Tutorial Nginx - Modsecurity installation [ Step by step ]

Would you like to learn how to install the Nginx Modsecurity feature? In this tutorial, we are going to configure the Nginx Modsecurity feature on a computer running Ubuntu Linux.

• Ubuntu 18
• Ubuntu 19
• Ubuntu 20
• Nginx 1.18.0
• ModSecurity 3.0.4

Equipment list

The following section presents the list of equipment used to create this tutorial.

As an Amazon Associate, I earn from qualifying purchases.

Nginx - Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Nginx.

Tutorial Nginx - ModSecurity installation

Install the Nginx server.

Copy to Clipboard

Install the required packages.

Copy to Clipboard

Install the software named SSDEP.

Copy to Clipboard

Download the latest version of ModSecurity.

Copy to Clipboard

Compile and install ModSecurity.

Copy to Clipboard

Download the latest version of the Nginx connector for ModSecurity.

Copy to Clipboard

Verify the version of Nginx installed on your system.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Download the source code of the same version of Nginx installed on your system.

Copy to Clipboard

Compile and install the Nginx connector.

Copy to Clipboard

Download and install the ModSecurity Core Rule Set.

Copy to Clipboard

Congratulations! You have finished the ModSecurity installation on the Nginx server.

Tutorial Nginx - ModSecurity configuration

Edit the Nginx configuration file.

Copy to Clipboard

Add the following line in the Nginx configuration file.

Copy to Clipboard

Here is the file before our configuration.

Copy to Clipboard

Here is the file after our configuration.

Copy to Clipboard

Create a directory named Modsec and copy the required configuration files.

Copy to Clipboard

Edit the ModSecurity configuration file.

Copy to Clipboard

Locate the following lines.

Copy to Clipboard

Change these lines to the following configuration.

Copy to Clipboard

Here is the file after our configuration.

Copy to Clipboard

SecRuleEngine On
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
     "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
SecRule REQUEST_HEADERS:Content-Type "application/json" \
     "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:400, \
msg:'Multipart request body failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \
    "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecRule TX:/^MSC_/ "!@streq 0" \
        "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
SecTmpDir /tmp/
SecDataDir /tmp/
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/nginx/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile unicode.mapping 20127
SecStatusEngine On

Create a file to enable ModSecurity to use the installed CRS rules.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Edit the Nginx configuration file for the default website.

Copy to Clipboard

Add the following line in the Nginx configuration file.

Copy to Clipboard

Here is the file before our configuration.

Copy to Clipboard

Here is the file after our configuration.

Copy to Clipboard

Restart the Nginx service.

Copy to Clipboard

Optionally, use your browser to send a test request to the Nginx server.

After sending a test request, verify the ModSecurity log

Copy to Clipboard

Congratulations! You have finished the ModSecurity configuration on the Nginx server.

Nginx - Modsecurity installation

Nginx - Modsecurity installation

Equipment list

Nginx - Related Tutorial:

Tutorial Nginx - ModSecurity installation

Tutorial Nginx - ModSecurity configuration

Related Posts