Site icon GetPageSpeed

How Install ModSecurity NGINX module in CentOS/RHEL 7

Danila Vershinin

đź“… Updated: February 21, 2026 (Originally published: April 20, 2018)

NGINX is an open-source web server well known for its high performance and the vast array of features available through modules.

🛠️ Related Tools

✓ NGINX Config Validator⚡ Website Speed Test📦 NGINX Extras Repository

ModSecurity is an open-source web application firewall (WAF). It is available as a library and can be added to NGINX using a connector module to protect your websites from common attacks like SQL injection, XSS, and other OWASP Top 10 vulnerabilities.

Follow these instructions to install the ModSecurity module for NGINX on CentOS/RHEL 7.

Looking for newer systems? See our guides for CentOS/RHEL 8 or Rocky Linux/RHEL 9. For Fedora users, see How to install NGINX WAF module in Fedora Linux. For a comprehensive WAF deployment guide covering all systems, see Install ModSecurity NGINX: Complete WAF Guide.

Install nginx-module-security in CentOS/RHEL 7

The ModSecurity module is compatible with the latest stable and mainline NGINX versions.

Step 1. Set up GetPageSpeed RPM Repository

sudo yum -y install https://extras.getpagespeed.com/release-latest.rpm
sudo yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm

Note: An active NGINX Extras subscription is required.

Step 2. Install NGINX

If you already have NGINX installed, skip this step.

sudo yum -y install nginx

Step 3. Install the ModSecurity NGINX Module

sudo yum -y install nginx-module-security

Follow the installation prompt to import the GPG public key that is used for verifying packages.

The libmodsecurity library dependency will be installed automatically.

Step 4. Enable the Module

Add the following line at the top of /etc/nginx/nginx.conf:

load_module modules/ngx_http_modsecurity_module.so;

Reload NGINX to load the module:

sudo systemctl reload nginx

Install OWASP Core Rule Set

ModSecurity needs detection rules to work. The OWASP ModSecurity Core Rule Set (CRS) is the most popular and well-maintained ruleset available.

sudo yum -y install nginx-owasp-crs

Enable ModSecurity with OWASP CRS

Add the following to your site’s server block:

server {
    modsecurity on;
    location / {
        modsecurity_rules_file /etc/nginx/modsec_includes.conf;
    }
}

Reload NGINX:

sudo systemctl reload nginx

Verify ModSecurity Is Working

Test that ModSecurity blocks malicious requests by navigating to:

http://example.com/?q="><script>alert(1)</script>'

You should see a 403 Forbidden error, indicating ModSecurity detected and blocked the XSS attempt.

Monitor for False Positives

ModSecurity may block legitimate requests. Monitor the audit log for false positives:

Tune your rules based on your application’s needs.

SELinux Compatibility

The package is fully compatible with SELinux – no additional configuration required.

Supported NGINX Versions

Compatible with NGINX stable/mainline from either nginx.org or the GetPageSpeed RPM repository.

D

Danila Vershinin

Founder & Lead Engineer

NGINX configuration and optimizationLinux system administrationWeb performance engineering

10+ years NGINX experience • Maintainer of GetPageSpeed RPM repository • Contributor to open-source NGINX modules

GitHub →LinkedIn →
Exit mobile version