“Web applications – yours, mine, everyone’s – are terribly insecure on average. We struggle to keep up with the security issues and need any help we can get to secure them.” – Ivan Ristić, creator of ModSecurity
Today I wanna show you how to install Modsecurity on CentOS 7 and then how to configure it on NGINX .
1.First we should Install dependency and required packages:
# yum install -y autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev
2.then we should update repository to install NGINX
# yum install https://extras.getpagespeed.com/release-el7-latest.rpm -y
3.Now we start to install NGINX
# yum install nginx
# service nginx start
4. In this step we start to install ModSecurity
# yum install nginx-module-security
5.Add the plugin to the nginx configuration file located in /etc/nginx/nginx.conf
load_module modules/ngx_http_modsecurity_module.so;
6. Create a file in /etc/nginx/modsec/main.conf and add following text
This is a simple test for droping a request
# From https://github.com/SpiderLabs/ModSecurity/blob/master/
# modsecurity.conf-recommended
#
# Edit to set SecRuleEngine On
Include "/etc/nginx/modsecurity.conf"
# Basic test rule
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"
7. Add following configuration into website configuration file located in /etc/nginx/conf.d/ and in server section
server {
# ...
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}
8.Now you can restart NGINX and test ModSecurity with a simple injection query
# service nginx restart
# curl localhost?testparam=test