nginx Modsecurity Rules Dynamic Filter For Specific vhost

38 views
Skip to first unread message

Hadi Abbasi

unread,
May 13, 2019, 5:16:10 AM5/13/19
to openresty-en
Hey Guys...

I'm developing a proxy server by having some different vhosts using openresty!
I'm looking for a way to filter some specific modsecurity rules for each vhost,
but I think nginx can't support filtering modsec rules for each vhost!
because I've seen we can just add all of our rules inside nginx.conf,
and I think there isn't any command to filter and set some of these rules for specific vhosts!

in other words, if I set:

modsecurity on;
modsecurity_rules_file   my_rule_01
.conf;
modsecurity_rules_file   my_rule_02
.conf;
modsecurity_rules_file   my_rule_03
.conf;

so it will apply all of these rules for all of proxy upstreams and if I want to apply just my_rule_02.conf to host number 10, there isn't any way to do that!

Am I Right?

zhoucj

unread,
May 13, 2019, 6:07:42 AM5/13/19
to Hadi Abbasi, openresty-en
you can try naxsi, which likely modsecurity, i know this module can apply rule in specific location。
--
You received this message because you are subscribed to the Google Groups "openresty-en" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openresty-en...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openresty-en/4c65fb34-482f-492e-af0f-69ac116a5ebe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hadi Abbasi

unread,
May 13, 2019, 8:43:04 AM5/13/19
to openresty-en
Thanks a lot...I will try it...
but did you mean, nginx can't support filtering modsec rules for separated proxy hosts?
can I be sure not to use modsec in nginx and to use naxsi as Waf Layer for my requirements?
I wanna let the admins of customer hosts (in my proxy server) to select waf rules for their hosts, then my proxy api must check their hosts just on selected rules!
thanks a lot...
Best,
Hadi
Reply all
Reply to author
Forward
0 new messages