I see lots of people ask about mod security. Obviously on Nginx stand-alone mod security needs to be compiled with Nginx but when set up as Apache w/ Nginx reverse proxy, would mod security best be placed on Apache? Considering many of its features deal with sql and php, I would think it should run under the server that is “talking to them”. I did some googleing and found little but the bit i did find did suggest to install on apache in this configuration. If under the Apache/Nginx setup it should go under apache you may want to add a mention in to docs, i may limit the posts asking about installing mod sec lol
Sometimes I should under the Apache Nginx setup who should do what; is there may be a general rule to keep in mind?
I can only advise how i have it setup which may or may not be the best way but it works.
My Joomla sites run on Nginx for static and Apache for everything else. I installed ModSEC to work with Apache and it works perfectly. Most of the attacks hitting my sites are stupid wordpress attacks mainly .php attacks, so i have them setup in Modsec and they 403 correctly. I use AdminTools in Joomla which is a cracking WAF and blocks anyway but it’s annoying receiving loads of warning emails over 404 errors for URLS that dont exist, so i use that to see what are current url attacks and add them to custom modsec rules and tranquility is restored for a few days lol
To thow a 403 error, you do not need Modsec. Just configure nginx to throw 404 error instead. This will save CPU processing time because Nginx does this extremely fast. To do this, you only have to configure certain keywords to map with Nginx in the conf. get it?
Not sure why you quoted me, i advised OP how i have it set up, which works for me quite nicely, Modsec integrates well with apache and csf pulls in the Ip’s to ban and to be fair cpu processing time is so far down the list of my concerns, thats the beauty of linux so many ways to achieve the same result, get it?
Basically you have it set up like I was thinking. Thanks for the help!