> On lunes, mar. 08, 2021 at 3:59 a. m., Blason R <bla...@gm...>
> wrote:
> Hi Folks,
>
> Here is my requirement and seeking any heads up from community -
>
>    - I already have nginx server running for our multiple customers in
>    reverse proxy mode
>    - So Nginx reverse proxy is sending requests to customer web servers
>    - lets say -
>
>
>    - Customer-1 exmaple.com -> web site example.com
>    - Customer-2 www.test.com -. www.test.com
>    - Customer3-  acme.com -> www.acme.com
>
>
>    - Now I am trying to integrate modsecurity with Nginx
>    - So my question is - Do I need to create a separate config file for
>    every customer location?
>    - like /etc/nginx/modsec/example.com/main.conf
>
> /etc/nginx/modsec/example.com/modsecurity.conf
> /etc/nginx/modsec/example.com/coreruleset/rules/*.conf
> /etc/nginx/modsec/example.com/coreruleset/cor-ruleset.conf
> ##################
> /etc/nginx/modsec/test.com/main.conf
> /etc/nginx/modsec/test.com/modsecurity.conf
> /etc/nginx/modsec/test.com/coreruleset/rules/*.conf
> /etc/nginx/modsec/test.com/coreruleset/cor-ruleset.conf
> ##################
> /etc/nginx/modsec/acme.com/main.conf
> /etc/nginx/modsec/acme.com/modsecurity.conf
> /etc/nginx/modsec/acme.com/coreruleset/rules/*.conf
> /etc/nginx/modsec/acme.com/coreruleset/cor-ruleset.conf
>
>    - Is this correct method to manage
>    rules/exceptions/blacklisting/whitelisting for multiple customers? Or is
>    there any other alternative?
>    - Plus logs should be separate for every customer which I am thinking
>    to generate in json file
>
>
>    - Please let me know if this is the correct option considering around
>    15-20 sites protected by nginx and customers.
>
>
>    - SecAuditEngine RelevantOnly
>    - SecAuditLogRelevantStatus "^(?:5|4(?!04))"
>
>
>    - SecAuditLogParts ABIJDEFHZ
>    - SecAuditLogFormat JSON
>    - SecAuditLog /var/log/modsec_audit.log
>
> TIA
> Blason R
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>