[Owasp-modsecurity-core-rule-set] Drupal 7, nginx with ModSecurity - How to resolve that 404 error page please?

Matej Zuzčák mzuzcak at secit.sk
Mon Nov 28 10:59:56 UTC 2016


Hello all,

I have installed Drupal 7 on latest version of Nginx web server which
was compiled with support of ModSecurity module. I have activated core
OWASP rule set. But when I active ModSecurity in my virtual host config
file for my Drupal 7 web I do not login, register or reset password with
this error in log:

|[error]11158#0: *1 open() "/var/www/MY_WEBSITE/node" failed (2: No such
file or directory), client: IP, server: MY_SERVER, request: "POST
/node?destination=node HTTP/1.1", host: "MY_WEBSITE", referrer:
"http://MY_WEBSITE/"|

And client gets 404 error page.

I applied these practices
https://geekflare.com/modsecurity-owasp-core-rule-set-nginx/ and
https://www.netnea.com/cms/2016/11/22/securing-drupal-with-modsecurity-and-the-core-rule-set-crs3/
||
When I change SecRuleEngine from "On" to "DetectionOnly" result is the
same, For correct operation I have to "switch off" ModSecurity in
virtual host config for domain.
I found some solutions for Apache web server (these solutions use
modifications of htaccess file), but not for Nginx.

So please have you any advices for solving this problem?

Help me please.
Many thanks!

-- 
Best Regards
Matej Zuzcak

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20161128/41dc1995/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list