How to Install ModSecurity in Nginx on Ubuntu 18.04 20.4 22.04 & Debian

  Security, Web servers
Install and configure the ModSecurity in Nginx on Ubuntu & Debian

ModSecurity is an open source, web application firewall (WAF) designed to protect web applications from malicious attacks. It is designed to protect web applications from layer 7 (application layer) attacks such as SQL injection, cross-site scripting (XSS), and many other types of attacks. In this tutorial, we will show you how to install the ModSecurity in Nginx on Ubuntu and Debian systems.

Prerequisites

Before you begin, you will need the following:

  • Ubuntu 16.04/18.04/20.04 or Debian 9/10
  • Nginx 1.10 or higher
  • Root user or sudo privileges

Step 1: Install Nginx

If you do not have Nginx Web Server installed on your server already, install Nginx using the following command. If you have Nginx installed already, you can ignore this step.

$ sudo apt install nginx

Step 2: Download and compile ModSecurity

Install build dependencies using the following command

$ apt-get install libtool autoconf build-essential libpcre3-dev zlib1g-dev libssl-dev libxml2-dev libgeoip-dev liblmdb-dev libyajl-dev libcurl4-openssl-dev libpcre++-dev pkgconf libxslt1-dev libgd-dev automake

Now you need to download ModSecurity

$ cd /usr/local/src
$ git clone --depth 100 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
$ cd ModSecurity
$ git submodule init
$ git submodule update

Now compile ModSecurity and install it on your server

# Generate configure file
$ sh build.sh
# Pre compilation step. Checks for dependencies
./configure
# Compiles the source code
$ make
# Installs the Libmodsecurity to **/usr/local/modsecurity/lib/libmodsecurity.so**
$ make install

Step 3: Download and Compile ModSecurity v3 Nginx Connector Source Code

Run “nginx -V” and notice your Nginx server version. Now you need to download the matching Nginx source code and Nginx Connector Source Code into your server. The use the source code to generate Libmodsecurity module for your Nginx server. Refer following commands and run one by one in order.

$ mkdir /usr/local/src/cpg
$ cd /usr/local/src/cpg

Make sure to change versoin number match it with your local Nginx server version

$ wget http://nginx.org/download/nginx-1.21.4.tar.gz
$ tar -xvzf nginx-1.21.4.tar.gz
# Download the source code for ModSecurity-nginx connector
$ git clone https://github.com/SpiderLabs/ModSecurity-nginx
Compile Nginx

Next we need to compile Nginx with ModSecurity module. We will not compile/install Nginx itself but compile the Nginx module only. For this, make sure that your Nginx package is compiled with “–with-compat” flag. The –with-compat flag will make the module binary-compatible with your existing Nginx binary. You can use the following command to compile Nginx + ModSecurity compatible with your existing modules

$ cd nginx-1.21.4
$ ./configure --with-compat --with-openssl=/usr/include/openssl/ --add-dynamic-module=/usr/local/src/cpg/ModSecurity-nginx

Now we need to build the modules and copy it to the Nginx module directory

$ make modules
$ cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/

Step 4: Load ModSecurity Module into Nginx

Open file /etc/nginx/modules-enabled/50-mod-http-modsecurity.conf and add the following contents to it.

load_module modules/ngx_http_modsecurity_module.so;

Step 5: Install Nginx configuration

1. Open /etc/nginx/nginx.conf and add the following line after including “/etc/nginx/sites-enabled/*.conf

include /etc/nginx/cpguard_waf_load.conf;

2. Add the following contents to /etc/nginx/cpguard_waf_load.conf

modsecurity on;
modsecurity_rules_file /etc/nginx/nginx-modsecurity.conf;

3. Add following contents to /etc/nginx/nginx-modsecurity.conf

SecRuleEngine On
SecRequestBodyAccess On
SecDefaultAction "phase:2,deny,log,status:406"
SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
SecCollectionTimeout 600
SecDebugLog /var/log/nginx/modsec_debug.log
SecDebugLogLevel 0
SecAuditEngine RelevantOnly
SecAuditLog /var/log/nginx/modsec_audit.log
SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecTmpSaveUploadedFiles on
# Include file for cPGuard WAF
Include /etc/nginx/cpguard_waf.conf

Step 6: Configure cPGuard WAF Parameters

Once the above steps are completed successfully, you can use the following parameter values.

waf_server = nginx
waf_server_conf = /etc/nginx/cpguard_waf.conf
waf_server_restart_cmd = /usr/sbin/service nginx restart
waf_audit_log = /var/log/nginx/modsec_audit.log
That’s it

You should have ModSecurity enabled fine and once the cPGuard WAF is enabled, your server is protected against Web Attacks.

2 thoughts on - How to Install ModSecurity in Nginx on Ubuntu 18.04 20.4 22.04 & Debian

    • Please refer to cPGuard’s documentation for accurate and specific configurations.

      # cpguard_waf.conf

      # Enable cPGuard WAF
      cpguard_waf_enable on;

      # Specify custom rules or configurations from cPGuard
      # Example:
      cpguard_custom_rule1 "SecRule REQUEST_URI '@contains /admin/' 'deny,status:403'";
      cpguard_custom_rule2 "SecRule ARGS:'username' '@contains select' 'deny,status:403'";

      # Specify any additional cPGuard WAF settings
      cpguard_waf_setting1 value1;
      cpguard_waf_setting2 value2;

      In this example, the configuration file is enabling cPGuard WAF, adding a couple of custom rules, and providing placeholders for additional settings. The specific rules and settings would need to be obtained from cPGuard’s documentation or support channels.

      Reply

LEAVE A COMMENT