{"id":335551,"date":"2023-06-13T14:13:42","date_gmt":"2023-06-13T21:13:42","guid":{"rendered":"https:\/\/linuxhint.com\/?p=335551"},"modified":"2023-06-25T14:08:52","modified_gmt":"2023-06-25T21:08:52","slug":"nginx-modsecurity","status":"publish","type":"post","link":"https:\/\/linuxhint.com\/nginx-modsecurity\/","title":{"rendered":"Nginx ModSecurity"},"content":{"rendered":"
\nModSecurity is a free and open-source web application firewall module that provides security features for web applications. ModSecurity mainly acts as a filter between the web application and any external entities which helps you to detect, log, or even block various attacks. This can include attacks such as SQL injections, cross-site scripting, remote file inclusions, etc. <\/p>\n

In this tutorial, we will learn the basics of configuring NGINX with ModSecurity. <\/p>\n

Requirements:<\/strong>
\nFor this tutorial, we assume that you have the following:<\/p>\n

    \n
  1. An Ubuntu or Debian-based server<\/li>\n
  2. Installed NGINX on your server<\/li>\n
  3. Sudo or root permissions on your server<\/li>\n<\/ol>\n

    With the given requirements met, we can learn how to install and configure the ModSecurity with NGINX. <\/p>\n

    Install the Necessary Packages<\/h2>\n

    Let’s start by refreshing the system repositories and installing the required dependencies. We can do this by running the following commands:<\/p>\n

    $ sudo<\/span> apt-get update<\/span>
    \n$ sudo<\/span> apt-get install<\/span> git<\/span> libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev libtool<\/div><\/div>\n

    With the given packages installed, we can proceed and clone the ModSecurity repository. <\/p>\n

    Clone the ModSecurity Repo<\/h2>\n

    Start by cloning the ModSecurity GitHub repository with the following command:<\/p>\n

    $ <\/span>git clone<\/span> https:\/\/<\/span>github.com\/<\/span>SpiderLabs\/<\/span>ModSecurity<\/div><\/div>\n

    \"\"<\/p>\n

    Next, navigate into the clone directory with the following command:<\/p>\n

    $ <\/span>cd<\/span> ModSecurity<\/div><\/div>\n

    Next, run the following commands to compile the ModSecurity:<\/p>\n

    $ <\/span>.\/<\/span>build.sh<\/div><\/div>\n

    \"\"<\/p>\n

    Finally, run the \u201cmake\u201d and \u201cmake install\u201d commands as shown in the following:<\/p>\n

    $ .\/<\/span>configure
    \n$ make<\/span>
    \n$ sudo<\/span> make<\/span> install<\/span><\/div><\/div>\n

    Once completed, we can proceed and configure NGINX with ModSecurity.<\/p>\n

    Install the ModSecurity-Nginx Connector<\/h2>\n

    The next step is to install the ModSecurity-Nginx connector which allows us to integrate the ModSecurity with the NGINX server. <\/p>\n

    Change to the root directory and clone the connector repository.<\/p>\n

    cd<\/span> .. &&<\/span> git clone<\/span> https:\/\/<\/span>github.com\/<\/span>SpiderLabs\/<\/span>ModSecurity-nginx.git<\/div><\/div>\n

    Once completed, change to the NGINX source directory and run the following commands to compile the connector:<\/p>\n

    $ .\/<\/span>configure --add-dynamic-module<\/span>=..\/<\/span>ModSecurity-nginx
    \n$ make<\/span>
    \n$ sudo<\/span> make<\/span> install<\/span><\/div><\/div>\n

    \"\"<\/p>\n

    You can download the NGINX source as shown in the following:<\/p>\n

    $ wget<\/span> http:\/\/<\/span>nginx.org\/<\/span>download\/<\/span>nginx-1.25.0.tar.gz
    \n$ tar<\/span> zxvf nginx-1.25.0.tar.gz
    \n$ cd<\/span> nginx-1.25.0<\/div><\/div>\n

    We can enable the ModSecurity feature once we have NGINX compiled with ModSecurity. <\/p>\n

    Enable the ModSecurity<\/h2>\n

    Start by heading over to the ModSecurity directory and copy the \u201cunicode.mapping\u201d file to the \/etc\/nginx directory.<\/p>\n

    $ <\/span>cd<\/span> ..\/<\/span>ModSecurity &&<\/span> sudo<\/span> cp<\/span> unicode.mapping \/<\/span>etc\/<\/span>nginx\/<\/span><\/div><\/div>\n

    Next, move to the ModSecurity configuration directory and copy the ModSecurity configuration files to the \/etc\/nginx directory:<\/p>\n

    $ cd<\/span> modsecurity
    \n$ sudo<\/span> cp<\/span> modsecurity.conf-recommended \/<\/span>etc\/<\/span>nginx\/<\/span>modsecurity.conf
    \n$ sudo<\/span> cp<\/span> unicode.mapping \/<\/span>etc\/<\/span>nginx\/<\/span><\/div><\/div>\n

    Modify the NGINX Configuration<\/h2>\n

    Once completed, modify the NGINX configuration file to include the ModSecurity. For example, add the following commands in the http block:<\/p>\n

    modsecurity on;
    \nmodsecurity_rules_file \/<\/span>etc\/<\/span>nginx\/<\/span>modsecurity.conf;<\/div><\/div>\n

    An example configuration file is as follows:<\/p>\n

    http {<\/span>
    \n    modsecurity on;
    \n    modsecurity_rules_file \/<\/span>etc\/<\/span>nginx\/<\/span>modsecurity.conf;
    \n
    \n    server {<\/span>
    \n        listen 80<\/span>;
    \n        server_name localhost;
    \n
    \n        location \/<\/span> {<\/span>
    \n            root html;
    \n            index index.html index.htm;
    \n        }<\/span>
    \n    }<\/span>
    \n}<\/span><\/div><\/div>\n

    Save the file and close the editor. Once completed, restart the NGINX service with the following command:<\/p>\n

    $ <\/span>sudo<\/span> service nginx restart<\/div><\/div>\n

    To confirm that ModSecurity is running with NGINX, run the following command:<\/p>\n

    $ <\/span>nginx -V<\/span> 2<\/span>>&<\/span>1<\/span> |<\/span> grep<\/span> -o<\/span> with-http_modsecurity_module<\/div><\/div>\n

    Output<\/strong>:<\/p>\n

    with-http_modsecurity_module<\/div><\/div>\n

    Conclusion<\/h2>\n

    This tutorial taught us how to compile and configure the ModSecurity WAF with the Nginx web server in simple steps. It is good to remember that the steps that are outlined in this post configure the fundamentals with basic ModSecurity features. Consider checking the documentation for extensive rules and configuration to secure your web server.\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

    Tutorial on the basics of configuring NGINX with ModSecurity and how to compile and configure the ModSecurity WAF with the NGINX web server in simple steps.<\/p>\n","protected":false},"author":111,"featured_media":335556,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1987],"tags":[],"class_list":["post-335551","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/posts\/335551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/users\/111"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/comments?post=335551"}],"version-history":[{"count":0,"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/posts\/335551\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/media\/335556"}],"wp:attachment":[{"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/media?parent=335551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/categories?post=335551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxhint.com\/wp-json\/wp\/v2\/tags?post=335551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}