modsecurity for nginx

Leave a reply

yum install gcc make automake autoconf libtool
yum install pcre pcre-devel libxml2 libxml2-devel curl curl-devel httpd-devel

From source:

mod_security:
./configure –enable-standalone-module
make
make install
or GIT:
git clone https://github.com/SpiderLabs/ModSecurity.git mod_security
cd mod_security
./autogen.sh
./configure –enable-standalone-module
make

nginx:
./configure –add-module=../mod_security/nginx/modsecurity
make
make install

ModSecurity configuration nginx.conf:

server {
listen 80;
server_name localhost;

location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
}

}

custom rules for mod_security applied to different directories in your website, you can create new mod_security.conf:

location /secured {
ModSecurityConfig modsecurity3.conf;
proxy_pass http://secured.mysite.com/;
proxy_read_timeout 180s;
}

turn off mod_security for one directory:

location /unsecured/ {
ModSecurityEnabled off;
proxy_pass http://unsecured.mysite.com/;
proxy_read_timeout 180s;
}

service nginx restart

Leave a Reply

Your email address will not be published. Required fields are marked *