Modsecurity with nginx_apache (both apache and nginx including the rules)

drukpa

Verified User
Joined
Aug 30, 2019
Messages
20
Successfully completed a nginx_apache setup and am trying to setup some custom modsecurity rules for Wordpress.

However, I have noticed that both nginx and apache have modsecurity in their configurations (Both httpd and nginx has the /etc/modsecurity.d/*.conf in their configuration).
My custom rule uses the <LocationMatch> rule which is only supported on Apache. So, when I do a ./build rewrite_confs after adding the rule, nginx fails to start.

Kinda confused how this works. Is it necessary for both nginx and apache to process the same rules? Can I skip nginx from processing the rules and let apache handle it?
 
Any way to make them work on Apache instead of nginx and retain that on builds / updates / rewrite_confs ?

I used a custombuild custom modsecurity conf folder with my custom .conf for mod security.
It's retained, but when switching to nginx_apache nginx dies for the same reason.
I got lots of rules that's apache specific.
 
Back
Top