Configurations style?

[drmuey]

The doc show NGINX style configuration.

but despite /etc/apache2/modules/mod_security3.so existing and LoadModule security3_module modules/mod_security3.so happening w/out error; this config:

<IfModule security3_module>
    SecAuditLog logs/modsec_audit.log
…

fails w/ Invalid command 'SecAuditLog', perhaps misspelled or defined by a module not included in the server configuration

So the question is, should the apache connector define SecAuditLog et al or is it really NGINX style like modsecurity_rules 'SecAuditLog logs/modsec_audit.log';?

[drmuey]

I see it is NGINX style for Apache too, that is going to take some extra work lol.

One thing that is not clear is this:

Apache and mod sec 2.9 we have a Proxymatch that contains:

<IfModule security2_module>
   SecRuleEngine Off
</IfModule>

If I want to so that w/ 3.0 would it be:

<IfModule security3_module>
   modsecurity_rules 'SecRuleEngine Off'
</IfModule>

or

<IfModule security3_module>
   modsecurity off
</IfModule>

[drmuey]

based on https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#SecRuleEngine and https://github.com/SpiderLabs/ModSecurity-apache#modsecurity I believe this should be modsecurity_rules 'SecRuleEngine Off'.

Can you confirm that that is correct @zimmerle ? thanks!

[zimmerle]

@drmuey as of now the rules needs to be specified in a external file (as it is on nginx). Remember that this connector is not yet ready for production.

The ifModule directive is not from ModSecurity but Apache's therefore should work for any module. The name for ModSecurity v3 module is security3_module.

[drmuey]

Thanks @zimmerle, sorry if that was unclear. I wasn’t asking about IfModule ;)

as of now the rules needs to be specified in a external file (as it is on nginx)

Are you saying only modsecurity_rules_file works and so modsecurity_rules 'SecRuleEngine Off' is not valid for apache and/or nginx connectors?

Update: moved question to #74