I have a problem, where I have a backend server that is Behind an Nginx Reverse Proxy which is running libmodsecurity.
I want to enable libmodsecurity for the entire site but one Page.
It isn't very easy to explain so I'll show my code.
server {
listen 80;
listen 443 ssl;
if ($scheme != "https"){
return 301 https://$host$request_uri;
}
ssl_certificate /etc/nginx/ssl_cert/wildcard_example_com.pem;
ssl_certificate_key /etc/nginx/ssl_cert/wildcard_example_com.pem;
server_name a.example.com;
location / {
proxy_pass https://IpAdress:Port; #address of the Backend-Server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Modsecurity is turned on automatically but it can be disabled by #modsecurity off;
}
# now I want to disable ModSecurity for example.com/index.html#!/users
location = /index.html#!/users {
proxy_pass https://IpAdress:Port/index.html#!/users;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
modsecurity off;
}
}
Disclaimer I am not using Nginx as a webserver so i don't even know if it works with different locations
When I try this configuration nginx does not throw any errors but it doesn't Work. ModSecurity still protects the URL example.com/index.html#!/users