Categories
  • Linux server 48
  • Apache 23
  • Security 19
  • WordPress 18
  • Почта 14
  • Nginx 14
  • bash 14
  • MySQL 11
  • WHM/cPanel 9
  • Plesk 9
  • мониторинг 9
  • PHP 9
  • Jenkins 8
  • Ubuntu Linux 7
  • IIS 7
  • Other CMS 7
  • Clusters 6
  • Windows Server 5
  • FTP 5
  • Windows server 5
  • MSSQL Server 5
  • Joomla 4
  • CentOS 4
  • HaProxy 4
  • Email 4
  • Terraform 4
  • SSL 3
  • FromHabrSandbox 3
  • Varnish 3
  • Perl 3
  • Clouds 3
  • Linux Server 3
  • AWS 3
  • Python 2
  • nginx 2
  • jQuery 2
  • Docker 2
  • RackSpace 2
  • git 2
  • Control Panels 1
  • DNS MX 1
  • Magento 1
  • Active Directory 1
  • Javascript 1
  • Tomcat 1
  • Балансировка нагрузки 1
  • SQL Server 1
  • Linux_server 1
  • Mail 1
  • Мониторинг 1
  • Puppet 1
  • Windows 1
  • WHM 1
  • cPanel 1
  • Archive 1
  • DevOps 1
  • cloudflare 1

    • Install modsecurity for Nginx

    ModSecurity is a kind of firewall for Apache, Nginx and IIS. This is a module that provides a set of rules for filtering traffic. This is a must have module for any server.

    On December 19, 2013 version 2.7.7 was released. It is the most current at the time of this writing. We will collect from source and configure Nginx for the web server.

    On October 6, 2019, a newer version is available - 2.9.3. Without checking it for performance I will not update the article.

    Oddly enough you first need to compile mod_security itself and then include it when compiling Nginx. Unfortunately mod_security cannot be connected to an already installed Nginx server. Nginx must be compiled with this module.

    Install what we need:

    yum install libxml2 libxml2-devel httpd-devel libcurl-devel pcre-devel

    When installing anything from source I create the /root/install folder and work in it:

    mkdir /root/install
cd /root/install

    Download the archive with mod_security source code:

    wget https://www.modsecurity.org/tarball/2.7.7/modsecurity-apache_2.7.7.tar.gz
tar xf modsecurity-apache_2.7.7.tar.gz
cd modsecurity-apache_2.7.7

    Install:

    ./configure -enable-standalone-module
make
make install

    This step will generate source files that can be used to build nginx. It will be in the folder:

    nginx/modsecurity/

    Instructions to install nginx from source can be found here. I hope you are not too lazy and take a look so I do not copy the entire instruction here.

    You need to follow all the steps of this note and at the configuration stage (executing ./configure) add this to the line:

    -add-module=/root/install/modsecurity-apache_2.7.7/nginx/modsecurity/

    For this experiment, I omitted the geo_ip module connection and the resulting Nginx configuration line looked like this:

    ./configure -prefix=/etc/nginx -user=nginx -group=nginx -with-http_ssl_module -with-http_spdy_module -with-http_realip_module -with-http_gzip_static_module -with-http_auth_request_module -with-http_perl_module -http-log-path=/ var/log/nginx/ **-add-module=/root/install/modsecurity-apache_2.7.7/nginx/modsecurity**

    Next, copy the proposed settings file to the nginx folder:

    cp /root/install/modsecurity-apache_2.7.7/modsecurity.conf-recommended /etc/nginx/conf/modsecurity.conf

    It is included with the following lines in the location description:

    location / {
  ModSecurityEnabled on;
  ModSecurityConfig modsecurity.conf;
  ModSecurityPass @backend;
}

    You May Also Enjoy

    GIT cheatsheet

    This is one of the cheetsheets I have at this website. The primary purpose of this one is to collect all usefull commands you might need in your daily work. ...