Nginx: [emerg] "modsecurity" directive is not allowed here.

[JeffCleverley]

Is it possible to only run modsecurity rules when a request skips fastcgi_cache.

When a request is served a static cached file, I'd like it to skip modsec.

I have tried doing something evil and putting modsecurity directives inside ifs, but it isn't allowed.

location ~ \.php$ {
    if ($skip_cache) {
        modsecurity_rules_file mod_security_file;
    }
}

I really would prefer not to run varnish or nginx as a cached reverse proxy infront of nginx with modsec.

Or am i just being stupid again :D

[zimmerle]

Hi @JeffCleverley,

I am not sure what exactly are you trying to achieve. However, if you are interested in partially inspect the request you may want to configure your nginx with different hosts: one considering ModSecurity and another one, not considering.

[JeffCleverley]

I am wanting to put modsecurity behind caching, as per

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-performance-recommendations/

I don't use varnish.

I have instead configured Nginx as a reverse proxy with caching up front, and ngxinx with modsec enabled upstream.