• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved WAF / NGINX ONLY

O

othmaqsa

Regular Pleskian
Server operating system version
Ubuntu 20.04.5 LTS
Plesk version and microupdate number
18.0.49
Hello,

I use nginx only (reverse proxy unchecked).

How can I use a WAF in this case ?
 
Hi @othmaqsa, you can run WAF basically the same like with the Nginx/Apache combination, however on the "settings" page of your WAF configuration, please select the appropriate web server. Please see the documentation for details:
docs.plesk.com

Web Application Firewall (ModSecurity)

In this topic, you will learn how to protect your web applications (such as WordPress, Joomla!, or Drupal) from attacks using ModSecurity, an Open Source web application firewall.
docs.plesk.com docs.plesk.com
 

Nginx and ModSecurity Notes (Linux)​

On Linux, ModSecurity is a module for Apache. Thus, it can check only HTTP requests that reach Apache. Apache can be supplemented with another web server - nginx. If you turn on the Process PHP by nginx option of the nginx web server for dynamic content of your website (in Apache & nginx settings for a website), the web application firewall will not be able to check HTTP requests because they will never reach Apache. For static content, if the Serve static files directly by nginx option is on, then HTTP requests will not reach Apache, so ModSecurity will not check them.

So there is no way to run a WAF in NGINX server ?
 
I've seen the "Notes" yesterday, too, and immediately asked staff about it. We believe that is a leftover of the times when only Apache was supported. These notes will be removed in a future update of the documentation.
 
Peter Debik said:
I've seen the "Notes" yesterday, too, and immediately asked staff about it. We believe that is a leftover of the times when only Apache was supported. These notes will be removed in a future update of the documentation.
Click to expand...
Hello @Peter Debik ,

Is is it safe to keep Modsec + Comodo even if Comodo have not updated the rulesets since 2020-11-19 22:32:48 ?

If not, what is the best alternative ?
 
Some users recommend to stop using Comodo. I am not using that on my servers either. Instead I am back to Atomic, but this is probably a matter of taste.
 
Hello,
I'm using Ubuntu 20.04.5 LTS, Atomic is not available unfortunately.

Just Comodo and OWASP are available.
 
You must log in or register to reply here.

Similar threads

Jürgen_T
Question Modsecurity - Apache or Nginx
Replies
2
Views
341
Jürgen_T
Jürgen_T
JerryTek101
Resolved Apache + Nginx As Reverse Proxy Imunify360 Question
Replies
5
Views
2K
Peter Debik
P
K
Question What is the current version of the free AtomiCorp ruleset(s) (ModSecurity) within Plesk?
Replies
0
Views
311
King555
K
L
Question PHP-FPM served by Nginx vs. Apache (again)
Replies
2
Views
530
lema
L
S
Issue Need Help Whitelisting GTM Noscript in Comodo WAF Rule 214540 on Plesk
Replies
1
Views
278
alvarezcruz
alvarezcruz
Back
Top