Comodo rules for Nginx

[vadim]

Initialization version of Comodo protection rules for Nginx (from the version 1.6.3) has been released.

You may login to Comodo WAF interface: https://waf.comodo.com

Choose source "Nginx" and download latest rules (Latest release: 1.01).

Now, during installation of CWAF on your server you may choose Nginx Web Platform. It will be detected automatically and Comodo rules will be included to your ModSecurity protection configuration.

CWAF client version 2.7 with support Nginx platform has also been released.

[H0sseiN]

I installed the comodo waf via directadmin custombuild for reverse proxy apache_nginx webserver. Now the problem is gzip and expires headers doesn't work! They are beginning to work after I disable modsecurity. Any idea ?

[akabakov]

ModSecurity doesn't "understand" any kind of compression.
For example: https://github.com/SpiderLabs/ModSecurity/issues/821
About expires headers we don't have information yet.

[vadim]

We are glad to announce the initial free version of Comodo protection rules for Nginx + ModSecurity 3.0.

To download the Rule Set please perform the following actions:

• Log-in to your CWAF web UI at https://waf.comodo.com
• Ensure that the 'Rule set version' tab is opened.
• Select the correspondent source - "Nginx/ModSec_3.0".
• Click 'Download full rules set' to download the full set of the selected version. The download dialog will be displayed.
• Click 'Save' to save the compressed rule set package file in gzip file format (.tgz) format in a local drive.

You may configure your Nginx server with ModSecurity 3.0 and Comodo WAF using the next steps:

• Extract the rule set package files and transfer them to a local server folder,  e.g.  to /usr/local/cwaf/rules/
• Modify the modsecurity configuration file to include the CWAF Rules. Add the similar row with correct path for the Rule Set main configuration file to modescurity configuation file, e.g.
  
  Include /usr/local/cwaf/rules/rules.conf.main
  
  
• Perform the configuration test:
  
  nginx -t
  
  Correct result:
  
  nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
  nginx: configuration file /etc/nginx/nginx.conf test is successful
  
  
• Reload the nginx service to activate the rules:
  
  nginx -s reload
  

Please send us your feedback to improve CWAF rules for this new platform.

CWAF Plugin with support Mod Security 3.0 will be released soon.

[keeper of the grove]

We are glad to announce the initial free version of Comodo protection rules for Nginx + ModSecurity 3.0.

To download the Rule Set please perform the following actions:

• Log-in to your CWAF web UI at https://waf.comodo.com
• Ensure that the 'Rule set version' tab is opened.
• Select the correspondent source - "Nginx/ModSec_3.0".
• Click 'Download full rules set' to download the full set of the selected version. The download dialog will be displayed.
• Click 'Save' to save the compressed rule set package file in gzip file format (.tgz) format in a local drive.

For the above I'd like to elaborate a little more on number three -
You NEED to select the proper rule set for your web server platform - the rules are not the same for every platform.  It is not readily apparent but there is a drop down box where you should select  "Nginx/ModSec_3.0"