Welcome! Log In Create A New Profile

Advanced

Re: Help with nginx.conf

All files from this thread

File Name File Size   Posted by Date  
image.png 302.2 KB open | download Gus Flowers Starkiller 11/11/2022 Read message
image.png 302.2 KB open | download Jeremy Cocks via nginx 11/11/2022 Read message
November 11, 2022 10:50PM
On Fri, Nov 11, 2022 at 1:43 PM Gus Flowers Starkiller <
relectgustfs@gmail.com> wrote:
>
> Hi ! Thanks a lot for your explanation ! Well I've installed some Nginx
servers all cases like configured like Proxy Reverse, But, at first I
installed Nginx from pages different from Nginx.org but the source were get
from nginx too (i think) and cases like nginx.conf is happening, different
files with ngonx.org and other sources and for example that directories
like sites-available and sites-enabled are missing after installation:
> e.g. /etc/nginx/sites-available and /etc/nginx/sites-enabled are not in
installation from nginx.org and as you say I could configure them to my own
target, but in these cases I must install Nginx + ModSecurity + OWASP (CRS)
because we must have the most security network with web pages to publicate.
> So, is there any configuration that you could recommend me?
> Another point too, I read the book about Nginx+Modsecurity from these book
>
> And I couldn't find in which directories of linux is installed Nginx, in
my cases Nginx and OWASP is in /usr/local/src but in the moment where I
must compile Nginx there is error about module
> "./configure: error: ngx_http_modsecurity_module requires the ModSecurity
library."
>
> Well I hope all these words don't disturb you at all, please sorry and
any word you can tell me about this, I will be so grateful. Thanks a lot,
greetings from Argentina.

One comment about this:

I must install Nginx + ModSecurity + OWASP (CRS) because we
must have the most security network with web pages to
publicate...

I help run a website and wiki. CRS was too aggressive in practice, and it
broke the wiki. We could not submit page edits. So we used modsecurity, but
we dropped the CRS gear.

Modsecurity alone will still provide basic protections, like MIME types,
some request protections, some header protection, some body protection,
some memory limits, etc. (See /etc/modsecurity/modsecurity.conf for the
details).

Here's what it looks like under Apache:

# cat /etc/apache2/mods-enabled/security2.conf
<IfModule security2_module>
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity

# Include all the *.conf files in /etc/modsecurity.
IncludeOptional /etc/modsecurity/*.conf

# Include OWASP ModSecurity CRS rules if installed
# IncludeOptional /usr/share/modsecurity-crs/*.load
</IfModule>

I don't think I've ever run ModSecurity with Nginx, so I am not sure what
the configuration would look like.

This does not help you with Nginx, but here are the relevant packages for
Apache2:

# apt-cache search modsecurity
libapache2-mod-security2 - Tighten web applications security for Apache
libmodsecurity-dev - ModSecurity v3 library component (development files)
libmodsecurity3 - ModSecurity v3 library component
modsecurity-crs - OWASP ModSecurity Core Rule Set

'modsecurity-crs' is what we avoided due to the wiki. It is no longer
installed.

Jeff
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org
Subject Author Posted

Help with nginx.conf

Gus Flowers Starkiller November 11, 2022 12:30PM

RE: Help with nginx.conf

Reinis Rozitis November 11, 2022 01:08PM

Re: Help with nginx.conf Attachments

Gus Flowers Starkiller November 11, 2022 01:42PM

Re: Help with nginx.conf Attachments

Jeremy Cocks via nginx November 11, 2022 08:54PM

Re: Help with nginx.conf

noloader November 11, 2022 10:50PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 63
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready