How to install and configure Nginx ModSecurity on Centos 8

How to install and configure Nginx ModSecurity on Centos 8

ModSecurity is an open source and great module to securing sites against Layer 7 attacks.

Nginx ModSecurity will prevent SQL injection (SQLi), local file inclusion (LFI), and cross‑site scripting (XSS).

Getpagespeed.com already release repository for CentOS 8, however after they activated Centos 7 repository, we wont use on CentOS 8.

First we need to install Nginx from CentOS 8 repository then upgrade using own compiled Nginx.

Then check nginx version

The output is like this

The problem is Nginx version too low 1.14.1. On latest CentOS 7, official Nginx version is 1.16.1.

Lets download and compile Nginx 1.16.1 with module security. We will try to same configure arguments as official from CentOS 8.

Backup /usr/sbin/nginx to /usr/sbin/nginx-1.14.1

Enable SecRuleEngine, edit /etc/nginx/modsecurity.conf and change

Check nginx version should be like this

Disable Nginx update by edit /etc/dnf/dnf.conf by adding this code

Configure Nginx to use ModSecurity module

To load ModSecurity on Nginx, edit /etc/nginx/nginx.conf and add this code in top of configuration.

And on your server block add this code:

Get OWASP ModSecurity Core Rule Set (CRS) from https://coreruleset.org or https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

Create /etc/nginx/modsec_includes.conf and add code below

Check your Nginx configuration with

If no problem, start Nginx

Testing Nginx ModSecurity

Check on your rules for blacklist user agent, for Comodo rules is bl_agents

Example response:

Leave a Reply

Your email address will not be published. Required fields are marked *