Thread: [mod-security-users] NGINX Disable Rule
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Phil D. <ux...@sp...> - 2015-06-05 07:43:56
|
Hello all, Am trying to disable a rule using: SecRuleRemoveById 341245; in NGINX 1.9 with ModSec 2.9 and when I execute nginx -t -c /etc/nginx.conf am receiving: nginx: [emerg] unknown directive "SecRuleRemoveById" in .... That would suggest ModSec is not loading but it is blocking URIs ?? Thanks, Phil (null) |
|
From: Felipe C. <FC...@tr...> - 2015-06-05 11:29:34
|
Hi Phil, Please use ³SecRuleRemoveById" inside the file pointed by ³ModSecurityConfig² directive in your nginx configuration. Br, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 6/5/15, 4:43 AM, "Phil Daws" <ux...@sp...> wrote: >Hello all, > >Am trying to disable a rule using: > >SecRuleRemoveById 341245; > >in NGINX 1.9 with ModSec 2.9 and when I execute nginx -t -c >/etc/nginx.conf am receiving: > >nginx: [emerg] unknown directive "SecRuleRemoveById" in .... > >That would suggest ModSec is not loading but it is blocking URIs ?? > >Thanks, Phil > >(null) > >-------------------------------------------------------------------------- >---- >_______________________________________________ >mod-security-users mailing list >mod...@li... >http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ6 >gPc2MhnA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo% >2fmod-security-users >Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >pdJzp1mA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >l%2frules%2f >http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >tZdTYhzQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >l%2fsupport%2f ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Phil D. <ux...@sp...> - 2015-06-05 11:46:31
|
Hello Felipe: So I assume by that the directive is not understood at location/and or vhost level ? Thanks, Phil ----- On 5 Jun, 2015, at 12:29, Felipe Costa FC...@tr... wrote: > Hi Phil, > > Please use ³SecRuleRemoveById" inside the file pointed by > ³ModSecurityConfig² directive in your nginx configuration. > > > Br, > Felipe ³Zimmerle² Costa > Security Researcher, SpiderLabs > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com <http://www.trustwave.com/> > > > > > > > On 6/5/15, 4:43 AM, "Phil Daws" <ux...@sp...> wrote: > >>Hello all, >> >>Am trying to disable a rule using: >> >>SecRuleRemoveById 341245; >> >>in NGINX 1.9 with ModSec 2.9 and when I execute nginx -t -c >>/etc/nginx.conf am receiving: >> >>nginx: [emerg] unknown directive "SecRuleRemoveById" in .... >> >>That would suggest ModSec is not loading but it is blocking URIs ?? >> >>Thanks, Phil >> >>(null) >> >>-------------------------------------------------------------------------- >>---- >>_______________________________________________ >>mod-security-users mailing list >>mod...@li... >>http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ6 >>gPc2MhnA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo% >>2fmod-security-users >>Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>pdJzp1mA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>l%2frules%2f >>http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>tZdTYhzQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>l%2fsupport%2f > > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the intended > recipient, you are hereby notified that any disclosure, copying, distribution, > or use of the information contained herein (including any reliance thereon) is > strictly prohibited. If you received this transmission in error, please > immediately contact the sender and destroy the material in its entirety, > whether in electronic or hard copy format. (null) |
|
From: Robert P. <rpa...@fe...> - 2015-06-05 16:36:24
|
Yes, ³SecRuleRemoveById is not a valid nginx config directive in any context. It is a modsecurity directive, which will live in items own config file. > On Jun 5, 2015, at 4:45, Phil Daws <ux...@sp...> wrote: > > Hello Felipe: > > So I assume by that the directive is not understood at location/and or vhost level ? > > Thanks, Phil > > ----- On 5 Jun, 2015, at 12:29, Felipe Costa FC...@tr... wrote: > >> Hi Phil, >> >> Please use ³SecRuleRemoveById" inside the file pointed by >> ³ModSecurityConfig² directive in your nginx configuration. >> >> >> Br, >> Felipe ³Zimmerle² Costa >> Security Researcher, SpiderLabs >> >> Trustwave | SMART SECURITY ON DEMAND >> www.trustwave.com <http://www.trustwave.com/> >> >> >> >> >> >> >>> On 6/5/15, 4:43 AM, "Phil Daws" <ux...