Hello,
I'd just like to announce that CustomBuild 2.0 rev. 1965 finally supports libModSecurity (ModSecurity 3.0) for nginx (and nginx_apache). Due to high instability and segfaulting, support for ModSecurity 2.x has been dropped completely when webserver=nginx/nginx_apache is set. Comodo WAF (modsecurity_ruleset=comodo) is not compatible with libModSecurity (ModSecurity 3.0) yet, so, we suggest switching to OWASP (or commercial rules providers, like Imunify360) for now, until Comodo makes their ruleset compatible.
Their connector for Apache is in beta phase now, so, the switch will be made later, unless we get many instability reports as we did get them for Nginx.
Thank you!
I'd just like to announce that CustomBuild 2.0 rev. 1965 finally supports libModSecurity (ModSecurity 3.0) for nginx (and nginx_apache). Due to high instability and segfaulting, support for ModSecurity 2.x has been dropped completely when webserver=nginx/nginx_apache is set. Comodo WAF (modsecurity_ruleset=comodo) is not compatible with libModSecurity (ModSecurity 3.0) yet, so, we suggest switching to OWASP (or commercial rules providers, like Imunify360) for now, until Comodo makes their ruleset compatible.
Their connector for Apache is in beta phase now, so, the switch will be made later, unless we get many instability reports as we did get them for Nginx.
Thank you!