Custom error page not shown when ModSecurity found something. #76
Description
Hi All,
I want to show a custom error page to our clients, when and only when our WAF block their request.
Something like: Your request made something nasty. If you think this was a false positive alert, please contact with our support.
Our current configuration:
Nginx: 1.12.0
Modsecurity: v3/master
Modsecurity-nginx: master
An example Nginx config:
worker_processes auto;
events {
worker_connections 1024;
use epoll;
}
http {
server {
listen 80 default_server;
server_name localhost;
# Error page will be shown, but nothing will be logged.
error_page 403 404 /40x.html;
location = /40x.html {
# If I add the same ModSecurity configurations here too, then it will auditlog for this location too,
# but the default Nginx error page will be shown.
# And it will not work as expected, if multiple ModSecurity rule configuration is used.
modsecurity On;
root /srv/http;
internal;
modsecurity_rules '
SecRuleEngine On
SecAuditEngine On
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /tmp/modsec_audit.log
SecDebugLog "/tmp/debug_log.txt"
SecDebugLogLevel 9
SecRule ARGS "test" "log,id:1,block,deny,status:403"
';
}
location / {
# If ModSecurity found something, error page will not shown,
# if custom error page defined here.
# But logging will be ok.
error_page 403 404 /40x.html;
location = /40x.html {
root /srv/http;
internal;
}
modsecurity On;
modsecurity_rules '
SecRuleEngine On
SecAuditEngine On
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /tmp/modsec_audit.log
SecDebugLog "/tmp/debug_log.txt"
SecDebugLogLevel 9
SecRule ARGS "test" "log,id:1,block,deny,status:403"
';
}
}
}
I already tried:
https://github.com/SpiderLabs/ModSecurity/issues/1459
https://github.com/SpiderLabs/ModSecurity-nginx/issues/55