Hi guys,
As of july 2015 getting modsecurity production ready for nginx is very hard. Atomic is providing experimental rules for NGINX and they seems to work oke.
If I understand correct modsecurity 3.0 will be renamed to libmodsecurity (https://github.com/SpiderLabs/ModSecuri ... odsecurity) and every webserver is getting it's own connecter talking to this library. I think this is the way to go, because modsecurity is to much build upon Apache now and it's to bloated when using a non apache server.
I don't know about rules compatibility but will Atomicorp start publishing rules for libmodsecurity if it reaches a point so that libmodsecurity is usable?
Just curious
- Gerwin
Feature plans regarding libmodsecurity and nginx connector
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Feature plans regarding libmodsecurity and nginx connect
The rule language doesnt change with this, so it doesn't impact that so much as change some behind the scenes architecture. It looks like this will be more of a packaging thing than a rules thing to me.