I use nginx with modsecurity and php-fpm on my web server.
I use OWASP ModSecurity Core Rule Set.
I'm trying to use some specific rules for one php file (contact.php)
Here is my nginx config:
location /contact.php {
ModSecurityEnabled on;
ModSecurityConfig ../owasp-modsecurity-crs/modsecurity_rule1.conf; # Specific rules for this file
}
location ~ \.php$ {
root /home/user/public_html;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
ModSecurityEnabled on;
ModSecurityConfig ../owasp-modsecurity-crs/modsecurity.conf;
}
When I run with this config I get "500 Internal Server Error"
And this error in the php-fpm 's error.log file:
2015/01/28 05:43:01 [alert] 1395#0: *1 no upstream configuration, client: IPAdress, server: example.com, request: "POST /contact.php HTTP/1.1", host: "www.example.com", referrer: "https://www.example.com/"
I guess there is a confusion with the two "location" blocks.
How to figure this out?
location /contact.php has no upstream configured. You must copy-paste all remaining directives from second location
or if you want to keep it DRY maybe this will work:
http {
map $request_uri $mod_sec_config {
/contact.php modsecurity_rule1.conf;
default modsecurity.conf;
}
}
.....
location ~ \.php$ {
root /home/user/public_html;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
ModSecurityEnabled on;
ModSecurityConfig ../owasp-modsecurity-crs/$mod_seq_config;
}
Not sure if this will work though, and according to nginx authors copy-paste is the right way of writing configs
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.