[mod-security-users] nginx with modsecurity v3
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] nginx with modsecurity v3
|
From: Rakesh B. <rak...@gm...> - 2025-07-28 12:00:29
|
Dear Team,
I have Apache running with ModSecurity, and Apache is currently acting as a
reverse proxy. ModSecurity is working correctly in this setup.
Now, I want to migrate from Apache to Nginx. I have installed ModSecurity
version 3 (ModSecurity v3). I would like to log a custom variable from a
ModSecurity rule and use that variable in the Nginx access log.
What is the correct way to achieve this? Please help.
Should I migrate my setup to nginx??
I tried the following approach, but Nginx failed to reload.
Nginx Error while reload###
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File:
/etc/nginx/whitelist.conf. Line: 53. Column: 44. Expecting an action,
got: ctl:responseHeader=set X-TX-WAF:%{tx.waf},\ in
/etc/nginx/conf.d/932/93258.conf:12
Rule##
SecRule REQUEST_HEADERS:Host "^beta\.site\.net$"
\"id:4737,phase:2,pass,log,t:lowercase,chain"SecRule
ARGS|ARGS_NAMES|REQUEST_BODY|REQUEST_BASENAME|REQUEST_FILENAME|REQUEST_URI
"@rx ." \"setvar:tx.sqli_rule_removed=1,\setvar:tx.waf=0,\setvar:tx.msg1='SQLi
Whitelist for beta',\setvar:tx.id1=942100,\setvar:tx.wlmsg='CWL',\setvar:tx.data1='%{MATCHED_VAR}',\msg:'Removing
SQLi rule 942100 for beta.site.net',\
tag:'WHITELIST_RULE_ID',\severity:'INFO',\ctl:ruleRemoveById=942100"
SecRule TX:WAF "@eq 0" \"id:4738,\phase:4,\pass,\log,\ msg:'Setting
custom log headers for beta',\ctl:responseHeader=set
X-TX-WAF:%{tx.waf},\ctl:responseHeader=set
X-TX-Msg1:%{tx.msg1},\ctl:responseHeader=set
X-TX-Id1:%{tx.id1},\ctl:responseHeader=set
X-TX-Wlmsg:%{tx.wlmsg},\ctl:responseHeader=set X-TX-Data1:%{tx.data1}"
Thanks,
Rakesh Bare
|
