ModSecurity is an open source, web application firewall (WAF) designed to protect web applications from malicious attacks. It is designed to protect web applications from layer 7 (application layer) attacks such as SQL injection, cross-site scripting (XSS), and many other types of attacks. In this tutorial, we will show you how to install the ModSecurity in Nginx on Ubuntu and Debian systems.
Prerequisites
Before you begin, you will need the following:
- Ubuntu 16.04/18.04/20.04 or Debian 9/10
- Nginx 1.10 or higher
- Root user or sudo privileges
Step 1: Install Nginx
If you do not have Nginx Web Server installed on your server already, install Nginx using the following command. If you have Nginx installed already, you can ignore this step.
$ sudo apt install nginx
Step 2: Download and compile ModSecurity
Install build dependencies using the following command
$ apt-get install libtool autoconf build-essential libpcre3-dev zlib1g-dev libssl-dev libxml2-dev libgeoip-dev liblmdb-dev libyajl-dev libcurl4-openssl-dev libpcre++-dev pkgconf libxslt1-dev libgd-dev automake
Now you need to download ModSecurity
$ cd /usr/local/src
$ git clone --depth 100 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
$ cd ModSecurity
$ git submodule init
$ git submodule update
Now compile ModSecurity and install it on your server
# Generate configure file
$ sh build.sh
# Pre compilation step. Checks for dependencies
./configure
# Compiles the source code
$ make
# Installs the Libmodsecurity to **/usr/local/modsecurity/lib/libmodsecurity.so**
$ make install
Step 3: Download and Compile ModSecurity v3 Nginx Connector Source Code
Run “nginx -V” and notice your Nginx server version. Now you need to download the matching Nginx source code and Nginx Connector Source Code into your server. The use the source code to generate Libmodsecurity module for your Nginx server. Refer following commands and run one by one in order.
$ mkdir /usr/local/src/cpg
$ cd /usr/local/src/cpg
Make sure to change versoin number match it with your local Nginx server version
$ wget http://nginx.org/download/nginx-1.21.4.tar.gz
$ tar -xvzf nginx-1.21.4.tar.gz
# Download the source code for ModSecurity-nginx connector
$ git clone https://github.com/SpiderLabs/ModSecurity-nginx
Compile Nginx
Next we need to compile Nginx with ModSecurity module. We will not compile/install Nginx itself but compile the Nginx module only. For this, make sure that your Nginx package is compiled with “–with-compat” flag. The –with-compat flag will make the module binary-compatible with your existing Nginx binary. You can use the following command to compile Nginx + ModSecurity compatible with your existing modules
$ cd nginx-1.21.4
$ ./configure --with-compat --with-openssl=/usr/include/openssl/ --add-dynamic-module=/usr/local/src/cpg/ModSecurity-nginx
Now we need to build the modules and copy it to the Nginx module directory
$ make modules
$ cp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/
Step 4: Load ModSecurity Module into Nginx
Open file /etc/nginx/modules-enabled/50-mod-http-modsecurity.conf
and add the following contents to it.
load_module modules/ngx_http_modsecurity_module.so;
Step 5: Install Nginx configuration
1. Open /etc/nginx/nginx.conf
and add the following line after including “/etc/nginx/sites-enabled/*.conf
”
include /etc/nginx/cpguard_waf_load.conf;
2. Add the following contents to /etc/nginx/cpguard_waf_load.conf
modsecurity on;
modsecurity_rules_file /etc/nginx/nginx-modsecurity.conf;
3. Add following contents to /etc/nginx/nginx-modsecurity.conf
SecRuleEngine On
SecRequestBodyAccess On
SecDefaultAction "phase:2,deny,log,status:406"
SecRequestBodyLimitAction ProcessPartial
SecResponseBodyLimitAction ProcessPartial
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000
SecCollectionTimeout 600
SecDebugLog /var/log/nginx/modsec_debug.log
SecDebugLogLevel 0
SecAuditEngine RelevantOnly
SecAuditLog /var/log/nginx/modsec_audit.log
SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecTmpSaveUploadedFiles on
# Include file for cPGuard WAF
Include /etc/nginx/cpguard_waf.conf
Step 6: Configure cPGuard WAF Parameters
Once the above steps are completed successfully, you can use the following parameter values.
waf_server = nginx
waf_server_conf = /etc/nginx/cpguard_waf.conf
waf_server_restart_cmd = /usr/sbin/service nginx restart
waf_audit_log = /var/log/nginx/modsec_audit.log
That’s it
You should have ModSecurity enabled fine and once the cPGuard WAF is enabled, your server is protected against Web Attacks.
2 thoughts on - How to Install ModSecurity in Nginx on Ubuntu 18.04 20.4 22.04 & Debian
What should be the conf inside cpguard_waf.conf ?
Please refer to cPGuard’s documentation for accurate and specific configurations.
# cpguard_waf.conf
# Enable cPGuard WAF
cpguard_waf_enable on;
# Specify custom rules or configurations from cPGuard
# Example:
cpguard_custom_rule1 "SecRule REQUEST_URI '@contains /admin/' 'deny,status:403'";
cpguard_custom_rule2 "SecRule ARGS:'username' '@contains select' 'deny,status:403'";
# Specify any additional cPGuard WAF settings
cpguard_waf_setting1 value1;
cpguard_waf_setting2 value2;
In this example, the configuration file is enabling cPGuard WAF, adding a couple of custom rules, and providing placeholders for additional settings. The specific rules and settings would need to be obtained from cPGuard’s documentation or support channels.