In one of my previous notes I wrote about firewalling web applications using NAXSI WAF. In this post I'll write small howto on getting ModSecurity module to work with Nginx webserver.

In order to get ModSecurity working with Nginx, it is required to compile both in a right order using appropriate source. Download sources for ModSecurity, the ones called ModSecurity-nginx_refactoring, compile it as a standalone module, and then download, build Nginx with enabled ModSec module. 

Prepare ModSecurity

$ wget https://github.com/SpiderLabs/ModSecurity/archive/nginx_refactoring.zip
$ unzip nginx_refactoring.zip
$ cd ModSecurity-nginx_refactoring/
$ ./autogen.sh
$ ./configure --enable-standalone-module --disable-mlogc && make

It is important to get the ModSecurity's sources from "nginx_refactoring" branch for stability purposes, to avoid such situations like:

[alert] 10721#0: worker process 10723 exited on signal 11

Especially when using proxy_pass this situation can be happening all the time. So after testing a different ModSec versions, branches, the one - nginx_refactoring - seems to be solid stable with recent stable Nginx.

Build Nginx

$ wget http://nginx.org/download/nginx-1.8.0.tar.gz
$ tar -xzf nginx-1.8.0.tar.gz
$ cd nginx-1.8.0/
$ ./configure --user=www-data --group=www-data --with-pcre-jit --with-ipv6 --add-module=/path/to/ModSecurity-nginx_refactoring/nginx/modsecurity/ --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-poll_module --with-file-aio --with-http_auth_request_module --with-http_secure_link_module --with-http_stub_status_module --with-http_perl_module --with-ld-opt="-Wl,-E" --with-pcre --with-md5-asm --with-sha1-asm  --with-zlib-asm=CPU --with-libatomic

At this point please adjust configure flags to suit your needs. Notice that we pass here absolute path to ModSec directory. Next step is to compile and install binaries.

$ make
# make install

Enable ModSec in Nginx

When we have builded Nginx with ModSec support, last step is to enable it in our configuration file. Usually it is nginx.conf located in /etc/nginx/ dir.

Copy cfg file for ModSec from its sources dir into Nginx's cfg dir.

# cp /path/to/ModSecurity-nginx_refactoring/modsecurity.conf-recommended /etc/nginx/modsecurity.conf

Now In the server's section add smth like below:

server {
ModSecurityEnabled on;
ModSecurityConfig /etc/nginx/modsecurity.conf;

Remember that per location you can always disable ModSecurity if you really want it. Or enable ModSecurity only for a specific location, or use a different ModSec cfg file in there.

ModSecurityEnabled off;

And that is it. For more info you could go to SpidersLabs reference manual page.

Currently unrated


There are currently no comments

New Comment


required (not published)