nginx Modsecurity Rules Dynamic Filter For Specific vhost

hadi.abbasi.programmer · 2019-05-13T17:16:10+00:00

second note: the popup was called fastbestmaintenanceappclicks.icu. hope that helps.

nginx Modsecurity Rules Dynamic Filter For Specific vhost

hadi.abbasi.programmer

Hey Guys...

I'm developing a proxy server by having some different vhosts using openresty!
I'm looking for a way to filter some specific modsecurity rules for each vhost,
but I think nginx can't support filtering modsec rules for each vhost!
because I've seen we can just add all of our rules inside nginx.conf,
and I think there isn't any command to filter and set some of these rules for specific vhosts!

in other words, if I set:

modsecurity on;
modsecurity_rules_file   my_rule_01.conf;
modsecurity_rules_file   my_rule_02.conf;
modsecurity_rules_file   my_rule_03.conf;

so it will apply all of these rules for all of proxy upstreams and if I want to apply just my_rule_02.conf to host number 10, there isn't any way to do that!

Am I Right?

juzipeek

you can try naxsi, which likely modsecurity, i know this module can apply rule in specific location。

On 一, 2019-05-13 at 02:16 -0700, Hadi Abbasi wrote:

Hey Guys...

I'm developing a proxy server by having some different vhosts using openresty!
I'm looking for a way to filter some specific modsecurity rules for each vhost,
but I think nginx can't support filtering modsec rules for each vhost!
because I've seen we can just add all of our rules inside nginx.conf,
and I think there isn't any command to filter and set some of these rules for specific vhosts!

in other words, if I set:

modsecurity on; modsecurity_rules_file my_rule_01.conf; modsecurity_rules_file my_rule_02.conf; modsecurity_rules_file my_rule_03.conf;

so it will apply all of these rules for all of proxy upstreams and if I want to apply just my_rule_02.conf to host number 10, there isn't any way to do that!

Am I Right?

.

hadi.abbasi.programmer

Thanks a lot...I will try it...
but did you mean, nginx can't support filtering modsec rules for separated proxy hosts?
can I be sure not to use modsec in nginx and to use naxsi as Waf Layer for my requirements?
I wanna let the admins of customer hosts (in my proxy server) to select waf rules for their hosts, then my proxy api must check their hosts just on selected rules!
thanks a lot...
Best,
Hadi

On Monday, May 13, 2019 at 2:37:42 PM UTC+4:30, zhoucj wrote:

you can try naxsi, which likely modsecurity, i know this module can apply rule in specific location。