Facebook
Twitter-
We value your experience with Plesk during 2025
Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
Please take this short survey:
https://survey.webpros.com/
Resolved WAF / NGINX ONLY
- Thread starter othmaqsa
- Start date
Hi @othmaqsa, you can run WAF basically the same like with the Nginx/Apache combination, however on the "settings" page of your WAF configuration, please select the appropriate web server. Please see the documentation for details:
Nginx and ModSecurity Notes (Linux)
On Linux, ModSecurity is a module for Apache. Thus, it can check only HTTP requests that reach Apache. Apache can be supplemented with another web server - nginx. If you turn on the Process PHP by nginx option of the nginx web server for dynamic content of your website (in Apache & nginx settings for a website), the web application firewall will not be able to check HTTP requests because they will never reach Apache. For static content, if the Serve static files directly by nginx option is on, then HTTP requests will not reach Apache, so ModSecurity will not check them.So there is no way to run a WAF in NGINX server ?
I've seen the "Notes" yesterday, too, and immediately asked staff about it. We believe that is a leftover of the times when only Apache was supported. These notes will be removed in a future update of the documentation.
Hello @Peter Debik ,
Is is it safe to keep Modsec + Comodo even if Comodo have not updated the rulesets since 2020-11-19 22:32:48 ?
If not, what is the best alternative ?
Some users recommend to stop using Comodo. I am not using that on my servers either. Instead I am back to Atomic, but this is probably a matter of taste.
