starred/ngx_waf
1
0
Fork 0
mirror of https://github.com/ADD-SP/ngx_waf.git synced 2026-04-26 14:05:52 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #88] ngx_waf 的 paranoia level 調整 #64

New issue
Closed
opened 2026-03-04 12:18:39 +03:00 by kerem · 2 comments
kerem commented 2026-03-04 12:18:39 +03:00
Owner
Copy link

Originally created by @ADeeeee on GitHub (Mar 28, 2022).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/88

因查找 issue 以及網路上無相關討論

請問一下在 current-dev v10.1.1 版本下啟用 modsecurity module 後,有辦法整合調整 Paranoia level (PL) 嗎?

目前我是取消註解 crs-setup.conf 裡面的 setvar:tx.paranoia_level 來調整,測試有效,但不知有無更簡便的方法,譬如使用 environment 來調整或是有個參數可以加入 waf_modsecuirty 內

SecAction \
  "id:900000,\
   phase:1,\
   nolog,\
   pass,\
   t:none,\
   setvar:tx.paranoia_level=4"
Originally created by @ADeeeee on GitHub (Mar 28, 2022). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/88 因查找 issue 以及網路上無相關討論 請問一下在 current-dev v10.1.1 版本下[啟用 modsecurity module](https://docs.addesp.com/ngx_waf/practice/enable-modsecurity.html) 後,有辦法整合調整 Paranoia level (PL) 嗎? 目前我是取消註解 crs-setup.conf 裡面的 setvar:tx.paranoia_level 來調整,測試有效,但不知有無更簡便的方法,譬如使用 [environment ](https://hub.docker.com/r/owasp/modsecurity-crs) 來調整或是有個參數可以加入 waf_modsecuirty 內 ``` SecAction \ "id:900000,\ phase:1,\ nolog,\ pass,\ t:none,\ setvar:tx.paranoia_level=4" ```
kerem 2026-03-04 12:18:39 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-03-04 12:18:40 +03:00
Author
Owner
Copy link

@ADD-SP commented on GitHub (Mar 29, 2022):

暂时没有更简便的方法来修改配置,不过你可以通过 shell 脚本来生成配置文件然后重载 NGINX 来实现这一目的。

#!/bin/bash
cat > modsec.conf  << EOF
SecAction          \\
  \"id:900000,     \\
   phase:1,        \\
   nolog,          \\
   pass,           \\
   t:none,         \\
   setvar:tx.paranoia_level=${PARANOIA_LEVEL}\"
EOF

nginx -s reload
<!-- gh-comment-id:1081878938 --> @ADD-SP commented on GitHub (Mar 29, 2022): 暂时没有更简便的方法来修改配置,不过你可以通过 shell 脚本来生成配置文件然后重载 NGINX 来实现这一目的。 ```shell #!/bin/bash cat > modsec.conf << EOF SecAction \\ \"id:900000, \\ phase:1, \\ nolog, \\ pass, \\ t:none, \\ setvar:tx.paranoia_level=${PARANOIA_LEVEL}\" EOF nginx -s reload ```
kerem commented 2026-03-04 12:18:40 +03:00
Author
Owner
Copy link

@ADeeeee commented on GitHub (Apr 1, 2022):

知道了,希望未來有機會整合進 waf_modsecurity 設定值內
非常感謝

<!-- gh-comment-id:1085306267 --> @ADeeeee commented on GitHub (Apr 1, 2022): 知道了,希望未來有機會整合進 waf_modsecurity 設定值內 非常感謝
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
lts
lts-dev
add_sp/refactor-replace-libcurl-with-subreq
current-dev
current
current-dev-backup
v6.1.10
v10.1.2
v6.1.9
v6.1.8
v10.1.1
v10.1.0
v6.1.7
v10.0.1
v10.0.0
v9.0.6
v9.0.5
v6.1.6
v6.1.5
v9.0.4
v9.0.3
v9.0.2
v9.0.1
v9.0.0
v8.0.3
v6.1.4
v8.0.2
v8.0.1
v6.1.3
v8.0.0
v7.1.0
v6.1.2
v7.0.1
v7.0.0
v6.1.1
v6.1.0
v6.0.3
v6.0.2
v6.0.2-beta.1
v6.0.1
v6.0.1-beta.2
v6.0.1-beta.1
v6.0.0
v6.0.0-beta.4
v5.5.1
v6.0.0-beta.2
v6.0.0.beta.3
v6.0.0-beta.1
v5.5.0
v5.4.2
v5.4.2-beta.2
v5.4.2-beta.1
v5.4.1
v5.4.1-beta.1
v5.4.0
v5.4.0-beta.1
v5.3.2
v5.3.1
v5.3.0
v5.3.0-beta.4
v5.3.0-beta.3
v5.3.0-beta.2
v5.3.0-beta.1
v5.2.0
v5.2.0-beta.2
v5.2.0-beta.1
v5.1.1
v5.1.1-beta.1
v5.1.0
v5.0.0
v5.0.0-beta.5
v5.0.0-beta.4
v5.0.0-beta.3
v5.0.0-beta.2
v5.0.0-beta.1
v4.1.0-beta.4
v4.1.0-beta.3
v4.1.0-beta.2
v4.1.0-beta.1
v4.0.0
v4.0.0-beta.2
v3.1.6
v3.2.0-beta.1
v3.1.5
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.1.0-beta-1
v3.0.3-beta-3
v3.0.2
v3.0.3-beta-2
v3.0.3-beta-1
v3.0.2-beta-2
v3.0.2-beta-1
v3.0.1
v3.0.0
v3.0.0-beta-2
v3.0.0-beta-1
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.1-beta-1
v2.0.0
v2.0.0-beta.1
v1.0.1
v1.0.0
v1.0.0-RC2
v1.0.0-RC1
Labels
Clear labels   
MacOS

   
Nginx

   
OpenResty

   
Tengine

   
bug

   
documentation

   
enhancement

   
needs-investigation

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
stale

   
stale

   
timeout

   
wontfix
No labels
MacOS
Nginx
OpenResty
Tengine
bug
documentation
enhancement
needs-investigation
pull-request
question
stale
stale
stale
timeout
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ngx_waf#64
No description provided.