Nginx / Security / Server Setup

Install ModSecurity nginx module on CentOS 7

by , , revisited on


Follow these instructions to easily install YUM package for dynamic ModSecurity module for Nginx.
The dynamic module is compatible with official stable Nginx repository for CentOS 7.

Step 1. Setup nginx properly

First, make sure you have installed latest stable nginx for CentOS using official repository.

Step 2. Add GetPageSpeed extras YUM repository

Next, run the following command to add our dynamic modules repository:

yum install https://extras.getpagespeed.com/release-el7-latest.rpm

Step 3. Install ModSecurity nginx module

Then, all you have to do to install ModSecurity module that works with the stable official Nginx build is this:

yum install nginx-module-security

Follow the installation prompt to import GPG public key that is used for verifying packages. The libmodsecurity library dependency will be installed for you.

Step 4. Enable the module

Next, enable your nginx to load ModSecurity dynamic module by editing nginx configuration. Simply follow the installer’s suggestion:

----------------------------------------------------------------------

The security dynamic module for nginx has been installed.
To enable this module, add the following to /etc/nginx/nginx.conf
and reload nginx:

    load_module modules/ngx_http_modsecurity_module.so;

Please refer to the module documentation for further details:
https://github.com/SpiderLabs/ModSecurity-nginx

----------------------------------------------------------------------

Install OWASP CRS

You can setup OWASP Core Rule Set now with:

yum -y install nginx-owasp-crs

Monitor False Positives

As with all-things-ModSecurity, you should tune things specifically for your web app. Monitor main log file /var/log/modsec/audit.log for false positives. You can see details of each denied request in /var/log/modsec/nginx directory.

Supported Nginx versions: Nginx stable from official Nginx repository.

Tip: if you have SELinux enabled, you may want to check our post about SELinux configuration for nginx.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.