Would like to integrate WAF functionality/capability with nginx. Has anyone tested the latest version of ModSecurity (2.7.0), which apparently has a module for nginx? Interested in any and all feedback and recommendations. Thanks, AJ
on 2012-09-13 17:29
on 2012-09-13 17:38
Am Thu, 13 Sep 2012 11:29:13 -0400 schrieb AJ Weber <aweber@comcast.net>: > Would like to integrate WAF functionality/capability with nginx. Has > anyone tested the latest version of ModSecurity (2.7.0), which > apparently has a module for nginx? > > Interested in any and all feedback and recommendations. Has anyone actually built that? I think it has only very recently been added to their repository on sf.net http://mod-security.svn.sourceforge.net/viewvc/mod... There's no "release" in the sense of a tarball - the announcement some time ago was a classic paper-launch IMO. I'd be more interested anyway to hear from users of naxi - and how it compares to mod_security...
on 2012-09-13 17:49
The tarball on their frontpage (modsecurity.org) apparently has it included now. From what I read it was originally in a separate sub-project or something. I'm all for hearing from naxi users too! Functionally, it appears that ModSecurity has many more options, but it's in RC, versus naxi that has been available for a while.
on 2012-09-13 23:42
Hello! On Thu, Sep 13, 2012 at 8:29 AM, AJ Weber <aweber@comcast.net> wrote: > Would like to integrate WAF functionality/capability with nginx. Has anyone > tested the latest version of ModSecurity (2.7.0), which apparently has a > module for nginx? > My colleague John Graham-Cumming has been working on a compiler that can compile a good number of ModSecurity rule configurations into Lua code that can be run atop ngx_lua [1]. We (CloudFlare) may opensource it at some point. Some (big) users of mine have been using ngx_lua to implement custom WAF in production and sent back good results. Some reported better performance with ngx_lua than both ModSecurity and Naxi, but I've not confirmed the result myself yet :) Best regards, -agentzh [1] http://wiki.nginx.org/HttpLuaModule
on 2012-09-25 03:47
May i ask where can i download the source of ngx_lua? Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,230705,231017#msg-231017
on 2012-09-25 08:41
On 2012-09-25 03:47, Listjj wrote: > May i ask where can i download the source of ngx_lua? Speaking of lua-nginx-module, it's hosted on GitHub https://github.com/chaoslawful/lua-nginx-module https://github.com/chaoslawful/lua-nginx-module/tags
on 2012-10-04 21:37
Hi, I recommend you to try use of modsecurity for NGINX, with some adaptions, the CRS (a set for modsecurity rules) working now with this module. Instructions: http://www.modsecurity.org/projects/modsecurity/ng... Regards, Alan
on 2012-10-04 21:59
My reservation is whether I need to compile it, and how. Can nginx use shared libraries or do I have to recompile that from source too? I think I would like to try it if someone can tell me the necessary steps (or goes ahead and builds it for centos 6). -Aaron
on 2012-10-04 23:33
Hi Aaron, In instructions have a step-by-step to package build, but you have more specific doubts about module, I recommend you to subscribe and ask in modsecurity-users list. But I think today modsecurity is a good and usual alternative for WAF in NGINX. Regards, Alan
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.