http-modsecurity #

The ModSecurity-nginx connector — bridges nginx to libmodsecurity v3 so OWASP CRS and custom WAF rules run as a dynamic module.

Source: upstream source

Directives

modsecurity #

syntax: modsecurity on | off (on/off flag);  ·  context: http, server, location

It adds four new directives and they are: modsecurity ----------- syntax: modsecurity on | off context: http, server, location default: off Turns on or off ModSecurity functionality.

modsecurity_rules #

syntax: modsecurity_rules 1 arg;  ·  context: http, server, location

It also specifies the key that will be used to authenticate to that server: modsecurity_rules ----------------- syntax: modsecurity_rules <modsecurity rule> context: http, server, location default: no Allows for the direct inclusion of a ModSecurity rule into the nginx configuration.

modsecurity_rules_file #

syntax: modsecurity_rules_file 1 arg;  ·  context: http, server, location

Specifies the location of a ModSecurity configuration file to load.

modsecurity_rules_remote #

syntax: modsecurity_rules_remote 2 args;  ·  context: http, server, location

Downloads a ModSecurity configuration file from a remote URL using a given authentication key.

modsecurity_transaction_id #

syntax: modsecurity_transaction_id 1+ args;  ·  context: http, server, location

The following example is loading rules from a file and injecting specific configurations per directory/alias: modsecurity_transaction_id -------------------------- syntax: modsecurity_transaction_id string context: http, server, location default: no Allows to pass transaction ID from nginx instead of generating it in the library.

modsecurity_use_error_log #

syntax: modsecurity_use_error_log on | off (on/off flag);  ·  context: http, server, location

String can contain variables. modsecurity_use_error_log ----------- syntax: modsecurity_use_error_log on | off context: http, server, location default: on Turns on or off ModSecurity error log functionality. # Contributing As an open source project we invite (and encourage) anyone from the community to contribute to our project.

Example

server {
    modsecurity on;
    location / {
        root /var/www/html;
        modsecurity_rules_file /etc/my_modsecurity_rules.conf;
    }
    location /ops {
        root /var/www/html/opts;
        modsecurity_rules '
          SecRuleEngine On
          SecDebugLog /tmp/modsec_debug.log
          SecDebugLogLevel 9
          SecRuleRemoveById 10
        ';
    }
}

↑ back to index