ModsecurityFilter
The ModsecurityFilter parses ModSecurity files and checks requests against the rules described in the file. The ModsecurityFilter can be used with the following restrictions:
- No rewriting is supported. Any rewrite rule will be silently ignored.
- The ModsecurityFilter is built for users who have experience with the ModSecurity suite. Nevis only offers limited support for ModSecurity related problems.
- See the chapter ModSecurity Configuration Guide for more information on how to setup the ModSecurityFilter.
ch::nevis::nevisproxy::filter::modsecurity::ModsecurityFilter
libModsecurityFilter.so.1
Configuration
ConfigFile
Type: string: filename with absolute path
Usage Constraints: required
ModSecurity inlcude file with the rules. The file will automatically be reloaded if the content changes. If other files included by this config file change, this config file has to be touched to reload it automatically. The file modification will be checked in the interval configured under periodicity in the Timer section in the file navajo.xml.
- Your installed nevisProxy package includes an example on how to configure ModSecurity core rules with the ModsecurityFilter. You find the example here:
/opt/nevisproxy/examples/WAF/ModsecurityFilter_with_modsecurity_core_rule_set.example - Additionally, you find more detailed information in the ModSecurity Configuration Guide.
ModSecurity Bug
Due to a bug in ModSecurity, the ruleRemoveTargetById action may cause a segmentation fault in nevisProxy if you use a syntax similar to the following example:
SecRule REQUEST_URI "^/some/uri" "phase:1,id:001,t:none,log,ctl:ruleRemoveTargetById=0000"
To prevent the fault from happening, add a separator (;) and some ARGS at the end of the rule:
SecRule REQUEST_URI "^/some/ur" "phase:1,id:001,t:none,log,ctl:ruleRemoveTargetById=921130;ARGS:menu-name"