nginx_apache and CWAF/modsecurity

[gate2vn]

I wonder if nginx_apache is working well with CWAF/modsecurity? I just tried on a new server, and a lot of errors such as
- upstream prematurely closed connection while sending to client
- no upstream configuration

I will have time for digging deeper next week, but wanted to know if anyone notices the same issue?

Thanks.

 

[ViAdCk]

We have tried using it a couple of times but we always had to switch back to apache or remove cwaf. It doesn't appear to be stable..

 

[gate2vn]

Thanks for sharing. The good thing is that I saw it's blocking a lot of hacking attempts, especially to WordPress. But as you said, it seems to have trouble with stability. That's why I asked about other experiences.

Anyone else?

 

[wattie]

If you install mod_security in Nginx, not in Apache, it shouldn't do any problems I guess. I've seen such setups and they work.

 

[gate2vn]

As mentioned above, I am using nginx_apache, and then, I believe that CB compiles rules set for nginx, not apache.

 

[jwillberg]

I heard one of customer(not tested itself), that when you install modsecurity to nginx(front end proxy - nginx_apache) and the backend is apache, cause slowdown page requests without rules.

But why not use modsecurity in backend, because apache manage php scripts. Of course optimal is use in frontend always if possible!