How to install and configure ModSecurity on NGINX-CentOS

“Web applications – yours, mine, everyone’s  – are terribly insecure on average. We struggle to keep up with the security issues and need any help we can get to secure them.” – Ivan Ristić, creator of ModSecurity

Today I wanna show you how to install Modsecurity on CentOS 7 and then how to configure it on NGINX .

1.First we should Install dependency and required packages:

# yum install -y autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev

2.then we should update repository to install NGINX

# yum install https://extras.getpagespeed.com/release-el7-latest.rpm -y

3.Now we start to install NGINX

# yum install nginx

# service nginx start


4. In this step we start to install ModSecurity

# yum install nginx-module-security


5.Add the plugin to the nginx configuration file located in /etc/nginx/nginx.conf

load_module modules/ngx_http_modsecurity_module.so;

6. Create a file in /etc/nginx/modsec/main.conf and add following text

This is a simple test for droping a request

# From https://github.com/SpiderLabs/ModSecurity/blob/master/
# modsecurity.conf-recommended
#
# Edit to set SecRuleEngine On
Include "/etc/nginx/modsecurity.conf"

# Basic test rule
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"


7. Add following configuration into website configuration file located in /etc/nginx/conf.d/ and in server section

server {
    # ...
    modsecurity on;
    modsecurity_rules_file /etc/nginx/modsec/main.conf;
}

8.Now you can restart NGINX and test ModSecurity with a simple injection query

# service nginx restart
# curl localhost?testparam=test

Leave a Reply

Your email address will not be published. Required fields are marked *

83 + = 90