modsecurity problem with nginx_apache and Gzip

steven.ray

New member
Joined
May 27, 2016
Messages
1
hi dear friends

i use CB2.0 and Nginx_apache reverse web server .

i install modsecurity in modsecurity_ruleset=comodo

but i have problem with cache and gzip and somethings else .


after install modsecurity , gzip and cache have problem in my sites .


in audit log i see this :

Code:
--2d583b76-H--
Message: Access denied with code 406 (phase 2). Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\
xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){8,}" at REQUEST_COOKIES:wp-settings-1. [file "/etc/modsecurity.d/modsecurity_crs_41_sq
l_injection_attacks.conf"] [line "157"] [B][id "981172"][/B] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of spec
ial characters exceeded"] [data "Matched Data: & found within REQUEST_COOKIES:wp-settings-1: editor=tinymce&edit_element_vcUIPanelWidth=
784&edit_element_vcUIPanelLeft=297px&edit_element_vcUIPanelTop=92px&libraryContent=browse&hidetb=1&urlbutton=none&imgsize=full&align=cen
ter"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [[B]tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION[/B]"]
Action: Intercepted (phase 2)
Apache-Handler: IIS






but i cant find id : 981172 in catalog in direct admin WAF panel .


please help me how i can solve this problem
 
i confirm gzip on apache_nginx doesn't work
gzip conflict with mod_security in nginx

How to fix this ?
 
i already use.

apache 2.4.23
nginx/1.10.1

Current rules version 1.102
CWAF plugin version 2.18.1
Web Platform Nginx
Nginx version 1.10.1

Test with mod_security
[root@ns1-15 custombuild]# curl -H "Accept-Encoding: gzip" -I http://xxx.com/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2016 10:02:59 GMT
Content-Length: 6426
Last-Modified: Mon, 20 Aug 2012 12:33:05 GMT
Connection: close
ETag: "50322e81-191a"
Content-Type: text/css
Content-Length: 6426
Last-Modified: Mon, 20 Aug 2012 12:33:05 GMT
Connection: close
Server: Protected by COMODO WAF
Accept-Ranges: bytes


Test without mod_security

vi /etc/nginx/nginx.conf
#include /etc/nginx/nginx-modsecurity-enable.conf;

curl -H "Accept-Encoding: gzip" -I http://xxx.com/style.css
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 24 Nov 2016 10:02:26 GMT
Content-Type: text/css
Last-Modified: Mon, 20 Aug 2012 12:33:05 GMT
Connection: close
Vary: Accept-Encoding
ETag: W/"50322e81-191a"
Expires: Thu, 08 Dec 2016 10:02:26 GMT
Cache-Control: max-age=1209600
Content-Encoding: gzip
 
i have same issue

i have same issue with nginx_apche + mode security + gzip

what's solution for this issue ?

anybody can help me !?



i already use.

apache 2.4.23
nginx/1.10.1

Current rules version 1.102
CWAF plugin version 2.18.1
Web Platform Nginx
Nginx version 1.10.1

Test with mod_security



Test without mod_security

vi /etc/nginx/nginx.conf
#include /etc/nginx/nginx-modsecurity-enable.conf;
 
Back
Top