Modsecurity with nginx_apache (both apache and nginx including the rules)

drukpa

Verified User
Joined
Aug 30, 2019
Messages
12
Successfully completed a nginx_apache setup and am trying to setup some custom modsecurity rules for Wordpress.

However, I have noticed that both nginx and apache have modsecurity in their configurations (Both httpd and nginx has the /etc/modsecurity.d/*.conf in their configuration).
My custom rule uses the <LocationMatch> rule which is only supported on Apache. So, when I do a ./build rewrite_confs after adding the rule, nginx fails to start.

Kinda confused how this works. Is it necessary for both nginx and apache to process the same rules? Can I skip nginx from processing the rules and let apache handle it?
 

chrismfz

Verified User
Joined
Jul 3, 2019
Messages
16
Any way to make them work on Apache instead of nginx and retain that on builds / updates / rewrite_confs ?

I used a custombuild custom modsecurity conf folder with my custom .conf for mod security.
It's retained, but when switching to nginx_apache nginx dies for the same reason.
I got lots of rules that's apache specific.
 
Top