Description
Site running joomla 3.9
In modsecurity.conf disabled engine to see where the issue is
#SecRuleEngine On
SecRuleEngine Off
Using modsecurity-3.conf-recommended w/o any change except the above and SecDebugLog
Version:
2025/02/03 04:33:09 [notice] 2074355#2074355: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/49/0)
2025/02/03 04:33:09 [notice] 2074355#2074355: libmodsecurity3 version 3.0.13
Activated debug log for modsecurity
SecDebugLog /var/log/nginx/modsecurity_debug.log
SecDebugLogLevel 4
Can't see in the log any error or hint of a "block" action
In nginx.conf
. . .
location ~* ^.*{
limit_req zone=speedbump_req burst=20;
limit_conn speedbump_conn 10;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity.conf;
proxy_cache nginx_cache;
. . .
With modsecurity off or commented out
With modsecurity on
nginx build
configure arguments: --build=welcome
--prefix=/usr/share/nginx-1.26.2
--sbin-path=/usr/sbin/nginx-1.26.2
--modules-path=/usr/lib64/nginx-1.26.2/modules
--conf-path=/etc/ng inx-1.26.2/nginx-1.26.2.conf
--error-log-path=/var/log/nginx-1.26.2/error.log
--http-log-path=/var/log/nginx-1.26.2/access.log
--http-client-body-temp-path=/var/lib/nginx- 1.26.2/tmp/client_body
--http-proxy-temp-path=/var/lib/nginx-1.26.2/tmp/proxy
--http-fastcgi-temp-path=/var/lib/nginx-1.26.2/tmp/fastcgi
--http-uwsgi-temp-path=/var/lib/nginx-1.26.2/tmp/uwsgi
--http-scgi-temp-path=/var/lib/nginx-1.26.2/tmp/scgi
--pid-path=/var/run/nginx.pid
--lock-path=/var/lock/subsys/nginx-1.26.2
--user=nginx
--group=nginx
...
--with-stream=dynamic
--with-stream_ssl_module
--with-compat
--add-dynamic-module=/var/www/data/packages/ModSecurity-nginx
modsecurity_debug.log:
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Development
Participants
Activity
airween commentedon Feb 3, 2025
Hi @debugnetiq1,
do you use latest stable ModSecurity-nginx connector (from here) or you cloned from Github with the current state? If you use the current GH state, probably you ran into this issue.
debugnetiq1 commentedon Feb 3, 2025
Ubuntu 24.01 x64 with latest modsecurity-nginx 1.0.3 (which seems broken - similar issue reported in the link)
Then what's the working recipe? Which versions should be relied upon?
Thanks
https://otland.net/threads/how-to-build-nginx-from-source-and-optimize-it-for-security-and-performance-including-tls.288892/
https://sys-ops.id/install-owasp-modsecurity-with-nginx-on-ubuntu-2404/
git clone https://github.com/owasp-modsecurity/ModSecurity.git
cd ModSecurity
git submodule init && git submodule update
./build.sh
./configure
make && make install
nginx connector for mod-security:
cd /var/www/data/packages/
git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
In the logs
2025/02/03 04:33:09 [notice] 2074355#2074355: ModSecurity-nginx v1.0.3 (rules loaded inline/local/remote: 0/49/0)
2025/02/03 04:33:09 [notice] 2074355#2074355: libmodsecurity3 version 3.0.13
airween commentedon Feb 3, 2025
As I hinted in my previous comment you should use the latest stable release, grab it from here.
rejarevaldy commentedon Feb 4, 2025
I encountered the same issue as @debugnetiq1. After reinstalling the connector using the latest stable release here and following the steps below, ModSecurity started working correctly:
Steps to Resolve:
Download and Extract Nginx:
Download and Extract the ModSecurity Connector:
Compile Nginx with the ModSecurity Connector:
cd /tmp/rebuild/nginx-1.26.2 ./configure --with-compat --add-dynamic-module=/tmp/rebuild/modsecurity-nginx-v1.0.3 make sudo make installMove and Enable the Module:
airween commentedon Feb 12, 2025
Do we need to keep open this issue?
airween commentedon Feb 18, 2025
I'm going to close this issue. For the references, please take a look at PR's ModSecurity-nginx/344 (I mentioned that here) and also this one.