Step-by-Step Guide to Install and Configure ModSecurity with Nginx

1. Update and Install Required Packages

First, update your package list and install the necessary dependencies.

• sudo apt update

• sudo apt install git build-essential libpcre3 libpcre3-dev libssl-dev
zlib1g zlib1g-dev
• sudo apt install autoconf automake libtool pkg-config

2. Download and Compile ModSecurity

# Clone ModSecurity repository

• cd /usr/local/src
• sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity

# Build ModSecurity
• cd ModSecurity
• sudo git submodule init
• sudo git submodule update
• sudo ./build.sh
• sudo ./configure
• sudo make
• sudo make install

3. Download and Compile ModSecurity Nginx Connector

# Clone the ModSecurity Nginx connector

• cd /usr/local/src
• sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-
nginx.git

# Download Nginx source

• sudo wget http://nginx.org/download/nginx-1.21.6.tar.gz
• sudo tar -zxvf nginx-1.21.6.tar.gz
• cd nginx-1.21.6

# Compile Nginx with the ModSecurity module

• sudo ./configure --add-module=/usr/local/src/ModSecurity-nginx --with-
http_ssl_module --with-stream
• sudo make
• sudo make install

4. Set Up Nginx Configuration

Create directories for your websites if not already done.

• sudo mkdir -p /var/www/axispay.com

 • sudo mkdir -p /var/www/axis-01.com
• sudo mkdir -p /var/www/axis-02.com

Create HTML files for each site.

• echo "<html><body><h1>Welcome to AxisPay</h1></body></html>" | sudo tee

/var/www/axispay.com/index.html
• echo "<html><body><h1>Welcome to Axis 01</h1></body></html>" | sudo tee
/var/www/axis-01.com/index.html
• echo "<html><body><h1>Welcome to Axis 02</h1></body></html>" | sudo tee
/var/www/axis-02.com/index.html

5. Install OWASP Core Rule Set (CRS)

Download and set up the OWASP Core Rule Set.

• cd /etc/nginx
• sudo mkdir modsec
• cd modsec
• sudo git clone --depth 1 https://github.com/coreruleset/coreruleset.git
• sudo cp coreruleset/crs-setup.conf.example /etc/nginx/modsec/crs-
setup.conf
• sudo cp coreruleset/rules/*.conf /etc/nginx/modsec/

6. Configure Nginx for Each Website

Create the main ModSecurity configuration file.

• sudo nano /etc/nginx/modsec/main.conf

Add the following content:

• Include /etc/modsecurity/modsecurity.conf
• Include /etc/nginx/modsec/crs-setup.conf
• Include /etc/nginx/modsec/rules/*.conf

Edit the Nginx configuration files for each website to include ModSecurity.

• sudo nano /usr/local/nginx/conf/nginx.conf

Add the following server blocks for each website:

# AxisPay

server {
listen 80;
server_name axispay.com;

modsecurity on;
 modsecurity_rules_file /etc/nginx/modsec/main.conf;

root /var/www/axispay.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

# Axis-01
server {
listen 80;
server_name axis-01.com;

modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

root /var/www/axis-01.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

# Axis-02
server {
listen 80;
server_name axis-02.com;

modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

root /var/www/axis-02.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

7. Test Nginx Configuration

Check the Nginx configuration for syntax errors.

• sudo /usr/local/nginx/sbin/nginx -t

8. Restart Nginx

Restart Nginx to apply the changes.

• sudo /usr/local/nginx/sbin/nginx -s reload

Verify ModSecurity

To verify that ModSecurity is working, you can check the Nginx error log and ModSecurity
audit log. The default location for the ModSecurity audit log is /var/log/modsec_audit.log.

Conclusion

By following these steps, you have installed and configured ModSecurity with Nginx on Ubuntu.
ModSecurity is now enabled for all three websites (axispay.com, axis-01.com, and axis-
02.com), providing a layer of security to protect against common web application attacks.