Hello Andrei, thank you for your reply. I found that it is know bug if ModSecurity works in reverse proxy mode. So I will try use special nginx connector module as you say.
Best Regrads Matej Zuzcak Dňa 1.12.2016 o 10:13 Andrei Belov napísal(a): > Hi Matej, > >> On 29 Nov 2016, at 11:08, Matej Zuzčák <mzuz...@secit.sk> wrote: >> >> Hello all, >> >> I have installed Drupal 7 on latest version of Nginx web server which >> was compiled with support of ModSecurity module. I have activated core >> OWASP rule set. But when I active ModSecurity in my virtual host config >> file for my Drupal 7 web I do not login, register or reset password with >> this error in log: >> >> [error] 11158#0: *1 open() "/var/www/MY_WEBSITE/node" failed (2: No such >> file or directory), client: IP, server: MY_SERVER, request: "POST >> /node?destination=node HTTP/1.1", host: "MY_WEBSITE", referrer: >> "http://MY_WEBSITE/"; >> >> And client gets 404 error page. >> >> I applied these practices >> https://geekflare.com/modsecurity-owasp-core-rule-set-nginx/ and >> https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/ >> >> When I change SecRuleEngine from "On" to "DetectionOnly" result is the >> same, For correct operation I have to "switch off" ModSecurity in >> virtual host config for domain. >> >> So please have you any advices for solving this problem? > What version of ModSecurity are you using with nginx? > > ModSecurity 2.x with its "standalone" mode is somewhat outdated. > > Currently there are libmodsecurity (aka ModSecurity 3.x) project [1] and > special nginx connector module [2] > that should be used instead. > > Also it is a good idea to report ModSecurity related issues to the > corresponding github projects. > > > [1] https://github.com/SpiderLabs/ModSecurity/tree/v3/master > [2] https://github.com/SpiderLabs/ModSecurity-nginx/tree/master > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
