search

owasp-modsecurity / ModSecurity

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
https://www.modsecurity.org
Apache License 2.0
8.23k stars 1.61k forks source link

Nginx: unknown directive "SecRemoteRules" #1391

Closed dvershinin closed 7 years ago

dvershinin commented 7 years ago

I'm compiling nginx with ModSecurity from nginx_refactoring branch. During compilation / linking I see indication that remote rules are supported, e.g.:

cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g       -I/usr/include/apr-1       -I/usr/include/apr-1      -I/usr/include/httpd     -I/usr/include/libxml2          -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500  -DREQUEST_EARLY             -DWITH_APU_CRYPTO -DWITH_REMOTE_RULES                -I src/core -I src/event -I src/event/modules -I src/os/unix -I ../ModSecurity/nginx/modsecurity -I ../ModSecurity/nginx/modsecurity/../../standalone -I ../ModSecurity/nginx/modsecurity/../../apache2 -I objs \

However, when adding SecRemoteRules some-key https://www.yourserver.com/plain-text-rules.txt; nginx fails to start and I get in error.log: 

[emerg] unknown directive "SecRemoteRules" in /usr/local/nginx/conf/nginx.conf:45

It's been couple days of trying different configure options but nothing makes the error go away. I need:

Configure for ModSecurity was run like this:

./configure --enable-standalone-module

Relevant configure output below:

Checking platform... Identified as Linux
checking for libcurl config script... /usr/bin/curl-config
checking if libcurl is at least v... yes, 7.29.0
checking if libcurl is linked with gnutls... no
configure: using curl v7.29.0
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /usr/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script... /usr/bin/pcre-config
configure: using pcre v8.32
checking for libapr config script... /usr/bin/apr-1-config
configure: using apr v1.4.8
checking for libapu config script... /usr/bin/apu-1-config
configure: using apu v1.5.2
checking for libxml2 config script... /usr/bin/xml2-config
checking if libxml2 is at least v2.6.29... yes, 2.9.1
configure: using libxml2 v2.9.1
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for liblua config script... no
checking for lua install... no
configure: optional lua library not found
checking for libyajl config script... no
checking for yajl install... no
configure: optional yajl library not found
checking for ssdeep path... no
configure: optional ssdeep library not found
checking that generated files are newer than configure... done
zimmerle commented 7 years ago

Hi @dvershinin,

You need to have the SecRemoteRules inside a configuration file and that configuration file should be referenced at Nginx conf, using the command: ModSecurityConfig.

Another option is to use the ModSecurity-nginx connector - https://github.com/SpiderLabs/ModSecurity-nginx