@sp...> wrote: >>> >>> Hello all, >>> >>> Am trying to disable a rule using: >>> >>> SecRuleRemoveById 341245; >>> >>> in NGINX 1.9 with ModSec 2.9 and when I execute nginx -t -c >>> /etc/nginx.conf am receiving: >>> >>> nginx: [emerg] unknown directive "SecRuleRemoveById" in .... >>> >>> That would suggest ModSec is not loading but it is blocking URIs ?? >>> >>> Thanks, Phil >>> >>> (null) >>> >>> -------------------------------------------------------------------------- >>> ---- >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ6 >>> gPc2MhnA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo% >>> 2fmod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>> pdJzp1mA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>> l%2frules%2f >>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>> tZdTYhzQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>> l%2fsupport%2f >> >> >> ________________________________ >> >> This transmission may contain information that is privileged, confidential, >> and/or exempt from disclosure under applicable law. If you are not the intended >> recipient, you are hereby notified that any disclosure, copying, distribution, >> or use of the information contained herein (including any reliance thereon) is >> strictly prohibited. If you received this transmission in error, please >> immediately contact the sender and destroy the material in its entirety, >> whether in electronic or hard copy format. > > (null) > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Phil D. <ux...@sp...> - 2015-06-05 17:30:45
|
Though one is able to remove at vhost level in Apache; so is this a NGINX or ModSec constraint ? Thanks, P. ----- On 5 Jun, 2015, at 17:09, Robert Paprocki rpa...@fe... wrote: > Yes, ³SecRuleRemoveById is not a valid nginx config directive in any context. It > is a modsecurity directive, which will live in items own config file. > >> On Jun 5, 2015, at 4:45, Phil Daws <ux...@sp...> wrote: >> >> Hello Felipe: >> >> So I assume by that the directive is not understood at location/and or vhost >> level ? >> >> Thanks, Phil >> >> ----- On 5 Jun, 2015, at 12:29, Felipe Costa FC...@tr... wrote: >> >>> Hi Phil, >>> >>> Please use ³SecRuleRemoveById" inside the file pointed by >>> ³ModSecurityConfig² directive in your nginx configuration. >>> >>> >>> Br, >>> Felipe ³Zimmerle² Costa >>> Security Researcher, SpiderLabs >>> >>> Trustwave | SMART SECURITY ON DEMAND >>> www.trustwave.com <http://www.trustwave.com/> >>> >>> >>> >>> >>> >>> >>>> On 6/5/15, 4:43 AM, "Phil Daws" <ux...@sp...> wrote: >>>> >>>> Hello all, >>>> >>>> Am trying to disable a rule using: >>>> >>>> SecRuleRemoveById 341245; >>>> >>>> in NGINX 1.9 with ModSec 2.9 and when I execute nginx -t -c >>>> /etc/nginx.conf am receiving: >>>> >>>> nginx: [emerg] unknown directive "SecRuleRemoveById" in .... >>>> >>>> That would suggest ModSec is not loading but it is blocking URIs ?? >>>> >>>> Thanks, Phil >>>> >>>> (null) >>>> >>>> -------------------------------------------------------------------------- >>>> ---- >>>> _______________________________________________ >>>> mod-security-users mailing list >>>> mod...@li... >>>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ6 >>>> gPc2MhnA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo% >>>> 2fmod-security-users >>>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>>> pdJzp1mA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>>> l%2frules%2f >>>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>>> tZdTYhzQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>>> l%2fsupport%2f >>> >>> >>> ________________________________ >>> >>> This transmission may contain information that is privileged, confidential, >>> and/or exempt from disclosure under applicable law. If you are not the intended >>> recipient, you are hereby notified that any disclosure, copying, distribution, >>> or use of the information contained herein (including any reliance thereon) is >>> strictly prohibited. If you received this transmission in error, please >>> immediately contact the sender and destroy the material in its entirety, >>> whether in electronic or hard copy format. >> >> (null) >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ (null) |
|
From: Jacob M. <j.m...@va...> - 2015-06-05 17:35:47
