Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx/1.8.0+ ModSecurity 2.9 ERR_EMPTY_RESPONSE #928

Closed
rz300 opened this issue Sep 16, 2015 · 6 comments
Closed

nginx/1.8.0+ ModSecurity 2.9 ERR_EMPTY_RESPONSE #928

rz300 opened this issue Sep 16, 2015 · 6 comments

Comments

@rz300
Copy link

rz300 commented Sep 16, 2015

Hi, I got this problem after installing ModSec. Google Chrome says net :: ERR_EMPTY_RESPONSE and several files didn't load, e.g. logo.png and font-awesome.ttf

nginx version: nginx/1.8.0
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1k 8 Jan 2015
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security' --with-ld-opt=-Wl,-z,relro --with-ipv6 --add-module=/home/anubis/ngx_pagespeed-release-1.9.32.6-beta --add-module=/home/anubis/downloads/modsecurity-2.9.0/nginx/modsecurity

mod security debug.log http://pastebin.com/Nfhjvk7T
Debian 8

Linux box-host.ru 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04) x86_64 GNU/Linux

And i've unusual nginx config, and i dont'n know where ModSecurityEnable on; is necessary to insert

        server_name box-host.ru www.box-host.ru;
        charset UTF-8;
        disable_symlinks if_not_owner from=$root_path;
        index index.html index.php;
        root $root_path;
        set $root_path /dsk/sites/rz300/data/www/box-host.ru;
        access_log /dsk/sites/httpd-logs/box-host.ru.access.log ;
        error_log /dsk/sites/httpd-logs/box-host.ru.error.log notice;
        include /etc/nginx/vhosts-includes/*.conf;
        location / {
                       location ~ [^/]\.ph(p\d*|tml)$ {
                        try_files /does_not_exists @fallback;
                }
                location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
                        try_files $uri $uri/ @fallback;
                }
                location / {
                        try_files /does_not_exists @fallback;
                }
        }
        location @fallback {
                ModSecurityEnabled on;
                 ModSecurityConfig /etc/nginx/modsecurity/modsecurity.conf;
                proxy_pass http://127.0.0.1:8080;
                proxy_redirect http://127.0.0.1:8080 /;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                access_log off ;
        }
        ssi on;
        add_header Strict-Transport-Security "max-age=31536000;";
        listen 92.63.104.78:443;
        ssl on;
        ssl_certificate "/var/www/httpd-cert/rz300/box-host.ru.crtca";
        ssl_certificate_key "/var/www/httpd-cert/rz300/box-host.ru.key";
        ssl_ciphers HIGH:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!EXP:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}```
@zimmerle
Copy link
Contributor

Are you using the nginx-refactoring branch ?

Are you willing to test the development version of ModSecurity 3.0 ?

@rz300
Copy link
Author

rz300 commented Sep 16, 2015

No, I am using a main branch. I would love to test it.

@zimmerle
Copy link
Contributor

Hi @rz300,

What are the rule set that you are currently using?

OWASP? is that v3.0? Custom?

The current version does not have support for all the operators, neither transformations yet, but should work on a reduced scope

@rz300
Copy link
Author

rz300 commented Sep 16, 2015

It's kind of works, but I'm not sure. I have been download tar from official site, version 2.8.I have not figured out how to connect owasp, so there is default rules from modsecurity.conf

@rz300
Copy link
Author

rz300 commented Sep 17, 2015

i solved my problem. there is stupid config of nginx vhost. I've catched another error. in some sites i catch 403 with owasp rules e.g. Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded.
I've used this man: https://www.rhce.co.nz/nginxmodsecurity-configuring-owasp-rule-set/
what have i do?

@csanders-git
Copy link

@rz300 that is a rule in the 2.0 version of the ruleset that is known to be particularly prone to false positives... please attempt to use the 3.x branch https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0.0-dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zimmerle @csanders-git @rz300