Hello Ehsan, Christian and Michael
thank you for your replies. So I will try use of nginx connector module.
Best Regards
Matej Zuzcak
Dňa 1.12.2016 o 10:53 Ehsan Mahdavi napísal(a):
> Dear Christian
> It isn't very odd to me if Matej uses Nginx with Modsec V2.x.
>
> As an experienced Nginx + Modsec V2.x(nginx_refactoring) user, it
> looks like to a known bug. While using nginx+modsecV2.x in reverse
> proxy mode (which is not the case for Matej) we have the very same
> issue for some post requests.
> I can refer you to these links:
>
> http://permalink.gmane.org/gmane.comp.apache.mod-security.user/12502
> <http://permalink.gmane.org/gmane.comp.apache.mod-security.user/12502>
> https://github.com/SpiderLabs/ModSecurity/issues/115
> <https://github.com/SpiderLabs/ModSecurity/issues/115>
> https://github.com/SpiderLabs/ModSecurity/issues/582
> <https://github.com/SpiderLabs/ModSecurity/issues/582>
> https://github.com/SpiderLabs/ModSecurity/issues/664
> <https://github.com/SpiderLabs/ModSecurity/issues/664>
> https://github.com/SpiderLabs/ModSecurity/issues/748
> <https://github.com/SpiderLabs/ModSecurity/issues/748>
>
>
> All complaining about this problem and no one takes the responsibility.
> The only way is to disable modsec for the requested uri and wait for
> the community to release modsec V3.0 or higher and hope that this bug
> will be fixed.
>
> Meantime he/she might find ctl:ruleEngine=off
> <https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ctl> useful.
>
> Br. Ehsan
>
> On Thu, Dec 1, 2016 at 11:56 AM, Christian Folini
> <christian.fol...@netnea.com <mailto:christian.fol...@netnea.com>> wrote:
>
> Hello Matej,
>
> I had hoped somebody with an NginX could shed some light on this. But
> apparently not.
>
> It is very odd. Your server says he can not open a certain file
> (does it exist? permissions ok?) but then it seems that ModSec
> influences the behaviour of the server down to opening files.
> And that sounds quite crazy.
>
> On Mon, Nov 28, 2016 at 11:59:56AM +0100, Matej Zuzčák wrote:
> > OWASP rule set. But when I active ModSecurity in my virtual host
> config
> > file for my Drupal 7 web I do not login, register or reset
> password with
> > this error in log:
>
> You English is a bit hard to understand here. Could you rephrase,
> please?
>
> > I found some solutions for Apache web server (these solutions use
> > modifications of htaccess file), but not for Nginx.
>
> What was the problem with Apache exactly and what did you modify in
> the .htaccess file to make it go away?
>
> Cheers,
>
> Christian
>
>
> --
> https://www.feistyduck.com/training/modsecurity-training-course
> <https://www.feistyduck.com/training/modsecurity-training-course>
> mailto:christian.fol...@netnea.com
> <mailto:christian.fol...@netnea.com>
> twitter: @ChrFolini
> ___
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> <mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
> <https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set>
>
>
>
>
>
> ___
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
___
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set