http-modsecurity #
The ModSecurity-nginx connector — bridges nginx to libmodsecurity v3 so OWASP CRS and custom WAF rules run as a dynamic module.
Source: upstream source
Directives
modsecurity #
syntax: modsecurity on | off (on/off flag); · context: http, server, location
It adds four new directives and they are: modsecurity ----------- syntax: modsecurity on | off context: http, server, location default: off Turns on or off ModSecurity functionality.
modsecurity_rules #
syntax: modsecurity_rules 1 arg; · context: http, server, location
It also specifies the key that will be used to authenticate to that server: modsecurity_rules ----------------- syntax: modsecurity_rules <modsecurity rule> context: http, server, location default: no Allows for the direct inclusion of a ModSecurity rule into the nginx configuration.
modsecurity_rules_file #
syntax: modsecurity_rules_file 1 arg; · context: http, server, location
Specifies the location of a ModSecurity configuration file to load.
modsecurity_rules_remote #
syntax: modsecurity_rules_remote 2 args; · context: http, server, location
Downloads a ModSecurity configuration file from a remote URL using a given authentication key.
modsecurity_transaction_id #
syntax: modsecurity_transaction_id 1+ args; · context: http, server, location
The following example is loading rules from a file and injecting specific configurations per directory/alias: modsecurity_transaction_id -------------------------- syntax: modsecurity_transaction_id string context: http, server, location default: no Allows to pass transaction ID from nginx instead of generating it in the library.
modsecurity_use_error_log #
syntax: modsecurity_use_error_log on | off (on/off flag); · context: http, server, location
String can contain variables. modsecurity_use_error_log ----------- syntax: modsecurity_use_error_log on | off context: http, server, location default: on Turns on or off ModSecurity error log functionality. # Contributing As an open source project we invite (and encourage) anyone from the community to contribute to our project.
Example
server {
modsecurity on;
location / {
root /var/www/html;
modsecurity_rules_file /etc/my_modsecurity_rules.conf;
}
location /ops {
root /var/www/html/opts;
modsecurity_rules '
SecRuleEngine On
SecDebugLog /tmp/modsec_debug.log
SecDebugLogLevel 9
SecRuleRemoveById 10
';
}
}