libModSecurity (ModSecurity 3.0 support)

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,341
Location
LT, EU
Hello,

I'd just like to announce that CustomBuild 2.0 rev. 1965 finally supports libModSecurity (ModSecurity 3.0) for nginx (and nginx_apache). Due to high instability and segfaulting, support for ModSecurity 2.x has been dropped completely when webserver=nginx/nginx_apache is set. Comodo WAF (modsecurity_ruleset=comodo) is not compatible with libModSecurity (ModSecurity 3.0) yet, so, we suggest switching to OWASP (or commercial rules providers, like Imunify360) for now, until Comodo makes their ruleset compatible.

Their connector for Apache is in beta phase now, so, the switch will be made later, unless we get many instability reports as we did get them for Nginx.

Thank you!
 

Wilson

Verified User
Joined
May 27, 2007
Messages
12
I just try to build libmodsecurity 3.0. for nginx_apache in both latest versions. I have set
modsecurity=3.0
modsecurity_ruleset=OWASP
in options.conf. However it is fail to start nginx after build libmodsecurity. I also checked in modsecurity.d directory, it always download comodo's rules files but those are zero bytes, not download the OWASP rules.
 
Last edited:

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,341
Location
LT, EU
modsecurity_ruleset=OWASP isn't correct, it should be modsecurity_ruleset=owasp. I'd suggest setting it using "./build set modsecurity_ruleset ..." command :) Thank you!
 

lolfust1

Verified User
Joined
Oct 24, 2015
Messages
41
im using imunify360 but dont see on rule set imunify360 just comodo and OWASP
 

myH2Oservers

Verified User
Joined
Mar 13, 2006
Messages
235
Location
Netherlands
Out of curiosity: how is performance affected when running this on shared hosting (say 200 websites)? What are the experiences with the compatibility with regular CMS'es like Wordpress etc?
 

Wanabo

Verified User
Joined
Jan 19, 2013
Messages
167
Out of curiosity: how is performance affected when running this on shared hosting (say 200 websites)? What are the experiences with the compatibility with regular CMS'es like Wordpress etc?

Never checked the performance. I just installed modsecurity because I think it is a must have.
Compatibility is a problem though. In the beginning you need to monitor every "block" by modsecurity and evaluate if you will allow it or not. In case you want to allow it, you need to modify the owasp rules.

I've made some custom rules to for blocking bots.
 

M7Web

Verified User
Joined
Jul 13, 2019
Messages
95
Out of curiosity: how is performance affected when running this on shared hosting (say 200 websites)? What are the experiences with the compatibility with regular CMS'es like Wordpress etc?
I have the same question
 
Top