SecContentInjection is not yet supported - nginx

I am getting below error when using ContentInjection rule
vi /etc/nginx/nginx.conf nginx -s reload 10:26:25 [notice] 118#118:
ModSecurity-nginx v1.0.0 10:26:25 [emerg] 118#118: "modsecurity_rules"
directive Rules error. File: <>.
Line: 1. Column: 16. SecContentInjection is not yet supported. in
/etc/nginx/nginx
rg] "modsecurity_rules" directive Rules error. File: <>. Line: 1. Column: 16. SecContentInjection is
not yet supported. in /etc/nginx/nginx.conf:66

It's not supported in libModSecurity 3.0. And I am not sure, it is impossible to bring this feature to nginx the way it used to work on Apache.

Related

Kong with OWASP ModSecurity optional configuration include

For customizing of ModSecurity configuration I have included to the modsecurity.conf following line:
Include /etc/modsecurity/*.conf
But without any conf file in the directory (usual case on my enviroment), a kong failing during startup
Error: could not prepare Kong prefix at /usr/local/kong: nginx
configuration is invalid (exit code 1): nginx: [emerg]
"modsecurity_rules_file" directive Rules error. File:
/usr/local/kong/modsecurity.conf. Line: 268. Column: 31.
/etc/modsecurity/.conf: Not able to open file. Looking at:
'/etc/modsecurity/.conf', '/etc/modsecurity/.conf',
'/usr/local/kong//etc/modsecurity/.conf',
'/usr/local/kong//etc/modsecurity/*.conf'. in
/usr/local/kong/nginx-kong.conf:69 nginx: configuration file
/usr/local/kong/nginx.conf test failed
IncludeOptional not supported by kong.
How I can solve the case with optional include?
Kong version 1.2.X

SPDY instead of HTTP2 on Nginx 1.10

I just upgrade a server and decide to install latest stable Nginx version, 1.10.
The problem is that I am getting the error bellow on images and js. I do not get this error on all images, and it is random error.
Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR
I try to use spdy on config but I get a warn and test failed.
nginx: [warn] invalid parameter "spdy": ngx_http_spdy_module was superseded by ngx_http_v2_module
Anyway to use SPDY until HTTP2 is more acceptable on Nginx 1.10? Looking for a simple fix that could be done only on Nginx conf.
I found this patch
https://blog.cloudflare.com/open-sourcing-our-nginx-http-2-spdy-code/
But yesterday I got less spdy errors. And I also had an error on my code when I upgrade server.

Why can't NumRewriteThreads and NumExpensiveRewriteThreads be used with Nginx PageSpeed?

So I was trying some settings of the Nginx PageSpeed module, but there was two settings that I couldn't set for some reason.
pagespeed NumRewriteThreads 2;
pagespeed NumExpensiveRewriteThreads 2;
For some reason these two settings always throw error when I try to restart or test my nginx config.
sudo service nginx restart
[FAIL] Restarting nginx: nginx failed!
When I test the file I get this:
"pagespeed" directive "NumRewriteThreads" not recognized or too many arguments in /etc/nginx/nginx.conf:40
nginx: configuration file /etc/nginx/nginx.conf test failed
My Nginx version is the following:
sudo /usr/sbin/nginx -v
nginx version: nginx/1.6.0
The settings appear in the PageSpeed docs as well, so I'm wondering if there's something I am missing to make them work.
https://developers.google.com/speed/pagespeed/module/system#tune_thread
I've entered a bug for this: ngx_pagespeed #728. I think it's just an oversight.

OpenResty : configure lua with already given /etc/nginx/nginx.conf file

I am having a website which is working on nginx already .
nginx conf file is in /etc/nginx.conf folder.
Now i want to integrate lua into that project so i installed Openresty .
I created a folder with name "work" as per instruction in doc .And website is working fine at port 8080 as per instructions.
Now i want to use same code into my /etc/nginx/nginx.conf file.
like i can use statements like 'content_by_lua ' there .
I am not able to configure this .
I am getting below error.
Starting nginx: nginx: [emerg] unknown directive "content_by_lua" in /etc/nginx/nginx.conf:25
nginx: configuration file /etc/nginx/nginx.conf test failed
Let me know what i am doing wrong
I started from the same point. Had nginx, had lua, installed openresty and went from there. I was getting the exact same error. After spending considerable time, trying to make the openresty packages play nice with my nginx installation, I found it easiest to uninstall nginx and move forward just with openresty's nginx. Just make backups of your current nginx.conf and any vhost files.
When installing openresty I was sure to include the --with-luajit option. Set up a "hello, world" test, and everything worked wonderfully. My biggest complaint was not being able to start and stop nginx as a service anymore. The issue is a lack of init.d file in the openresty installation. Luckily I ran across this:
https://groups.google.com/forum/#!topic/openresty-en/7UOz-y77CY4
just change the name to openresty (instead of openresty.init.d) and place in /etc/init.d/ (assumed for Ubuntu). and start/stop/reload as sudo service openresty start
The error shows that your nginx don't compiled with the right module.
try type nginx -V to see if your nginx configured with nginx_lua_module
Maybe you should find out where the openresty nginx is and use this nginx instead of the default one.

Why does Passenger 3.0 with nginx crash on startup(?) then 403s?

On Ubuntu with REE 1.8.7, with nginx 0.8.53 manually compiled with the
Passenger 3 module doc installed as per the docs, I get an error in
the nginx error log when nginx starts:
Unable to start the Phusion Passenger watchdog because it encountered
the following error during startup: Unable to start the Phusion
Passenger logging agent: an error occurred while sending startup
arguments: Broken pipe (32) (-1: Unknown error 18446744073709551615)
I assume this means nginx never starts properly. When I try and view
my site after this, I get a 403.
2010/10/22 00:56:47 [error] 13874#0: *1813942 directory index of "/var/
rails/myapp/current/public/" is forbidden, client: 125.197.115.16,
server: new.myapp.fm, request: "GET / HTTP/1.1", host: "new.myapp.fm"
I expect the first is probably causing the second. I haven't had any
luck googling this. Can anyone provide insight or help me
troubleshoot?
I got this after upgrading to Passenger 3.0.1 as I had not changed the version of Passenger specified by passenger_root in /opt/nginx/conf/nginx.conf. You might need to change the line that looks like this to specify the correct version:
passenger_root /usr/lib/ruby/gems/1.8/gems/passenger-3.0.1;
You get told to do this when you install nginx. Hope that helps.
I ran into this problem too, and it was because passenger couldn't find ruby:
tail -f /var/log/nginx/error.log
2011/12/20 00:54:45 [alert] 30300#0: Unable to start the Phusion Passenger watchdog because it encountered the following error during startup: Unable to start the Phusion Passenger helper agent: it seems to have crashed during startup for an unknown reason, with exit code 1 (-1: Unknown error)
* Passenger ERROR (ext/common/ApplicationPool/../SpawnManager.h:220):
Could not start the spawn server: ruby: No such file or directory (2)
Even though ruby was properly listed within the system PATH, it didn't seem to work right until I added:
passenger_ruby = /usr/local/bin/ruby;
(the location of my ruby executable) into the http section of my nginx config.
The problem was that PassengerLoggingAgent wasn't installed when I did 'gem install passenger'. I installed it as per this discussion (by grabbing it from the standalone zip) and everything is fine now: http://groups.google.com/group/phusion-passenger/browse_thread/thread/323dc1c7b0e5ee11

Resources