I'm using Modsecurity v3.0.3 with the blocking module and I need to get my auditlog.
Also, because I need it, I have to use some custom error pages.
Unfortunately, I have my logs, but I'm losing my auditlog.
I tried some forums' help, but it didn't work for me.
One of the forums : https://github.com/SpiderLabs/ModSecurity-nginx/issues/76
Here is the location configuration of my NGinx
Any help or starting point would be appreciated, thanks !
I had the same problem with ModSecurity 3.3.2 + nginx and custom errors, so leaving this here in case other people run into the same issue as it took me a while to find a solution.
The issue in my case was that I had the custom error in nginx return the message directly in the error location block, so something like:
error_page 400 #error400;
location #error_400 {
types {}
default_type application/json;
return 400 '{"message: WHATEVER ERROR"}'
}
So the solution in my case was to put that exact JSON message in a file and reference that file instead, so the above becomes:
error_page 400 /400.json;
location = /400.json {
types {}
default_type application/json;
root /usr/share/nginx/html/custom_errors/;
}
And in that root path I put the 400.json file with that exact error messsage:
cat /usr/share/nginx/html/custom_errors/400.json
{"message: WHATEVER ERROR"}
This brought back the SecAudit Logs from ModSecurity. Hope this helps someone.
Could you elaborate on "losing my auditlog"? This sounds as if you would see it for a moment, but then it disappears.
Also, you link to a very old ModSec issue that has been fixed and released in the meantime. Where is the connection?
Related
I have nginx running as in a docker-compose setup and I want to achieve to following:
Every url that contains /something/ is passed to application 1
Every url that contains /something/alsothis/ is passed to application 2
My current config has:
location ~* ^/something/(?<path>.+) {
proxy_pass http://app1/$path;
}
location ~* ^/something/alsothis/(?<path>.+) {
proxy_pass http://app2/$path;
}
When I try https://www.example.com/something/rest_of_path it is working fine.
However when I try https://www.example.com/something/alsothis/rest_of_path I get an Unkown error in Postman (500 error is logged in nginx).
Also I double checked that app2 is working. When I change to the first location to app2, it also works fine.
Can't seem to figure out what is going wrong, all help is much appreciated.
Thanks in advance!
Richard was right, just had to change the order.
I have a config that looks like:
server {
listen 80;
root /pubStuff;
...stuff...
location /something {
root /app/something
}
}
The intention is, that while I can access stuff in the door of the server using example.com/ or with whatever directory/files location in /pubStuff, IF someone were to request example.com/something, or example.com/something/something.here.zip, they would get it!
When I try to go for example.com/something, I get a 404 not found error!
In error log it says:
14#14: *15409 open() "/app/something/something" failed (2: no such file or directory)....
I dont understand why does it affix a second "something", when I asked for only example.com/something, which should show me the content of /app/something as configured above, right?
I read the documentation on http://nginx.org/en/docs/http/ngx_http_core_module.html#location but it is rather focused on the prefix matching stuff, not explaining whats wrong in my use case.
Based on stackoverflow suggestions, I tried the solution at Nginx -- static file serving confusion with root & alias
basically, it seems that only should only specify root /app/, and that it would go to /app/something/something.zip, but error log says it tries /pubStuff/something/something.zip, totally ignoring the root directive for /something.
I have NGINX + PHP5-fpm and slim for routing, my website wont work with out this rewrite : try_files $uri /index.php; , now everything is fine and all site is ok except some API, for example http://example.com/webservice/android.php/get_video_info
It doesn't work and say it :No input file specified.
Why ? i should mention that http://example.com/webservice/android.php is exist on server but "http://example.com/webservice/android.php/get_video_info" is not exist and its just a post action on this android.php
PS : if you need more information i will provide for you
It was about my app.config, after I checked the NGINX log i found that the issue it's make path duplicated like /var/www//var/www/ after i change my config and remove second one, issue is solved
I spent days now in researching on how to add some headers to nginx. All I try to do is adding these lines:
location ~ ^/(assets)/ {
add_header Access-Control-Allow-Origin *;
}
What is the best way to put these lines into the nginx.conf?
Is there also a way to not overwrite the standard nginx.conf just in case beanstalk updates the settings so I wont miss it?
The default elastic beanstalk nginx.conf seems to have this line toward the end :
include /etc/nginx/conf.d/*.conf;
(Well, I can tell you that's what the file looks like for the docker solution stack versions 1.4.1 and 2.0.4, no idea if that's guaranteed across all solution stacks).
So I think one way would be to to drop a file named whatever.conf into the /etc/nginx/conf directory using the ebextensions mechanism .
I have folder images, css, class, js, includes at my application.
and if somebody access that folder --> 403 Forbidden
I want custom this output 403 Forbidden ---> 404 Not Found
I'll try this code
location ~ /(.*)/{ return 404; }
It was sucessfull, the output 404 Not Found
but my images, css, class, js, includes LOST at my application.
Help me please.
location = /THAT_FOLDER/ { return 404; }
Directives with the "=" prefix that match the query exactly (literal string).
If found, searching stops.
ref: http://wiki.nginx.org/HttpCoreModule#location