How to get the remote hostname resolved through DNS when using Nginx and ModSecurity?

Ronaldo asked:

The question mod_security with OWASP CRS: Custom rule for whitelisting googlebot provides the following rule as the answer to verify the client’s DNS:

SecRule REMOTE_HOST “@rx google(bot|)\.com$” “id:50000,nolog,allow”

This rule was meant to be used on ModSecurity with Apache and required the directive HostnameLookups On configured on Apache. The MODSECURITY HANDBOOK says:

REMOTE_HOST
If the Apache directive HostnameLookups is set to On, then this variable will hold the remote hostname resolved through DNS.
If the directive is set to Off, this variable will hold the remote IP
address (same as REMOTE_ADDR). Possible uses for this variable include
denying known bad client hosts or network blocks or, conversely,
allowing authorized hosts in.

When using Nginx as reverse proxy without Apache is there a way to make REMOTE_HOST return the hostname resolved through DNS?

My answer:


The remote IP address is already in the nginx variable $remote_addr and the ModSecurity variable REMOTE_ADDR. The reference manual says:

REMOTE_ADDR

This variable holds the IP address of the remote client.

SecRule REMOTE_ADDR "@ipMatch 192.168.1.101" "id:35"


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.