This is what the clients sees. In this case the client was Chrome 32.0.1700.77.
Modsec on, Custom-Header is not passed
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Wed, 04 Jun 2014 18:07:40 GMT
Content-Type: application/json
Content-Length: 36
Connection: keep-alive
Modsec off, Custom-Header is passed
HTTP/1.1 200 OK
Server: nginx/1.6.0
Date: Wed, 04 Jun 2014 18:20:02 GMT
Content-Type: application/json
Content-Length: 36
Connection: keep-alive
Custom-Header: y-u-no-work
| --776f9600-A-- | |
| [04/Jun/2014:14:17:24 --0400] PJAcAcAcAcAcA7AcAcAcucAc 10.168.32.81 45348 127.0.0.1 80 | |
| --776f9600-B-- | |
| GET / HTTP/1.1 | |
| Host: 192.168.19.240 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 | |
| User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36 | |
| DNT: 1 | |
| Accept-Encoding: gzip,deflate,sdch | |
| Accept-Language: en-CA,en;q=0.8,en-US;q=0.6 | |
| --776f9600-F-- | |
| HTTP/1.1 200 OK | |
| Custom-Header: y-u-no-work | |
| Content-Type: application/json | |
| Content-Length: 36 | |
| Connection: keep-alive | |
| --776f9600-H-- | |
| Apache-Handler: IIS | |
| Stopwatch: 1401905844000836 844171 (- - -) | |
| Stopwatch2: 1401905844000836 844171; combined=27, p1=0, p2=0, p3=0, p4=0, p5=25, sr=0, sw=2, l=0, gc=0 | |
| Producer: ModSecurity for nginx (STABLE)/2.8.0 (http://www.modsecurity.org/). | |
| Server: ModSecurity Standalone | |
| --776f9600-Z-- |
| [04/Jun/2014:14:17:24 --0400] [/sid#7f48299ed0a0][rid#7f48299d70a0][/][4] Initialising transaction (txid PJAcAcAcAcAcA7AcAcAcucAc). | |
| [04/Jun/2014:14:17:24 --0400] [/sid#7f48299ed0a0][rid#7f48299d70a0][/][4] Transaction context created (dcfg 7f48299ed980). | |
| [04/Jun/2014:14:17:24 --0400] [/sid#7f48299ed0a0][rid#7f48299d70a0][/][4] Processing disabled, skipping (hook request_early). | |
| [04/Jun/2014:14:17:24 --0400] [/sid#7f48299ed0a0][rid#7f48299d70a0][/][4] Initialising logging. | |
| [04/Jun/2014:14:17:24 --0400] [/sid#7f48299ed0a0][rid#7f48299d70a0][/][4] Starting phase LOGGING. | |
| [04/Jun/2014:14:17:24 --0400] [/sid#7f48299ed0a0][rid#7f48299d70a0][/][4] Recording persistent data took 0 microseconds. | |
| [04/Jun/2014:14:17:24 --0400] [/sid#7f48299ed0a0][rid#7f48299d70a0][/][4] Audit log: Logging this transaction. |
| SecRuleEngine Off | |
| # Logging | |
| SecAuditEngine On | |
| SecAuditLog /usr/local/nginx/logs/modsec_audit.log | |
| SecAuditLogType Serial | |
| SecAuditLogStorageDir /tmp | |
| SecAuditLogParts ABIJDEFHZ | |
| # TEMP | |
| SecDataDir /tmp | |
| SecDebugLog /usr/local/nginx/logs/modsec_debug.log | |
| SecDebugLogLevel 9 |
| daemon off; | |
| master_process off; | |
| worker_processes 1; | |
| error_log logs/error.log; | |
| error_log logs/error.log notice; | |
| error_log logs/error.log info; | |
| pid logs/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include mime.types; | |
| default_type application/octet-stream; | |
| server { | |
| listen 80; | |
| access_log logs/access.log; | |
| location / { | |
| ModSecurityEnabled off; | |
| ModSecurityConfig modsecurity.conf; | |
| proxy_pass http://backend-server.domain.local:5101; | |
| } | |
| } | |
| } |
Here is my bash history from set up. Edited for brevity.
74 wget https://www.modsecurity.org/tarball/2.8.0/modsecurity-2.8.0.tar.gz
77 tar xvzf modsecurity-2.8.0.tar.gz
80 cd modsecurity-2.8.0
83 ./configure --enable-standalone-module
87 make
88 make install
89 cd ..
91 wget http://nginx.org/download/nginx-1.6.0.tar.gz
94 tar xvzf nginx-1.6.0.tar.gz
96 cd nginx-1.6.0
98 ./configure --add-module=../modsecurity-2.8.0/nginx/modsecurity/
99 make
100 make install