Nginx with mod_security support

Question

I have compiled nginx with mod_security support. In error log I can see the support for mod_security

2012/08/27 11:13:11 [info] 602096#0: ModSecurity for nginx/2.7.0-rc2 (http://www.modsecurity.org/) configured.

2012/08/27 11:13:11 [info] 602096#0: ModSecurity: APR compiled version="1.4.2"; loaded version="1.4.2"

2012/08/27 11:13:11 [info] 602096#0: ModSecurity: PCRE compiled version="8.2 "; loaded version="8.02 2010-03-19"

2012/08/27 11:13:11 [info] 602096#0: ModSecurity: Loaded PCRE do not match with compiled!

2012/08/27 11:13:11 [info] 602096#0: ModSecurity: LIBXML compiled version="2.7.8"

I have loaded the ModSecurityConfig and ModSecurityEnabled ModSecurityConfig /usr/local/nginx/conf/modsecurity/modsecurity_crs_41_sql_injection_attacks.conf; ModSecurityEnabled On;

But I cant make mod_security work.

Attacks can get through and I get no error in log file.

Do i need to add any extra configuration to enable mod_security for ngix?

Note: Im using nginx as reverse proxy

Thanks

Hex · Accepted Answer · 2012-08-27T13:25:13.360

1

For those of you that may need a solution to this in the future:

I had to activate mod_security and I did this by adding "SecRuleEngine on" at the head modsecurity_crs_41_sql_injection_attacks.conf

edited Aug 27 '12 at 13:25

answered Aug 27 '12 at 12:46

Hex

1,939
10
17

Nginx with mod_security support

1 Answers1