nginx Modsecurity Rules Dynamic Filter For Specific vhost

[Hadi Abbasi]

Hey Guys...

I'm developing a proxy server by having some different vhosts using openresty!
I'm looking for a way to filter some specific modsecurity rules for each vhost,
but I think nginx can't support filtering modsec rules for each vhost!
because I've seen we can just add all of our rules inside nginx.conf,
and I think there isn't any command to filter and set some of these rules for specific vhosts!

in other words, if I set:

modsecurity on;
modsecurity_rules_file   my_rule_01.conf;
modsecurity_rules_file   my_rule_02.conf;
modsecurity_rules_file   my_rule_03.conf;

so it will apply all of these rules for all of proxy upstreams and if I want to apply just my_rule_02.conf to host number 10, there isn't any way to do that!

Am I Right?

[zhoucj]

you can try naxsi, which likely modsecurity, i know this module can apply rule in specific location。

--
You received this message because you are subscribed to the Google Groups "openresty-en" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openresty-en...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openresty-en/4c65fb34-482f-492e-af0f-69ac116a5ebe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Hadi Abbasi]

Thanks a lot...I will try it...
but did you mean, nginx can't support filtering modsec rules for separated proxy hosts?
can I be sure not to use modsec in nginx and to use naxsi as Waf Layer for my requirements?
I wanna let the admins of customer hosts (in my proxy server) to select waf rules for their hosts, then my proxy api must check their hosts just on selected rules!
thanks a lot...
Best,
Hadi