Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?
Matej Zuzčák
mzuzcak at secit.sk
Tue Nov 29 08:08:23 UTC 2016
Hello all,
I have installed Drupal 7 on latest version of Nginx web server which
was compiled with support of ModSecurity module. I have activated core
OWASP rule set. But when I active ModSecurity in my virtual host config
file for my Drupal 7 web I do not login, register or reset password with
this error in log:
[error] 11158#0: *1 open() "/var/www/MY_WEBSITE/node" failed (2: No such
file or directory), client: IP, server: MY_SERVER, request: "POST
/node?destination=node HTTP/1.1", host: "MY_WEBSITE", referrer:
"http://MY_WEBSITE/"
And client gets 404 error page.
I applied these practices
https://geekflare.com/modsecurity-owasp-core-rule-set-nginx/ and
https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/
When I change SecRuleEngine from "On" to "DetectionOnly" result is the
same, For correct operation I have to "switch off" ModSecurity in
virtual host config for domain.
So please have you any advices for solving this problem?
Help me please.
Many thanks!
--
Best Regards
Matej Zuzcak
More information about the nginx
mailing list