• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Plesk Onyx + WAF + Atomicorp + nginx = ???

L

larryk

Regular Pleskian
hello.... i've had a few discussions with people at Atomicorp.

I'm trying to find out WHAT or HOW Plesk is dealing with atomicorp rules for nginx.

atomicorp says: rules for apache are very stable. rules for nginx are beta?
While ASL for nginx is supported.... what does Plesk say about atomicorp rules for nginx?

NOTE: I would be running the 2nd (more powerful rules) NOT the basic one

https://docs.plesk.com/en-US/onyx/a...dsecurity/atomic-modsecurity-rule-sets.75669/


NOTE: Plesk needs to fix this in their docs or settings. It is a naming problem:

THIS IS THE DOCS:

The Atomic Basic ModSecurity rule set includes the following:

The complete Atomic ModSecurity rule set includes the following:

while this is the WAF settings for options:

Atomic Professional ModSecurity
An advanced version of the Atomic ModSecurity rules. Updated on a daily basis.

Atomic ModSecurity (subscription)
The most complete version of the Atomic ModSecurity rules, with all performance enhancements and new security features. Updated in real time. You need an active subscription to use this rule set.


You see that there is only 2 options, but 3 different names?
 
I have the same situation, I'm using nginx (non proxy mode) with Plesk Onyx and looking for a way to use the web application firewall.

I tried the suggested test at http://wiki.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules#Step_10:_Test_your_web_server and I get a 404 error, which means the WAF isn't active at all with nginx. It should return a 403 code on the console. I tested this with wget from my client terminal (OS X).

I have the "Atomic Basic ModSecurity" ruleset and the configuration is set to "Tradeoff".

So it seems Plesk Onyx is unable to use the WAF with nginx in non proxy mode.

Btw in my WAF control panel settings it says "Atomic Basic ModSecurity" and "Atomic ModSecurity (subscription)", so I don't see the same issue you have.

Also you're mentioning ASL which stands for "Atomic Secured Linux" this isn't the same as the mix of Plesk Onyx and the Modsecurity WAF using Atomicorp's Ruleset, so you have a "non ASL system". Keep this in mind when reading the WAF test mentioned earlier.
 
long story short...
1) i don't believe all rules work for nginx.... i've talked to atomicorp -- call them :)
2) atomicorp says nginx does work well with ASL, not so much for WAF
 
DigitalExit said:
So it seems Plesk Onyx is unable to use the WAF with nginx in non proxy mode.
Click to expand...

You're right. For now there is no mod_security module in nginx in Plesk Onyx, so the WAF will work (on apache side) in proxy mode only.
See also https://docs.plesk.com/en-US/onyx/a...n/web-application-firewall-modsecurity.73383/, "Nginx and ModSecurity Notes (Linux)".

About "Atomic Professional ModSecurity" ruleset - it is "complete Atomic ModSecurity" ruleset actually. The user manual will be fixed.
Option "Atomic ModSecurity (subscription)" provides ability to auth/login into Atomic, so if you succefully auth/login, you will get Atomic Professional ModSecurity ruleset.
 
You must log in or register to reply here.

Similar threads

Azurel
Question ModSecurity documentation and notices
Replies
0
Views
932
Azurel
Azurel
S
Resolved WAF Update Error Atomic Basic ModSecurity
Replies
2
Views
1K
Sally1
S
Ehud
Question Is Plesk Email SRS fully configured, or it requires an extension?
Replies
0
Views
2K
Ehud
Ehud
futureweb
Question mod_sec install error?
Replies
2
Views
1K
futureweb
futureweb
Tobias Reinhard
Resolved Error by activating ModSecurity with Atomic Basic Ruleset
Replies
1
Views
2K
Igor Losev
Igor Losev
Back
Top