Website and Web application security can be a challenging task for any system administrator. There aremany open-source tools available to secure your website from DDoS attacks. ModSecurity is a free and open-source Web Application Firewall (WAF) that protects your website from several types of attacks, including cross-site scripting (XSS), SQL injection, session hijacking, and many more.
In this tutorial, I will show you how to install ModSecurity with Nginx on Ubuntu 22.04.
Useful Links:
VPS/VDS –
Commands Used:
apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev -y
wget
tar -xvzf modsecurity-v3.0.8.tar.gz
cd modsecurity-v3.0.8
./build.sh
./configure
make
make install
cd ~
git clone
wget
tar xzf nginx-1.20.2.tar.gz
useradd -r -M -s /sbin/nologin -d /usr/local/nginx nginx
cd nginx-1.20.2
./configure –user=nginx –group=nginx –with-pcre-jit –with-debug –with-compat –with-http_ssl_module –with-http_realip_module –add-dynamic-module=/root/ModSecurity-nginx –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log
make
make modules
make install
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
nginx -V
cp ~/modsecurity-v3.0.8/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
cp ~/modsecurity-v3.0.8/unicode.mapping /usr/local/nginx/conf/
cp /usr/local/nginx/conf/nginx.conf{,.bak}
nano /usr/local/nginx/conf/nginx.conf
load_module modules/ngx_http_modsecurity_module.so;
user nginx;
worker_processes 1;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name nginx.example.com;
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
access_log /var/log/nginx/access_example.log;
error_log /var/log/nginx/error_example.log;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
sed -i ‘s/SecRuleEngine DetectionOnly/SecRuleEngine On/’ /usr/local/nginx/conf/modsecurity.conf
cd
git clone /usr/local/nginx/conf/owasp-crs
cp /usr/local/nginx/conf/owasp-crs/crs-setup.conf{.example,}
echo -e “Include owasp-crs/crs-setup.conf
Include owasp-crs/rules/*.conf” /usr/local/nginx/conf/modsecurity.conf
nginx -t
nano /etc/systemd/system/nginx.service
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g ‘daemon on; master_process on;’
ExecStart=/usr/local/nginx/sbin/nginx -g ‘daemon on; master_process on;’
ExecReload=/usr/local/nginx/sbin/nginx -g ‘daemon on; master_process on;’ -s reload
ExecStop=-/sbin/start-stop-daemon –quiet –stop –retry QUIT/5 –pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start nginx
systemctl enable nginx
systemctl status nginx
curl localhost?doc=/bin/ls
html
headtitle403 Forbidden/title/head
body
centerh1403 Forbidden/h1/center
hrcenternginx/1.20.2/center
/body
/html
tail /var/log/modsec_audit.log
[ad_2]
source
