Clone and build modsecurity
yum group install “Development Tools”
yum install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-devgit clone — depth 1 -b v3/master — single-branch https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git submodule init
git submodule update
./build.sh
./configure
make
make installgit clone — depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
Install nginx and build modules
yum -y install nginx
nginx -v
>1.19.7wget http://nginx.org/download/nginx-1.19.7.tar.gz
tar zxvf nginx-1.19.7.tar.gz
cd nginx-1.19.7./configure — with-compat — add-dynamic-module=../ModSecurity-nginx
cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
vi /etc/nginx/nginx.conf , add
load_module modules/ngx_http_modsecurity_module.so;Configure module
mkdir /etc/nginx/modsec
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/unicode.mapping
mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.confTurn on rule engine
sed -i ‘s/SecRuleEngine DetectionOnly/SecRuleEngine On/’ /etc/nginx/modsec/modsecurity.confvi etc/nginx/conf.d/default.conf , add
location {
# …
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}Configure owasp rules
cd /etc/nginx
wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.zip
yum -y install unzip
unzip v3.2.0.zip
mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
cp owasp-modsecurity-crs/crs-setup.conf.example owasp-modsecurity-crs/crs-setup.confvi /etc/nginx/modsec/main.conf , add
Include “/etc/nginx/modsec/modsecurity.conf”include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf
include /etc/nginx/owasp-modsecurity-crs/rules/*.conf# Basic test rule
SecRule ARGS:testparam “@contains test” “id:1234,deny,log,status:403”
test nginx make sure config ok
nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx -s reloadtest request
curl -D — http://localhost/foo?testparam=thisisatestofmodsecurity
curl -I -H “User-Agent: test” http://localhost
curl localhost/index.html?exec=/bin/bash
curl localhost/login/Login.do — data “password=k1ck-bin/bash”All should return :
HTTP/1.1 403 Forbidden
