Issue Modsecurity works with Apache but error with nginx

[Kulturmensch]

Server operating system version

Ubuntu 22.04.5 LTS

Plesk version and microupdate number

Plesk Obsidian v18.0.66_build1800241218.14

I just started to give modsecurity a second try but got this after re-installed it with plesk-installer. Starting with the configuration Nginx (Modsecurity 3.0) I get the following error:

modsecurity_ctl failed: START nginx_modules_ctl --no-restart --enable modsecuritynginx: [emerg] unknown directive "modsecurity" in /etc/nginx/conf.d/modsecurity.conf:5nginx: configuration file /etc/nginx/nginx.conf test failedNginx configuration after enable of 'modsecurity' is in invalid state, rollback the change
Der aktuelle ModSecurity Regelsatz kann nicht verwendet werden und die vorherige Version kann nicht wiederhergestellt werden, da beide ungültige Regeln enthalten.

Changing the configuration from Nginx (Modsecurity 3.0) to Apache (Modesecurity 2.9) it starts without error message.

Any idea how to get it work with Nginx? Did the recent update of Nginx ( nginx/1.26.2) come without modsecurity build?

 

[Sebahat.hadzhi]

Hello, @Kulturmensch. In case the issue still persists, could you please double-check if there are symbolic links present:

ls -alh /usr/share/nginx/modules

 

[Kulturmensch]

Hi Sebahat, here is the result:
ls -alh /usr/share/nginx/modules =>
total 14M
drwxr-xr-x 2 root root 4.0K Dec 19 20:11 .
drwxr-xr-x 3 root root 4.0K Jun 28 2023 ..
-rw-r--r-- 1 root root 760K Dec 18 15:51 ngx_http_brotli_filter_module.so
-rw-r--r-- 1 root root 15K Dec 18 15:51 ngx_http_brotli_static_module.so
-rw-r--r-- 1 root root 19K Dec 18 15:51 ngx_http_geoip2_module.so
-rw-r--r-- 1 root root 28K Dec 18 15:51 ngx_http_modsecurity_module.so
-rw-r--r-- 1 root root 1.6M Dec 18 15:51 ngx_http_passenger_module.so
-rw-r--r-- 1 root root 12M Dec 18 15:51 ngx_pagespeed.so

The issue is not gone unfortunately:-(

 

[Sebahat.hadzhi]

Thank you. Could you please try regenerating the web server configuration:

plesk repair web -y

If that doesn't work, I am, unfortunately, out of guesses and it might be best to directly get in touch with our support team.

 

[Kulturmensch]

I repaired it now by myself.
To help others here is a step-by-step-approach:
1. ls -alh /etc/nginx/modsecurity.d/rules/owasp_modsecurity_crs_4-plesk/ => No rules have been installed.
2. nginx -V 2>&1 | grep -o with-http_modsecurity_module => no module installed also available
3. /etc/nginx/conf.d/ => no modsecurity.conf available
Solution
wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v4.0.0.tar.gz -O owasp-modsecurity-crs.tar.gz
tar -xzvf owasp-modsecurity-crs.tar.gz -C /etc/nginx/modsecurity.d/rules/
mv /etc/nginx/modsecurity.d/rules/coreruleset-4.0.0 /etc/nginx/modsecurity.d/rules/owasp_modsecurity_crs_4-plesk
modsecurity_rules_file /etc/nginx/modsecurity.d/rules/owasp_modsecurity_crs_4-plesk/crs-setup.conf;
mv crs-setup.conf.example crs-setup.conf
Include /etc/nginx/modsecurity.d/rules/owasp_modsecurity_crs_4-plesk/rules/*.conf;
ningx -t
chmod -R 755 /etc/nginx/modsecurity.d/rules/owasp_modsecurity_crs_4-plesk
chown -R root:root /etc/nginx/modsecurity.d/rules/owasp_modsecurity_crs_4-plesk
systemctl restart nginx
=> Plesk UI => selecht nginx (Modsecurity 3.0) + owasp
=> worked.
Hope, this helps others with similar problems

 

[Raul A.]

nginx: [emerg] unknown directive "modsecurity" in /etc/nginx/conf.d/modsecurity.conf:5

The error is encountered when the ngx_http_modsecurity_module.so is not loaded.
It's defined in /etc/nginx/modules.conf.d/modsecurity.conf and loaded from /etc/nginx/nginx.conf

include /etc/nginx/modules.conf.d/*.conf;

Around line 11, before the http { block