Closed vikas027 closed 3 years ago
Did you have it tested on a virtual host?
Hello @zimmerle ,
Thanks for looking this up.
I apply specific rules like this in an nginx vhost but not sure about how I should define SecRequestBodyLimit
.
modsecurity_rules '
SecRule REQUEST_URI "@beginsWith /" "id:1,pass,phase:1,skipAfter:END-RESPONSE-980-CORRELATION"
SecRule REQUEST_URI "@beginsWith /" "id:2,pass,phase:2,skipAfter:END-RESPONSE-980-CORRELATION"
';
Hi @vikas027 ,
I'm not sure if this helps, but you can include ModSecurity configuration directives in multiple nginx config blocks. You can set up multiple "server {" blocks (aka Virtual Hosts) and have different configuration items apply to each. You can also do this with "location {" blocks.
I just tried the following in my test setup and it seemed to accomplish what (I believe) you are asking about:
location ~ /path1 {
...
modsecurity_rules 'SecRequestBodyLimit 340';
}
location ~ /path2 {
...
modsecurity_rules 'SecRequestBodyLimit 335';
}
Thanks @martinhsv. That helps, I am closing his ticket.
Vikas
We have a parameter
SecRequestBodyLimit
in the modsec rules configuration file which can be updated to block payload beyond a certain size. This works well but is a global parameter.Is there a way to also define this value inside an nginx virtual host file? My use case is to not change the global parameter but only one virtual host.
My environment is
Anyone else faced a similar issue or use case?