Atomicorp

Posted: **Tue Mar 31, 2015 2:50 am**

We've been using ASL on 5 servers for about a year and a half now. About a month and a half ago I found out that ASL was not active on the domains. After a lot of research on the forums and raising tickets it was concluded, by Scott on the forums, that something was missing from my installation of ASL.

Currently we have the server’s setup with the following configuration:

• CentOS 6.X 64-bit
• Plesk 12
• PHP 5.4
• NGINX 1.6 (as NON REVERSE PROXY / NON PROXY web server)
• PHP-FPM 5.4.39-45
• Memcached 1.4.22-4
• Varnish 4.0.2-3
• Percona 5.6

Multiple site are running on the same server, some with dedicated ip’s, others on shared ip’s.

The problem is WAF isn’t working on any of my sites because of the above configuration. We need to get WAF working with the above configuration as all the sites are open to attacks and all of them are high traffic websites.

Let us know if there is a way out and you can help us restore ASL on all the servers, else we’ll have to look for some other option.

Posted: **Tue Mar 31, 2015 10:08 am**

did you congifure the twaf to sit in front of nginx?

Posted: **Tue Mar 31, 2015 10:58 am**

Right the situation here is that nginx doesnt have a waf (yet, mod_security support for nginx is still buggy), and youre calling php-fpm it directly. You need to put some instance of apache in this mix to handle the WAF component, either as a proxy before nginx using a T-WAF, or between it and PHP using a downstream instance of apache.

Posted: **Wed Apr 08, 2015 1:58 am**

Is it possible to try ModSecurity v2.9? They claim it's a stable release for both Apache and Nginx.

Posted: **Wed Apr 08, 2015 6:58 am**

Sure, it will be in the next ASL release: 4.0.11 (Milton)

Posted: **Wed Apr 08, 2015 10:16 am**

Quick question, nginx -V doesn't show that it has mod_security loaded. How can I load mod_security?

Code: Select all

nginx version: nginx/1.6.0
TLS SNI support enabled
configure arguments: --prefix=/usr/share --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --user=nginx --group=nginx --with-ipv6 --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_dav_module --with-http_gzip_static_module --with-http_stub_status_module

Posted: **Wed Apr 08, 2015 10:22 am**

You need to recompile it with the mod_security library added in

Posted: **Wed Apr 08, 2015 10:32 am**

Apologies for the noob question. So it's safe to download the source from mod_securities site and compile via it's source?

Atomicorp

WAF / TWAF issues with PHP-FPM (NGINX)

WAF / TWAF issues with PHP-FPM (NGINX)

Re: WAF / TWAF issues with PHP-FPM (NGINX)

Re: WAF / TWAF issues with PHP-FPM (NGINX)

Re: WAF / TWAF issues with PHP-FPM (NGINX)

Re: WAF / TWAF issues with PHP-FPM (NGINX)

Re: WAF / TWAF issues with PHP-FPM (NGINX)

Re: WAF / TWAF issues with PHP-FPM (NGINX)

Re: WAF / TWAF issues with PHP-FPM (NGINX)