Hi,
First of all, I have never used lua!!!
I have a problem using
Modsecurity with
Nginx, and someone suggested that the lua can help. So am sending this email, may some one please help.
While using nginx as a reverse proxy with modsecurity to harden the security of a bunch of web sites, according to
here modsecurity consumes cpu and makes intolerable delays when a client attempts to download a large file. There is still no stable remedy for this.
The modsecurity module for nginx is enabled using this directive: ModSecurity On.
Am wondering if it is possible to check upstream response length (may be with nginx $upstream_response_length variable ) and disable this module for such responses.
Someone
here suggested that I might be able to do so using lua.
Is it possible to disable modsecurity (Like ModSecurity Off ) after checking the mentioned variable? If not, what about discarding any nginx processes after checking this variable and continue sending the file to the clients?
BEST REGARDS
![]()