Hi Felipe > Felipe Zimmerle <fel...@zimmerle.org> [2016-01-11 17:12]: > > On Sun, Jan 10, 2016 at 11:05 AM Lukas <l...@ymx.ch> wrote: > > > I found that recommendation. Since I also read that it would not be > > fully compatible with OWASP/CRS I have not given it a try. > > > > What is the situation regrading OWASP/CRS? > > > > Currently there are three different versions of ModSecurity for nginx: > > - Version 2.9.0: That is the last released version, I think that is the one > that you are using. > - nginx_refactoring: That version contains some fixes on the top of v2.9.0, > but those fixes may lead to instabilities depending on your configuration. > - ModSecurity-connector: That is something that still under development and > we have some work to do, to be exactly: > > https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20documentation > https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20features > https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20operators > https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20transformation > https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20variables > > Only use the ModSecurity-connector if you understands well the ModSecurity > rules and the consequences of the missing pieces. > > Further information about libModSecurity can be found here: > http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html > or: > https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/ >
Thanks for pointing this out. What worries me a "little bit" is that nginx started crashing with an Out-of-Memory Exception when ModSecurity 2.9.0 with OWASP/CRS was activated. Have others experienced similar problems? Isn't there at least a run-time control in nginx that kills subprocesses like ModSecurity as soon as they start overconsuming resources/execution time? Thanks. wbr Lukas _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
