Hello Ehsan, Christian and Michael thank you for your replies. So I will try use of nginx connector module.
Best Regards Matej Zuzcak Dňa 1.12.2016 o 10:53 Ehsan Mahdavi napísal(a): > Dear Christian > It isn't very odd to me if Matej uses Nginx with Modsec V2.x. > > As an experienced Nginx + Modsec V2.x(nginx_refactoring) user, it > looks like to a known bug. While using nginx+modsecV2.x in reverse > proxy mode (which is not the case for Matej) we have the very same > issue for some post requests. > I can refer you to these links: > > http://permalink.gmane.org/gmane.comp.apache.mod-security.user/12502 > <http://permalink.gmane.org/gmane.comp.apache.mod-security.user/12502> > https://github.com/SpiderLabs/ModSecurity/issues/115 > <https://github.com/SpiderLabs/ModSecurity/issues/115> > https://github.com/SpiderLabs/ModSecurity/issues/582 > <https://github.com/SpiderLabs/ModSecurity/issues/582> > https://github.com/SpiderLabs/ModSecurity/issues/664 > <https://github.com/SpiderLabs/ModSecurity/issues/664> > https://github.com/SpiderLabs/ModSecurity/issues/748 > <https://github.com/SpiderLabs/ModSecurity/issues/748> > > > All complaining about this problem and no one takes the responsibility. > The only way is to disable modsec for the requested uri and wait for > the community to release modsec V3.0 or higher and hope that this bug > will be fixed. > > Meantime he/she might find ctl:ruleEngine=off > <https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#ctl> useful. > > Br. Ehsan > > On Thu, Dec 1, 2016 at 11:56 AM, Christian Folini > <christian.fol...@netnea.com <mailto:christian.fol...@netnea.com>> wrote: > > Hello Matej, > > I had hoped somebody with an NginX could shed some light on this. But > apparently not. > > It is very odd. Your server says he can not open a certain file > (does it exist? permissions ok?) but then it seems that ModSec > influences the behaviour of the server down to opening files. > And that sounds quite crazy. > > On Mon, Nov 28, 2016 at 11:59:56AM +0100, Matej Zuzčák wrote: > > OWASP rule set. But when I active ModSecurity in my virtual host > config > > file for my Drupal 7 web I do not login, register or reset > password with > > this error in log: > > You English is a bit hard to understand here. Could you rephrase, > please? > > > I found some solutions for Apache web server (these solutions use > > modifications of htaccess file), but not for Nginx. > > What was the problem with Apache exactly and what did you modify in > the .htaccess file to make it go away? > > Cheers, > > Christian > > > -- > https://www.feistyduck.com/training/modsecurity-training-course > <https://www.feistyduck.com/training/modsecurity-training-course> > mailto:christian.fol...@netnea.com > <mailto:christian.fol...@netnea.com> > twitter: @ChrFolini > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > <mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > <https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set> > > > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set