using ModSec 3 with nginx rev proxy
-
Hey there! The first thing I would try would be switching back to ModSecurity 2 and seeing if that catches the test. If so, could you make a ticket with the exact test you're doing so we can file a case with our developers? ModSecurity 3 in cPanel is still Experimental, so it's completely possible there are issues. 0 -
Hey cPRex, The whole reason that I switched to ModSecurity 3 was because 2 wasn't catching anything either. My Hit lists were empty and I was not getting any notifications, as I previously was. This came up as I was reviewing /var/log/nginx/access_log one day on an unrelated matter and noticed TONS of obviously malicious requests. I blocked the IP address (and about 10 more they used thereafter) but ModSecurity should have easily caught them...this was not a sophisticated attack. I will try reverting one of my servers to version 2, just to be thorough and let you know the results... 0 -
Okay. So, I reverted to ModSecurity2, first leaving mod_suexec enabled. Works. Then I switched to mod_ruid2. Also working. So, it's working on the reverse proxy for the dotnet app and php apps, as I expected it would. I am wondering if when I elevated the servers to Alma, the elevate script just didn't reinstall `ea-modsec2-rules-owasp-crs-3.3.4-1.1.6.cpanel`...unfortunately, I have no way of determining if that is the case or not, since i upgraded them several months ago now. Anyway, thanks for the suggestions, glad it's working again now. Already have several hundred entries in the hit lists lol 0 -
I'm also glad it's working! If you run into something similar again and keep track of the steps, I'd be happy to check it out on my end. 0
Please sign in to leave a comment.
Comments
5 comments