Announcement

Collapse
No announcement yet.

Nginx, Modsecurity, Imunify360 & Directadmin

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Nginx, Modsecurity, Imunify360 & Directadmin

    Hello Everyone,
    I am trialling imunity360 on my new Cloudlinux/DirectAdmin server but my setup was apache server with nginx as reverse proxy. Now after doing research online I found out that imunify360 is not compatible with that setup. So, I changed it to nginx only but I am getting errors from the Modsec rules please see below -

    Code:
    2023/03/02 06:50:19 [emerg] 829522#0: "modsecurity_rules_file" directive Rules error. File: /etc/modsecurity.d/000_i360_0.conf. Line: 82. Column: 254. Expecting a variable, got: : SCRIPT_USERNAME}||T:APACHE||',phase:2,deny,status: 406,t:none,t:lowercase,severity:2,tag:'service_i36 0custom'" in /etc/nginx/nginx-modsecurity-enable.conf:2
    This is constantly showing up within nginx logs, any advice would be appreciated.

    Thanks

    Mark


  • #2
    Hi,

    I am trialling imunity360 on my new Cloudlinux/DirectAdmin server but my setup was apache server with nginx as reverse proxy. Now after doing research online I found out that imunify360 is not compatible with that setup.
    Would you please share the source of this information? The thing is that the configuration Imunify360+DirectAdmin+Apache+Nginx as a reverse proxy is quite compatible. You can check this in the requirements list: https://docs.imunify360.com/installation/#requirements

    Nginx as a web-server is supported only for Stand-alone installations (for servers with no control panel) and not supported for DirectAdmin yet: https://cloudlinux.zendesk.com/hc/en...configuration-
    Most probably, after switching the web server, ruleset was not reinstalled and thus, you may see the Apache reference in the nginx log.

    Could you share more info about the initial setup with Apache – do you receive any errors or face any difficulties during the ruleset installation?

    Comment


    • #3
      Hi there,
      So, I just tried to rebuild the apache and nginx server and apache is now working but nginx is still failing with the following

      Code:
      2023/03/02 09:59:19 [emerg] 993802#0: "modsecurity_rules_file" directive Rules error. File: /etc/modsecurity.d/000_i360_0.conf. Line: 82. Column: 254. Expecting a variable, got: : SCRIPT_USERNAME}||T:APACHE||',phase:2,deny,status: 406,t:none,t:lowercase,severity:2,tag:'service_i36 0custom'" in /etc/nginx/nginx-modsecurity-enable.conf:2
      So, modsecurity is struggling with the i360 ruleset and the above line is in the nginx log file every few seconds.

      Comment


      • #4
        It is not completely clear what configuration is currently configured.

        For Imunify360 running on the DirectAdmin server, the only web servers supported are Apache and LiteSpeed.

        Click image for larger version

Name:	Screenshot 2023-03-02 at 17.45.30.png
Views:	429
Size:	15.8 KB
ID:	39153
        Nginx can be used as a reverse proxy only so it may be the cause for the error logs you shared earlier. Consider switching to the Apache web server instead and check if any errors related to the Imunify ruleset occur.

        Comment

        Working...
        X