How to install Mod_Security on Nginx

22 篇文章 0 订阅

ModSecurity for Nginx has been available for a while and we can use it freely in our Nginx webserver. ModSecurity was originally deveoped for Apache webserver, but it’s not available to be integrated with Nginx server, even it is in Beta state it works perfectly in our test enviroment. So, let’s see how to install mod_security on Nginx

Let’s start:

Install required dependencies from Github

CentOS/Fedora/RHEL users:

yum install -y gcc make automake autoconf libtool
yum install -y pcre pcre-devel libxml2 libxml2-devel curl curl-devel httpd-devel

Debian/Ubuntu users:

sudo apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev

Download, compile and install mod_security

git clone https://github.com/SpiderLabs/ModSecurity.git mod_security
cd mod_security
./autogen.sh
./configure --enable-standalone-module
make

Compile Nginx from source with modsecurity

wget http://www.nginx.org/download/nginx-1.4.2.tar.gz
tar -xvpzf nginx-1.4.2.tar.gz
cd nginx-1.4.2
./configure --add-module=../mod_security/nginx/modsecurity
make
make install

Nginx ModSecurity Configuration

The ModSecurity configuration file must be definded at nginx.conf file, for example:

server {
listen       80;
server_name  localhost;

location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
}

}

If you need to have custom rules for your mod_security applied to different directories in your website, you can create new mod_security.conf files, for example:

 location /secured {
   ModSecurityConfig modsecurity3.conf; 
   proxy_pass http://secured.mysite.com/;
   proxy_read_timeout 180s;
 }

Or you can even turn off mod_security for one directory in particular:

 location /unsecured/ {
   ModSecurityEnabled off;
   proxy_pass http://unsecured.mysite.com/;
   proxy_read_timeout 180s;
 }

Restart Nginx to apply the changes:

service nginx restart

Popular search terms:

  • modsecurity nginx
  • nginx mod_security
  • mod_security nginx
  • mod_security nginx debian

SecDefaultAction "deny,phase:2,status:403"

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值