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ModSecurity was initially built for Apache and so to adapt to Nginx I am sure some limitations cropped up as far as syntax is concerned. I'd say it's a limitation of the mod security implementation on Nginx. Easier to point to a special file than to change all of the native directive syntax. afiak anyway. On 06/05/2015 12:29 PM, Phil Daws wrote: > Though one is able to remove at vhost level in Apache; so is this a > NGINX or ModSec constraint ? > > Thanks, P. > > ----- On 5 Jun, 2015, at 17:09, Robert Paprocki > rpa...@fe... wrote: > >> Yes, ³SecRuleRemoveById is not a valid nginx config directive in >> any context. It is a modsecurity directive, which will live in >> items own config file. >> >>> On Jun 5, 2015, at 4:45, Phil Daws <ux...@sp...> wrote: >>> >>> Hello Felipe: >>> >>> So I assume by that the directive is not understood at >>> location/and or vhost level ? >>> >>> Thanks, Phil >>> >>> ----- On 5 Jun, 2015, at 12:29, Felipe Costa >>> FC...@tr... wrote: >>> >>>> Hi Phil, >>>> >>>> Please use ³SecRuleRemoveById" inside the file pointed by >>>> ³ModSecurityConfig² directive in your nginx configuration. >>>> >>>> >>>> Br, Felipe ³Zimmerle² Costa Security Researcher, SpiderLabs >>>> >>>> Trustwave | SMART SECURITY ON DEMAND www.trustwave.com >>>> <http://www.trustwave.com/> >>>> >>>> >>>> >>>> >>>> >>>> >>>>> On 6/5/15, 4:43 AM, "Phil Daws" <ux...@sp...> >>>>> wrote: >>>>> >>>>> Hello all, >>>>> >>>>> Am trying to disable a rule using: >>>>> >>>>> SecRuleRemoveById 341245; >>>>> >>>>> in NGINX 1.9 with ModSec 2.9 and when I execute nginx -t >>>>> -c /etc/nginx.conf am receiving: >>>>> >>>>> nginx: [emerg] unknown directive "SecRuleRemoveById" in >>>>> .... >>>>> >>>>> That would suggest ModSec is not loading but it is blocking >>>>> URIs ?? >>>>> >>>>> Thanks, Phil >>>>> >>>>> (null) >>>>> >>>>> -------------------------------------------------------------------------- >>>>> >>>>> - ---- >>>>> _______________________________________________ >>>>> mod-security-users mailing list >>>>> mod...@li... >>>>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ6 >>>>> >>>>> gPc2MhnA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo% >>>>> 2fmod-security-users Commercial ModSecurity Rules and >>>>> Support from Trustwave's SpiderLabs: >>>>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>>>> >>>>> pdJzp1mA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>>>> l%2frules%2f >>>>> http://scanmail.trustwave.com/?c=4062&d=lNXx1cNByLrpUiAuL4cPX6nGun1zWeVlJ_ >>>>> >>>>> tZdTYhzQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercia >>>>> l%2fsupport%2f >>>> >>>> >>>> ________________________________ >>>> >>>> This transmission may contain information that is privileged, >>>> confidential, and/or exempt from disclosure under applicable >>>> law. If you are not the intended recipient, you are hereby >>>> notified that any disclosure, copying, distribution, or use >>>> of the information contained herein (including any reliance >>>> thereon) is strictly prohibited. If you received this >>>> transmission in error, please immediately contact the sender >>>> and destroy the material in its entirety, whether in >>>> electronic or hard copy format. >>> >>> (null) >>> >>> ------------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ > > (null) > > ------------------------------------------------------------------------------ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > - -- Jacob Margason Application Server Administrator VUIT Linux Applications | Vanderbilt University 615.380.1013 | j.m...@va... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVcd2qAAoJEOKIfAVg1OvdPfsP/1FiJ4xRBgPkauZznF8WyeqB 2F1eVwoFV34bLnmEPF7f/9do2PtJfrwIFTTCDyeAlDIj5JGPA05hTcrJlvZqa2sT lYY9wFt7EJPitddZaiZ5cgKFvv6bsqe94XhZro9X+kGCSzeAZmrTMylfv1zbYelW DpVwlgFFENWdGTqS4hgzDzBEpoLJJshTYBPgUNyc4T5Fm4DzP2pGHhciOCDB+ryF K+7Rag5MCBqDPslmbdgl7lXi1sKOEzihsMrSVs72TmySgUeFUNjpgzrO56BAcrAX OJoJC39iAE1KRaT4zWU23YVsbdf6rDuy2E4lv536rOtz22JNObxKUA0NFa/mWauk NwYkABmc8LbnGyH6YbdGQQh1TtZ7fLB3fqwuHfsbzHzSTzs7ltsFxUw6/4e2jCoL zX4dfeQrLYVIxi94WgGlwYA+bHM7A1PQFdLHyVaD5lK+RavBoo7EsTFpxw8huxJ0 Y/7FFwCpFLGvzL2woo+myLXv6+N2jKBDD1Q1hzIH23OhtSIPpve3UfqNCOtW7u5K hbSW+jnsPtFrfvYrfzxbv+qRcP4LtiM7MupmtCr+Kop7bnDLCv70AD+y98Su63l4 8oGjLDXukSBM5jKsoEIhXdkPqZriC5kSBKhdKotRXgKoMO9S1iVUJEAynwmyAaBM RVA5ZeIQogbA4gok0ES3 =Muy0 -----END PGP SIGNATURE----- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X