Discover Centmin Mod today
Register Now

Beta Branch update prep for ModSecurity v3.0

Discussion in 'Centmin Mod Github Commits' started by eva2000, Aug 5, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    47,209
    10,672
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,579
    Local Time:
    4:07 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    unless you know how to configure modsecurity and it's gotchas, I'd avoid it. if using Cloudflare Pro and higher paid plans, you already have CF WAF available anyway.

     
  2. Rake-GH

    Rake-GH Premium Member Premium Member

    174
    89
    28
    Jul 29, 2019
    USA
    Ratings:
    +136
    Local Time:
    2:07 PM
    default
    default
    I don't use the paid cloudflare. But I did get modsecurity installed, got it setup and got it to trigger with your test rule. Pretty neat. I'm just gonna play with it in DetectionOnly mode for a couple days.

    I also found they have an exclusion profile for Xenforo too: crs_exclusions_xenforo
     
  3. eva2000

    eva2000 Administrator Staff Member

    47,209
    10,672
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,579
    Local Time:
    4:07 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    oh didn't know that :cool:
     
  4. Pasta

    Pasta New Member

    7
    1
    3
    Aug 3, 2021
    Ratings:
    +3
    Local Time:
    2:07 AM
    Nginx 1.21.x
    MariaDB 10.4
    Is this the correct way to set up logrotate for modsecurity. Does the alias ngxrestart work after postrotate?

    nano /etc/logrotate.d/mod_security

    /var/log/modsec_audit.log {
    daily
    rotate 7
    missingok
    compress
    postrotate
    ngxrestart > /dev/null 2>/dev/null || true
    endscript
    }
     
  5. eva2000

    eva2000 Administrator Staff Member

    47,209
    10,672
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,579
    Local Time:
    4:07 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    You can check if ngxrestart works for that by manually doing a forced debug logrotate via command
    Code (Text):
    logrotate -df /var/log/modsec_audit.log
    
     
  6. Pasta

    Pasta New Member

    7
    1
    3
    Aug 3, 2021
    Ratings:
    +3
    Local Time:
    2:07 AM
    Nginx 1.21.x
    MariaDB 10.4
    Thanks, i had to chmod modsec_audit.log to 0644 to make it work.
     
  7. hazehs

    hazehs Member

    34
    1
    8
    Jul 18, 2020
    Ratings:
    +6
    Local Time:
    6:07 PM
    NGINX 1.18
    MariaDB 10.4