Description
Describe the bug
The latest version of nginx, I built my own docker image and used GitHub workflow to automatically execute it. Turning on modsecurity in the newly built nginx image will cause page loading errors. Turning off modsecurity will restore to normal.
As long as waf is turned on, the page will be messed up. I checked the waf warehouse and it has not been updated, but the nginx image has been updated. I hope it can be fixed. I did not have this problem when I built it in early January. Today, the page is messed up after turning on waf. This is how I build the image: https://github.com/kejilion/docker/blob/main/nginx/Dockerfile-waf
Logs and dumps
I just didn't see any relevant error logs. At first I thought it was WAF interception that caused the page display to be disordered, but there was no interception log, nor in the nginx log.
To Reproduce
https://github.com/kejilion/nginx/blob/main/nginx10.conf
https://github.com/kejilion/nginx/blob/main/wordpress.com.conf
Expected behavior
The version of nginx at the beginning of the month does not have page confusion when WAF is enabled, but the docker image built today will have problems. The build method is exactly the same as before. I hope it will return to normal and display the page content correctly.
Additional context
/ # nginx -V
nginx version: nginx/1.27.3
built by gcc 13.2.1 20240309 (Alpine 13.2.1_git20240309)
built with OpenSSL 3.3.0 9 Apr 2024 (running with OpenSSL 3.3.2 3 Sep 2024)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-Os -fstack-clash-protection -Wformat -Werror=format-security -g' --with-ld-opt=-Wl,--as-needed,-O1,--sort-common
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Development
Participants
Activity
airween commentedon Jan 23, 2025
Hi @kejilion,
seems like this issue is the same as other users ran into and described in ModSecurity-nginx issue #336. Please take a look at that, and if you think it's the same, close this issue.
kejilion commentedon Jan 23, 2025
Thank you for giving me hope. Thank you very much. I hope it can be fixed or a solution can be provided soon.
ne20002 commentedon Jan 28, 2025
I ran into this today with the latest nginx version from docker hub.
I worked around by going back to the version 4.10-nginx-202501050801. Having this problem existing in a version published on docker hub is unfortunate.
ksmv-7 commentedon Jan 29, 2025
Hi everyone,
Anyone here would have an explanation how comes we get the output from the screenshot when modsecurity is on but if it off everything works correctly? The catch is that our nginx docker image is 1.23.1-alpine and we are using the ModSecurity tag 3.0.8 => both versions being from 2 years ago.
My issue looks similar to what OP has but my version are way too old, so I cannot explain or fix it.
airween commentedon Jan 29, 2025
@ksmv-7,
which versions do you think? Libmodsecurity3 (which is old with version 3.0.8, indeed), and what? Nginx connector?
Anyway, it does not matter really, if those are too old, then I'm afraid nobody can help. Perhaps you should upgrade to the newest released versions, both libmodsecurity3 and the connector.
adiva2433 commentedon Jan 29, 2025
@ksmv-7 we also face it its related to https://github.com/SpiderLabs/ModSecurity something had been change and we cant figure out why its suddenly happen
ksmv-7 commentedon Jan 29, 2025
@airween I am saying that we build and image from nginx:1.23.1-alpine which is an image from 2 years ago. In the build process we git clone this repository using the tag v3.0.8 which is also from 3 years ago. OP is using latest versions but we have pretty much the same issue, hence I am wondering how is it possible that on the old versions I am using I am getting what OP describes for the latest versions.
Indeed, we might upgrade our versions, which I initially tried in order to solve my issue but it didn't solve it anyway.
ksmv-7 commentedon Jan 29, 2025
@adiva2433 Yup, started happening all of a sudden without any major code changes nor any changes to the build process at all. Are you also using old versions?
adiva2433 commentedon Jan 29, 2025
@ksmv-7 yes we use old version
airween commentedon Mar 10, 2025
Can we close this issue?
kejilion commentedon Mar 11, 2025
Can you help me shut it down? I don't know how to do it.
airween commentedon Mar 12, 2025
I think if you upgrade libmodsecurity3 library to 3.0.14, then this issue will disappear.