ModSecurity doesn't work with proxy_pass

[discostur]

Hi,

im trying to setup nginx as reverse proxy with modsecurity. Nginx reverse proxy is running fine, however, if i activate modsecurity, my page doesn't load any ressources (like jpg, gif, css). I already tried a completly empty ruleset, but that doesn't help.

Here is my nginx / modsec config:

server {
	listen 80;
	server_name server.de;
        location / {
                proxy_pass http://IP_HOST;
                proxy_set_header Host $host;

                # ModSec
                ModSecurityEnabled on;
                ModSecurityConfig /usr/local/etc/nginx/modsec/modsecurity.conf;
        }

}

SecStatusEngine on
SecRuleEngine off
SecAuditLog /var/log/nginx/modsec_audit.log
SecAuditEngine on
SecDefaultAction "phase:1,deny,log,auditlog"
SecDataDir /usr/local/etc/nginx/modsec/SecDataDir
SecDebugLogLevel 4
SecDebugLog /var/log/nginx/modsec_debug.log

I also tried it with a complete empty modsecurity.conf and it is not working. If i set

ModSecurityEnabled off;

my page is loading correct. Is there anything i'm doing wrong?

nginx -V

nginx version: nginx/1.13.6
built with OpenSSL 1.0.2k-freebsd  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_stub_status_module --with-http_sub_module --add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_check_module-10782ea --add-module=/usr/ports/www/nginx-devel/work/nginx-upstream-fair-b5be36f --add-module=/usr/ports/www/nginx-devel/work/modsecurity-2.9.1/nginx/modsecurity --with-pcre --with-http_v2_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-http_ssl_module

[zimmerle]

Hi @discostur,

It seems to me that you are trying the configurations directives from ModSecurity version 2.x while running version 3.x. Please check the manual to get the correct configuration entries for your version - https://github.com/SpiderLabs/ModSecurity-nginx#usage

[discostur]

@zimmerle

2017/10/17 11:25:00 [notice] 783#100604: ModSecurity for nginx (STABLE)/2.9.1 (http://www.modsecurity.org/) configured.
2017/10/17 11:25:00 [notice] 783#100604: ModSecurity: APR compiled version="1.6.2"; loaded version="1.6.2"
2017/10/17 11:25:00 [notice] 783#100604: ModSecurity: PCRE compiled version="8.40 "; loaded version="8.40 2017-01-11"
2017/10/17 11:25:00 [notice] 783#100604: ModSecurity: LUA compiled version="Lua 5.1"
2017/10/17 11:25:00 [notice] 783#100604: ModSecurity: YAJL compiled version="2.1.0"
2017/10/17 11:25:00 [notice] 783#100604: ModSecurity: LIBXML compiled version="2.9.4"

Seems like i'm running ModSecurity version 2.x so our syntax should be correct

[zimmerle]

Hi @discostur,

I would strongly suggest for you to move forward to version 3.x, please give it a test and let me know if the problem persist.