libModSecurity (ModSecurity 3.0 support)

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
10,628
Location
LT, EU
Hello,

I'd just like to announce that CustomBuild 2.0 rev. 1965 finally supports libModSecurity (ModSecurity 3.0) for nginx (and nginx_apache). Due to high instability and segfaulting, support for ModSecurity 2.x has been dropped completely when webserver=nginx/nginx_apache is set. Comodo WAF (modsecurity_ruleset=comodo) is not compatible with libModSecurity (ModSecurity 3.0) yet, so, we suggest switching to OWASP (or commercial rules providers, like Imunify360) for now, until Comodo makes their ruleset compatible.

Their connector for Apache is in beta phase now, so, the switch will be made later, unless we get many instability reports as we did get them for Nginx.

Thank you!
 
I just try to build libmodsecurity 3.0. for nginx_apache in both latest versions. I have set
modsecurity=3.0
modsecurity_ruleset=OWASP
in options.conf. However it is fail to start nginx after build libmodsecurity. I also checked in modsecurity.d directory, it always download comodo's rules files but those are zero bytes, not download the OWASP rules.
 
Last edited:
modsecurity_ruleset=OWASP isn't correct, it should be modsecurity_ruleset=owasp. I'd suggest setting it using "./build set modsecurity_ruleset ..." command :) Thank you!
 
im using imunify360 but dont see on rule set imunify360 just comodo and OWASP
 
Out of curiosity: how is performance affected when running this on shared hosting (say 200 websites)? What are the experiences with the compatibility with regular CMS'es like Wordpress etc?
 
Out of curiosity: how is performance affected when running this on shared hosting (say 200 websites)? What are the experiences with the compatibility with regular CMS'es like Wordpress etc?


Never checked the performance. I just installed modsecurity because I think it is a must have.
Compatibility is a problem though. In the beginning you need to monitor every "block" by modsecurity and evaluate if you will allow it or not. In case you want to allow it, you need to modify the owasp rules.

I've made some custom rules to for blocking bots.
 
Out of curiosity: how is performance affected when running this on shared hosting (say 200 websites)? What are the experiences with the compatibility with regular CMS'es like Wordpress etc?

I have the same question
 
Back
Top