• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved What is the best way to configure NGINX ModSecurity?

O

othmaqsa

Regular Pleskian
Server operating system version
Ubuntu 20.04.5 LTS
Plesk version and microupdate number
18.0.49
Hello,

What is the best way to configure Modsecurity ? I use only NGINX.

Thank you.
 
Monty said:
Please check the documentation here:
docs.plesk.com

Web Application Firewall (ModSecurity)

In this topic, you will learn how to protect your web applications (such as WordPress, Joomla!, or Drupal) from attacks using ModSecurity, an Open Source web application firewall.
docs.plesk.com docs.plesk.com
Click to expand...
Hello,

Thank you for your message.

I've read this before, but the confusion is that in the documentation:
Apache (ModSecurity 2.9) (recommended).
Nginx (ModSecurity 3.0).
Note: Switching to Nginx (ModSecurity 3.0) may affect your existing applications. We recommend trying ModSecurity 3.0 out on a test server before switching your production environment to that version.

In my case, I use only NGINX only (proxy mode disabled), I need to choose the recommended setting or go Nginx (ModSecurity 3.0) ?
 
If you haven't used ModSecurity before then you should go for ModSecurity 3.0 with nginx and run it in "Detection Mode" only for a while and analyse the logs it produces.

Once you're sure that no legitimate requests would be blocked then you can switch to "On" (blocking mode).
 
Monty said:
If you haven't used ModSecurity before then you should go for ModSecurity 3.0 with nginx and run it in "Detection Mode" only for a while and analyse the logs it produces.

Once you're sure that no legitimate requests would be blocked then you can switch to "On" (blocking mode).
Click to expand...
Got it, since it's the first time I use ModSecurity, I'll enable ModSecurity 3.0 with nginx.

Another question: Can I see the Logs with the option Detection Mode ? If yes, where can I see it ?
 
Monty said:
docs.plesk.com

Web Application Firewall (ModSecurity)

In this topic, you will learn how to protect your web applications (such as WordPress, Joomla!, or Drupal) from attacks using ModSecurity, an Open Source web application firewall.
docs.plesk.com docs.plesk.com

Have a look at the log files section here
Click to expand...
@Monty Last questions please: I would like to know, please, the average consumption (CPU/RAM) ? In general, can ModSecurity cause cpu/ram spikes during use?
 
ModSecurity will have a CPU impact, yes. But with a "normal" amount of rules this impact should be very small, close to negligible. To see the impact, record your CPU/RAM usage before activating ModSecurity and then compare it with ModSecurity enabled.

For further tuning and optimization of ModSecurity: ModSecurity Performance Recommendations
 
You must log in or register to reply here.

Similar threads

I
Issue Problem with Modsecurity 2.9. Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection
Replies
1
Views
153
Peter Debik
P
X-HTTG
Resolved Apache + Nginx As Reverse Proxy Imunify360 Question
Replies
5
Views
956
Peter Debik
P
llucas
Question IP Address Banning (Fail2Ban) Configuration
Replies
2
Views
143
llucas
llucas
A
Resolved Unable to reinstall modsecurity after upgrade from Onyx to Obsidian
Replies
1
Views
294
Abernathy
A
Pascal_Netenvie
Resolved Modsecurity : Add custom rules with Regex
Replies
2
Views
693
Pascal_Netenvie
Pascal_Netenvie
Back
Top