• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Question ModSecurity Apache vs. Nginx and Comodo Free

A

AlwaysTroubleshooting

New Pleskian
Server operating system version
Ubuntu 24.04.4 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.77 Update #2
Hello all,

In Plesk Web Application Firewall (ModSecurity), does it matter if I choose Apache or Nginx and all of my websites are using Nginx?
I ask because Comodo Free with Nginx selected will not function. So I had to use Apache w/ Comodo Free and it works.

For Nginx Comodo Free I get:
"modsecurity_ctl failed: Failed to download the Comodo rule set. The issue is on side of waf.comodo.com and we will alert them right away. You can also report the issue on the Comodo forum - Web Application Firewall -Free Modsecurity rules . That way you may help to fix the issue sooner. At the moment, please select another available rule set and try to switch to Comodo later."

However, it appears this has been an issue for a long time now.

Why does it work with Apache but not Nginx?

If a website is using Nginx... I imagine ModSecurity with Apache does not benefit the website using Nginx, correct?
 
Hi, @AlwaysTroubleshooting . When you say all your websites are using Nginx I am assuming that you mean Apache + Nginx in proxy mode. If that's the case, Apache still sits behind Nginx and you can take advantage of the rules, especially for PHP-based sites.

The issue you are experiencing has been already reported to Comodo, but, unfortunately, no action has been taken so far.
 
Hello, yes, that is correct.
This is Enabled for each domain: "Proxy mode: Nginx proxies requests to Apache. Turn off to stop using Apache."
So the ModSecurity is working with Apache therefore the domains are OK because it's Apache + nginx for each domain, correct?
 
AlwaysTroubleshooting said:
Hello, yes, that is correct.
This is Enabled for each domain: "Proxy mode: Nginx proxies requests to Apache. Turn off to stop using Apache."
So the ModSecurity is working with Apache therefore the domains are OK because it's Apache + nginx for each domain, correct?
Click to expand...

It is also possible to add ModSecurity at the Nginx level.

In most cases, this is a better "security approach" since it prevents bad traffic from reaching the Apache level.

Nevertheless, there is general consensus that the ModSecurity at the Nginx level is not to be preferred due to (potential) issues with Nginx modsec module.

Moreover, the information obtained from ModSec at the Apache level is often more valuable than that information obtained at the Nginx level.

As a result, using the Apache + ModSec + Nginx type of setup is a good approach.

The thing here is that you should use what you have : ModSec output should be used in Nginx to block bad traffic, before it reaches the Apache level.

The most easy way to do so is to add Fail2Ban filters that can result in Nginx config that simply blocks bad traffic (and that adds rules or rulesets to the firewall in order to permanently ban specific bad IPs, hence permanently banning bad traffic from specific bad IPs to - preferably - the entire server ).

I hope the above helps a tiny bit!

Kind regards....
 
You must log in or register to reply here.

Similar threads

WebHostingAce
Question WAF (ModSecurity)
Replies
16
Views
3K
WebHostingAce
WebHostingAce
P
Resolved Disable output buffering
Replies
4
Views
5K
Patashoow
P
K
Resolved Web Application Firewall: Security rule IDs broken/reset
Replies
9
Views
6K
World eSports
W
V
Issue Roundcube connection error when sending or saving as draft
Replies
1
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
Jürgen_T
Question Modsecurity - Apache or Nginx
Replies
2
Views
2K
Jürgen_T
Jürgen_T
Back
Top