Quantcast
Channel: Athmane Madjoudj blog
Viewing all articles
Browse latest Browse all 20

Getting started with ModSecurity for Nginx

$
0
0

This is a quick guide on how to install nginx with mod_security and enable core rules set, this setup can also be used to protect your backend servers by running nginx as reverse proxy and achieve both greater performance and security.

The initial setup:

On Fedora:

# cd /etc/yum.repo.d/
# curl -O 'http://repos.fedorapeople.org/repos/athmane/nginx-mod_security/fedora-nginx-mod_security.repo'
On EL6:

# cd /etc/yum.repo.d/
# curl -O 'http://repos.fedorapeople.org/repos/athmane/nginx-mod_security/epel-nginx-mod_security.repo'
Install the packages:

# yum install nginx mod_security_crs

Make sure you get the version of nginx with mod_security (it has modsec_VERSION in release tag).

Generate mod_security rules:

# cp /etc/nginx/mod_security.conf /etc/nginx/mod_security.conf.default
# cat /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf \
/etc/httpd/modsecurity.d/activated_rules/modsecurity_*.conf >> /etc/nginx/mod_security.conf
# cp /etc/httpd/modsecurity.d/activated_rules/modsecurity_*.data /etc/nginx/
NB. I'll think of a better way to handle Core rules set in nginx.

Start nginx:
On Fedora:

# systemctl start nginx
On EL6:

# service nginx start

Viewing all articles
Browse latest Browse all 20

Trending Articles