Scribd
Upload
16 views4 pages

Setup HTML Pages With Nginx and Modsecurity

Uploaded by

Mohamed Abdulwahid Elshafie
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
16 views4 pages

Setup HTML Pages With Nginx and Modsecurity

Uploaded by

Mohamed Abdulwahid Elshafie
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 4

Step-by-Step Guide to Install and Configure ModSecurity with Nginx

1. Update and Install Required Packages

First, update your package list and install the necessary dependencies.

• sudo apt update


• sudo apt install git build-essential libpcre3 libpcre3-dev libssl-dev
zlib1g zlib1g-dev
• sudo apt install autoconf automake libtool pkg-config

2. Download and Compile ModSecurity

# Clone ModSecurity repository


• cd /usr/local/src
• sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity

# Build ModSecurity
• cd ModSecurity
• sudo git submodule init
• sudo git submodule update
• sudo ./build.sh
• sudo ./configure
• sudo make
• sudo make install

3. Download and Compile ModSecurity Nginx Connector

# Clone the ModSecurity Nginx connector


• cd /usr/local/src
• sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-
nginx.git

# Download Nginx source


• sudo wget http://nginx.org/download/nginx-1.21.6.tar.gz
• sudo tar -zxvf nginx-1.21.6.tar.gz
• cd nginx-1.21.6

# Compile Nginx with the ModSecurity module


• sudo ./configure --add-module=/usr/local/src/ModSecurity-nginx --with-
http_ssl_module --with-stream
• sudo make
• sudo make install

4. Set Up Nginx Configuration

Create directories for your websites if not already done.

• sudo mkdir -p /var/www/axispay.com


• sudo mkdir -p /var/www/axis-01.com
• sudo mkdir -p /var/www/axis-02.com

Create HTML files for each site.

• echo "<html><body><h1>Welcome to AxisPay</h1></body></html>" | sudo tee


/var/www/axispay.com/index.html
• echo "<html><body><h1>Welcome to Axis 01</h1></body></html>" | sudo tee
/var/www/axis-01.com/index.html
• echo "<html><body><h1>Welcome to Axis 02</h1></body></html>" | sudo tee
/var/www/axis-02.com/index.html

5. Install OWASP Core Rule Set (CRS)

Download and set up the OWASP Core Rule Set.

• cd /etc/nginx
• sudo mkdir modsec
• cd modsec
• sudo git clone --depth 1 https://github.com/coreruleset/coreruleset.git
• sudo cp coreruleset/crs-setup.conf.example /etc/nginx/modsec/crs-
setup.conf
• sudo cp coreruleset/rules/*.conf /etc/nginx/modsec/

6. Configure Nginx for Each Website

Create the main ModSecurity configuration file.

• sudo nano /etc/nginx/modsec/main.conf

Add the following content:

• Include /etc/modsecurity/modsecurity.conf
• Include /etc/nginx/modsec/crs-setup.conf
• Include /etc/nginx/modsec/rules/*.conf

Edit the Nginx configuration files for each website to include ModSecurity.

• sudo nano /usr/local/nginx/conf/nginx.conf

Add the following server blocks for each website:

# AxisPay

server {
listen 80;
server_name axispay.com;

modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

root /var/www/axispay.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

# Axis-01
server {
listen 80;
server_name axis-01.com;

modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

root /var/www/axis-01.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

# Axis-02
server {
listen 80;
server_name axis-02.com;

modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

root /var/www/axis-02.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

7. Test Nginx Configuration

Check the Nginx configuration for syntax errors.

• sudo /usr/local/nginx/sbin/nginx -t

8. Restart Nginx

Restart Nginx to apply the changes.

• sudo /usr/local/nginx/sbin/nginx -s reload


Verify ModSecurity

To verify that ModSecurity is working, you can check the Nginx error log and ModSecurity
audit log. The default location for the ModSecurity audit log is /var/log/modsec_audit.log.

Conclusion

By following these steps, you have installed and configured ModSecurity with Nginx on Ubuntu.
ModSecurity is now enabled for all three websites (axispay.com, axis-01.com, and axis-
02.com), providing a layer of security to protect against common web application attacks.

You might also like