Dear Web Experts, Who has tried the ModSecurity plugin module for Nginx? https://www.linode.com/docs/guides/securing-nginx-with-modsecurity/ It is Nginx v1.1x and ModSecurity v3. Please share your experience on them in an ISPConfig v3.2 server. In the old days when I ran Apache2 and ModSecurity2, they worked together very well.
There are a few posts in the forums within the last 2 years of people using modsecurity with nginx you might want to check them out. It seems like there are no major issues with it.
Nice. I will compile my own module after I have upgraded my system to Ubuntu 24.04 in which Nginx version becomes v1.2x, not v1.1x any more.
Never used this since your last thread about this few years back because I know ISPConfig won't work well with version other than that shipped with the OS. I thought you tested that with Ondrej Sury Nginx Mainline and knew that already, I mean since compiling it from the latest version is almost similar to that, right? What are the gains that can benefit you from this hassle?
I did compile a 3rd party module for Nginx on Ubuntu 20.04. You can choose the Ubuntu source with this command: sudo fakeroot apt source nginx Then, it will download the Ubuntu Nginx source for you.
This 3rd party module for Nginx is also a good choice, with low rule set maintenance, light weight. I have been using it since Ubuntu 20.04 to Ubuntu 22.04. https://github.com/wargio/naxsi
Hm, and how such compiled from source module behaves with ISPC? For example: you must recompile it each time new nginx version comes out?
There is nothing ISPConfig specific, as long as your manually compiled version uses the same folders e.g. for config files that the regular Nginx version uses. I think so, and that's the main reason why I would avoid using it on my systems.
Yes, for example, from v1.18 to v1.20. However, Nginx of Ubuntu 20.04 and Ubuntu 22.04 have the same version number v1.18, I can still use them. If you are going to upgrade to Ubuntu 24.04 with Nginx v1.24, then you must disable it and then recompile.
