Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?
Matej Zuzčák
mzuzcak at secit.sk
Thu Dec 1 10:35:26 UTC 2016
Hello Andrei,
thank you for your reply. I found that it is know bug if ModSecurity
works in reverse proxy mode. So I will try use special nginx connector
module as you say.
Best Regrads
Matej Zuzcak
Dňa 1.12.2016 o 10:13 Andrei Belov napísal(a):
> Hi Matej,
>
>> On 29 Nov 2016, at 11:08, Matej Zuzčák <mzuzcak at secit.sk> wrote:
>>
>> Hello all,
>>
>> I have installed Drupal 7 on latest version of Nginx web server which
>> was compiled with support of ModSecurity module. I have activated core
>> OWASP rule set. But when I active ModSecurity in my virtual host config
>> file for my Drupal 7 web I do not login, register or reset password with
>> this error in log:
>>
>> [error] 11158#0: *1 open() "/var/www/MY_WEBSITE/node" failed (2: No such
>> file or directory), client: IP, server: MY_SERVER, request: "POST
>> /node?destination=node HTTP/1.1", host: "MY_WEBSITE", referrer:
>> "http://MY_WEBSITE/"
>>
>> And client gets 404 error page.
>>
>> I applied these practices
>> https://geekflare.com/modsecurity-owasp-core-rule-set-nginx/ and
>> https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/
>>
>> When I change SecRuleEngine from "On" to "DetectionOnly" result is the
>> same, For correct operation I have to "switch off" ModSecurity in
>> virtual host config for domain.
>>
>> So please have you any advices for solving this problem?
> What version of ModSecurity are you using with nginx?
>
> ModSecurity 2.x with its "standalone" mode is somewhat outdated.
>
> Currently there are libmodsecurity (aka ModSecurity 3.x) project [1] and special nginx connector module [2]
> that should be used instead.
>
> Also it is a good idea to report ModSecurity related issues to the corresponding github projects.
>
>
> [1] https://github.com/SpiderLabs/ModSecurity/tree/v3/master
> [2] https://github.com/SpiderLabs/ModSecurity-nginx/tree/master
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list