install and configure modsecurity in nginx

How To Install & Configure Modsecurity in Nginx

Modsecurity protects websites from malicious attacks and security threats. Here’s how to install and configure modsecurity in NGINX.


How to install modsecurity in NGINX

Here are the steps to install and setup modsecurity in NGINX. Please note, if you need to install modsecurity, you need to compile it with NGINX source code.


1. Install Prerequisites

Open terminal and run the following command to install prerequisites for modsecurity

CentOS/Redhat

#yum groupinstall -y "Development Tools"
#yum install -y httpd httpd-devel pcre pcre-devel libxml2 libxml2-devel curl curl-devel openssl openssl-devel

Debian/Ubuntu

$ sudo apt-get install -y git build-essential libpcre3 libpcre3-dev libssl-dev libtool autoconf apache2-dev libxml2-dev libcurl4-openssl-dev automake pkgconf

Bonus Read : How to Enable NGINX status page


2. Download NGINX and Modsecurity

Download NGINX and modsecurity with following commands. Update the NGINX version as per your requirement

$ wget http://nginx.org/download/nginx-1.9.15.tar.gz
$ gunzip -c nginx-1.9.15.tar.gz | tar xvf –

You will see a new folder nginx-1.9.15 created.

$ wget https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
$ gunzip -c modsecurity-2.9.1.tar.gz | tar xvf –

You will see a new folder modsecurity-2.9.1 created.

Bonus Read : How to Install Varnish in NGINX


3. Install NGINX with Modsecurity

Run the following commands to compile modsecurity

$ cd modsecurity-2.9.1
$ ./configure --enable-standalone-module 
$ make

Run the following commands to compile and install NGINX with modsecurity.

$ cd nginx-1.9.15
$ ./configure --add-module=../modsecurity-2.9.1/nginx/modsecurity
$ make
$ make install

This will install NGINX with modsecurity.

Bonus Read : Step by Step NGINX SSL configuration


4. Configure modsecurity

First, we need to copy 2 modsecurity configuration files modsecurity.conf-recommended and unicode.mapping to the same folder as our nginx.conf file (e.g /usr/local/nginx/conf).

You will find these 2 files in modsecurity folder that was created in step 2. Run the following commands to copy the 2 configuration files. Replace the folder path below as per your requirement. For our example, let us say our folder was created in /home/

$ cp /home/modsecurity-2.9.1/modsecurity.conf-recommended /usr/local/nginx/conf/
$ cp /home/modsecurity-2.9.1/unicode.mapping /usr/local/nginx/conf/

We will also rename modsecurity.conf-recommended to modsecurity.conf

$ mv /usr/local/nginx/conf/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf

Open nginx.conf file and add the following lines to location / block

ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;

So your location block will look like

location / {
   ...
   ModSecurityEnabled on;
   ModSecurityConfig modsecurity.conf;
}

Bonus Read : How to Prevent Image Hotlinking in NGINX

5. Restart NGINX Server

Run the following command to check syntax of your updated config file.

$ sudo nginx -t

If there are no errors, run the following command to restart NGINX server.

$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos

Bonus Read : How to Harden NGINX Server

6. Verify Modsecurity Installation

Run the following command to verify modsecurity installation.

$ nginx -v

If modsecurity is successfully installed and enabled, you will see modsecurity mentioned in the output.

nginx version: nginx/1.9.15 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) configure arguments: --add-module=../modsecurity-2.9.1/nginx/modsecurity

That’s it! Hopefully, the above tutorial will help you install & configure modsecurity in NGINX.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!