Describe the bug
We included modsecurity into our nginx. If only we set ModSecurityEnabled On all custom response headers are gone. The only that are left are:
Response body is fine.
Request body and headers are delivered correctly to upstream server.
Our services return a bunch of headers like:
Logs and dumps
Output of:
[08/Jan/2019:15:19:36 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][4] Initialising transaction (txid AcgcABXHAcAcAcAcUcOcA4AS).
[08/Jan/2019:15:19:36 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][4] Transaction context created (dcfg 21adb98).
[08/Jan/2019:15:19:36 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][4] Processing disabled, skipping (hook request_early).
[08/Jan/2019:15:19:37 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][4] Initialising logging.
[08/Jan/2019:15:19:37 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][4] Starting phase LOGGING.
[08/Jan/2019:15:19:37 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][9] This phase consists of 0 rule(s).
[08/Jan/2019:15:19:37 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][4] Recording persistent data took 0 microseconds.
[08/Jan/2019:15:19:37 +0000] [/sid#21ad2c0][rid#221cdb0][/priv-server/entity][4] Audit log: Ignoring a non-relevant request.
- AuditLogs - nothing is shown
- Error logs - nothing is shown
- If there is a crash, the core dump file. - n/a
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Custom response headers should not be removed.
Server (please complete the following information):
Rule Set (please complete the following information):
Additional context
Hi @DeoMortis,
ModSerurity v2.9 has many memory issues with Nginx. This is one of the main reasons why libmodsecury (v3) was created.
You can compile it, like: https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes-for-v3.x#centos-7-minimal
We are using Nginx 1.13.8 wiht libmodsecury v3.0.0, and we have not notice this issue with it.
(Side note: My experience with Nginx with ModSecury v2.9 is, that sometimes it consumed every resource on a production server. Don't use it like this)
Thanks @LeeShan87
I will give it a try.
Hi @DeoMortis
As precisely pointed out by @LeeShan87, ModSecurity 2.9.x with Nginx is not recommended. This setup is not supported anymore.
Please move to libModSecurity (aka 3.x) for Nginx. Thanks :)
Hi @victorhora
Thank you for your reply.
I think that site https://www.modsecurity.org/download.html should be updated. The section at the bottom has links for modsecurity for nginx which point to version 2.9.3. This caused my confusion.
Most helpful comment
Hi @DeoMortis,
ModSerurity v2.9 has many memory issues with Nginx. This is one of the main reasons why libmodsecury (v3) was created.
You can compile it, like: https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes-for-v3.x#centos-7-minimal
We are using Nginx 1.13.8 wiht libmodsecury v3.0.0, and we have not notice this issue with it.
(Side note: My experience with Nginx with ModSecury v2.9 is, that sometimes it consumed every resource on a production server. Don't use it like this)