Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Nginx + modsecurity - Only Warnings in log file
See original GitHub issue_Issue originally created by user vikas027 on date 2017-05-15 09:49:31. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/777._
Hey, I am noob in configuring ModSecurity. Following this tutorial, I have configured nginx v1.13.0 with ModSecuriy v2.9.1 and OWASP v3.0.2.
It seems to be configured well as I can see warnings for issues in ModSecurity Audit file, but I am not sure how to block threats. I have tried placing below line in /etc/nginx/modsec/modsecurity.conf and /etc/nginx/modsec/main.conf in vain.
SecDefaultAction "phase:2,log,auditlog,deny,status:403,tag:'SLA 24/7'"
Also, I do have SecRuleEngine On in my modsecurity.conf
Not sure, what I am missing. 😦
Issue Analytics
- State:
- Created 3 years ago
- Comments:12
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
User dune73 commented on date 2017-05-16 04:24:44:
Great to hear it worked for you. Good luck with CRS!
User dune73 commented on date 2017-05-15 12:44:38:
OK. It looks like a bug. Thank you for your cooperation (and reporting this in the first place). Will be back.