Frequently Asked Questions
Question: How can I test if open-appsec detects/prevents attacks correctly after enabling it for one of my proxy host objects in NGINX Proxy Manager?
You can append the following to your http(s) requests to simulate an attack which should be detected/prevented by open-appsec:
?shell_cmd=cat/etc/passwd
Example: http://localhost/?shell_cmd=cat/etc/passwd
Question: How can I check the status of my open-appsec agent?
You can run the command open-appsec-ctl -s
inside the appsec-agent container:
docker exec appsec-agent open-appsec-ctl -s
Status should be “running” for all services in the list and "Policy load status" should show "Success".
Note that the Http Transaction Handler Nano Service will only switch from “ready” to “running” state after it has received some initial packets from the attachment integrated with NPM's included NGINX reverse proxy.
Here’s an example output:
Question: How can I migrate from an existing installation of NGINX Proxy Manager (NPM) to NPM integrated with open-appsec and keep my existing NPM configuration?
How to Migrate from an Existing NGINX Proxy Manager Deployment and Keep ConfigurationPreviousInstall NGINX Proxy Manager with open-appsec managed from central WebUI (SaaS)NextDocker SWAG
Last updated