I am a developer providing an Nginx plugin to the popular cPanel control panel and has been providing Nemesida( free) as an option along with Mod_sec3 for installation along with the Nginx RPM's I provide. I had a couple of questions
1. Do you have any plans to revoke the free module in future? I am asking this because I know that monetization is a requirement for any company and its fair too.
Also since its not a fully Open Source project, I am sure you alone is putting a lot of effort in this and unless it gets rewarded it is not sustainable
2. Since my plugin is mostly used in the web hosting industry, it is common to have servers with more than 4000 vhost .Nginx config test, reload,restart etc slows down a lot with such high number of vhost and mod_sec3 cannot even be used with vhost numbers higher than 20-30 .I have seen Nemesida is better, but enabling Nemesida slows down Nginx reload/restart/config test etc, so far it is acceptable upto 30-40 vhosts and I havent been able to test this on anything beyond as the servers are all production and cant compromise on uptime. Have you considered the impact of loading the plugin on such high number of configs ( lots of config files to parse )
3. Is there a way I can have the nwaf log be written to a custom log file and not the standard nginx error log?
4. Is there a way to have nwaf off by default and can be turned up on a per vhost level in the server {} context
1. Do you have any plans to revoke the free module in future? I am asking this because I know that monetization is a requirement for any company and its fair too.
Also since its not a fully Open Source project, I am sure you alone is putting a lot of effort in this and unless it gets rewarded it is not sustainable
2. Since my plugin is mostly used in the web hosting industry, it is common to have servers with more than 4000 vhost .Nginx config test, reload,restart etc slows down a lot with such high number of vhost and mod_sec3 cannot even be used with vhost numbers higher than 20-30 .I have seen Nemesida is better, but enabling Nemesida slows down Nginx reload/restart/config test etc, so far it is acceptable upto 30-40 vhosts and I havent been able to test this on anything beyond as the servers are all production and cant compromise on uptime. Have you considered the impact of loading the plugin on such high number of configs ( lots of config files to parse )
3. Is there a way I can have the nwaf log be written to a custom log file and not the standard nginx error log?
4. Is there a way to have nwaf off by default and can be turned up on a per vhost level in the server {} context