Dear Christian
It isn't very odd to me if Matej uses Nginx with Modsec V2.x.

As an experienced Nginx + Modsec V2.x(nginx_refactoring) user, it looks
like to a known bug. While using nginx+modsecV2.x in reverse proxy mode
(which is not the case for Matej) we have the very same issue for some post
requests.
I can refer you to these links:

http://permalink.gmane.org/gmane.comp.apache.mod-security.user/12502
https://github.com/SpiderLabs/ModSecurity/issues/115
https://github.com/SpiderLabs/ModSecurity/issues/582
https://github.com/SpiderLabs/ModSecurity/issues/664
https://github.com/SpiderLabs/ModSecurity/issues/748


All complaining about this problem and no one takes the responsibility.
The only way is to disable modsec for the requested uri and wait for the
community to release modsec V3.0 or higher and hope that this bug will be
fixed.

Meantime he/she might find ctl:ruleEngine=off
<https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ctl> useful
.

Br. Ehsan

On Thu, Dec 1, 2016 at 11:56 AM, Christian Folini <
christian.fol...@netnea.com> wrote:

> Hello Matej,
>
> I had hoped somebody with an NginX could shed some light on this. But
> apparently not.
>
> It is very odd. Your server says he can not open a certain file
> (does it exist? permissions ok?) but then it seems that ModSec
> influences the behaviour of the server down to opening files.
> And that sounds quite crazy.
>
> On Mon, Nov 28, 2016 at 11:59:56AM +0100, Matej Zuzčák wrote:
> > OWASP rule set. But when I active ModSecurity in my virtual host config
> > file for my Drupal 7 web I do not login, register or reset password with
> > this error in log:
>
> You English is a bit hard to understand here. Could you rephrase,
> please?
>
> > I found some solutions for Apache web server (these solutions use
> > modifications of htaccess file), but not for Nginx.
>
> What was the problem with Apache exactly and what did you modify in
> the .htaccess file to make it go away?
>
> Cheers,
>
> Christian
>
>
> --
> https://www.feistyduck.com/training/modsecurity-training-course
> mailto:christian.fol...@netnea.com
> twitter: @ChrFolini
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to