nginx/1.9.9 with modsecurity/2.9.0 crashes with segfault and worker process exited on signal 11
Felipe Zimmerle
felipe at zimmerle.org
Mon Jan 11 16:12:00 UTC 2016
Hi Lukas,
On Sun, Jan 10, 2016 at 11:05 AM Lukas <l at ymx.ch> wrote:
> I found that recommendation. Since I also read that it would not be
> fully compatible with OWASP/CRS I have not given it a try.
>
> What is the situation regrading OWASP/CRS?
>
Currently there are three different versions of ModSecurity for nginx:
- Version 2.9.0: That is the last released version, I think that is the one
that you are using.
- nginx_refactoring: That version contains some fixes on the top of v2.9.0,
but those fixes may lead to instabilities depending on your configuration.
- ModSecurity-connector: That is something that still under development and
we have some work to do, to be exactly:
https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20documentation
https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20features
https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20operators
https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20transformation
https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20variables
Only use the ModSecurity-connector if you understands well the ModSecurity
rules and the consequences of the missing pieces.
Further information about libModSecurity can be found here:
http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html
or:
https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/
Br.,
Felipe.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160111/e548920f/attachment.html>
More information about the nginx
mailing list