Install mod_security on nginx webserver

prot3ct0r

New Member

Reaction score: 1
Messages: 9

Hello Guys !

Can anybody explain how to install mod_security2 and OWASP rules on www/nginx step by step.

Notice that I use from latest version of FreeBSD.

Thank you
 

junovitch@

Daemon
Developer

Reaction score: 632
Messages: 1,773

The 3rd party ModSecurity module isn't a default option for the port. To start, you would have to install www/nginx via ports by doing cd /usr/ports/www/nginx && make install.
 
OP
prot3ct0r

prot3ct0r

New Member

Reaction score: 1
Messages: 9

I was installed nginx webserver with pkg : pkg install nginx now uninstall that? How?
And in port, I was install www/nginx and ticked modsecurity on install configuration but when in nginx.conf sets ModSecurityEnabled on; now how set the default WAF protection rules on nginx?
 

drhowarddrfine

Son of Beastie

Reaction score: 2,341
Messages: 4,308

I don't know but a simple Google for "web application firewall nginx" brought up a multitude of articles on that.
 

rudelgurke

Member

Reaction score: 10
Messages: 40

Well - I simply installed the port by selecting the corresponding option, then using "https://github.com/SpiderLabs/owasp-modsecurity-crs" and doing local changes.

Still one issue that was problematic - and made me move mod_sec back to the backend Apache - was it doesn't seem possible to use "SecRuleRemoveById" inside a Nginx "location". It seems it's only possible to either globally disable or enable rules - unlike in Apache where you can disable rules on a location / directory base.
 
Top