Nginx - Modsecurity installation
Would you like to learn how to install the Nginx Modsecurity feature? In this tutorial, we are going to configure the Nginx Modsecurity feature on a computer running Ubuntu Linux.
• Ubuntu 18
• Ubuntu 19
• Ubuntu 20
• Nginx 1.18.0
• ModSecurity 3.0.4
Nginx – Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Nginx.
Tutorial Nginx – ModSecurity installation
Install the Nginx server.
apt-get updateapt-get install nginxInstall the required packages.
apt-get install bison build-essential ca-certificates curl dh-autoreconf doxygen flex gawk git iputils-ping libcurl4-gnutls-dev libexpat1-dev libgeoip-dev liblmdb-dev libpcre3-dev libpcre++-dev libssl-dev libtool libxml2 libxml2-dev libyajl-dev locales lua5.3-dev pkg-config wget zlib1g-dev zlibcInstall the software named SSDEP.
mkdir /downloadscd /downloadsgit clone https://github.com/ssdeep-project/ssdeepcd ssdeep/./bootstrap./configuremakemake installDownload the latest version of ModSecurity.
cd /downloadsgit clone https://github.com/SpiderLabs/ModSecurity cd ModSecurity git checkout -b v3/master origin/v3/master git submodule init git submodule update Compile and install ModSecurity.
sh build.sh ./configure makemake installDownload the latest version of the Nginx connector for ModSecurity.
cd /downloadsgit clone https://github.com/SpiderLabs/ModSecurity-nginxVerify the version of Nginx installed on your system.
nginx -vHere is the command output.
nginx version: nginx/1.18.0 (Ubuntu)Download the source code of the same version of Nginx installed on your system.
cd /downloadswget http://nginx.org/download/nginx-1.18.0.tar.gztar -zxvf nginx-1.18.0.tar.gzCompile and install the Nginx connector.
cd nginx-1.18.0./configure --with-compat --add-dynamic-module=../ModSecurity-nginxmake modulescp objs/ngx_http_modsecurity_module.so /usr/share/nginx/modules/Download and install the ModSecurity Core Rule Set.
cd /downloadswget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gztar -zxvf v3.2.0.tar.gzmv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crsmv owasp-modsecurity-crs/crs-setup.conf.example owasp-modsecurity-crs/crs-setup.confmv owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.confmv owasp-modsecurity-crs /usr/local/Congratulations! You have finished the ModSecurity installation on the Nginx server.
Tutorial Nginx – ModSecurity configuration
Edit the Nginx configuration file.
vi /etc/nginx/nginx.confAdd the following line in the Nginx configuration file.
load_module modules/ngx_http_modsecurity_module.so;Here is the file before our configuration.
user www-data;worker_processes auto;pid /run/nginx.pid;include /etc/nginx/modules-enabled/*.conf;events { worker_connections 768;}http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;}Here is the file after our configuration.
user www-data;worker_processes auto;pid /run/nginx.pid;load_module modules/ngx_http_modsecurity_module.so;include /etc/nginx/modules-enabled/*.conf;events { worker_connections 768;}http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;}Create a directory named Modsec and copy the required configuration files.
mkdir -p /etc/nginx/modseccp /downloads/ModSecurity/unicode.mapping /etc/nginx/modsec/cp /downloads/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.confEdit the ModSecurity configuration file.
vi /etc/nginx/modsec/modsecurity.confLocate the following lines.
SecRuleEngine DetectionOnlySecAuditLog /var/log/modsec_audit.logChange these lines to the following configuration.
SecRuleEngine OnSecAuditLog /var/log/nginx/modsec_audit.logHere is the file after our configuration.
SecRuleEngine OnSecRequestBodyAccess OnSecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"SecRule REQUEST_HEADERS:Content-Type "application/json" \ "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"SecRequestBodyLimit 13107200SecRequestBodyNoFilesLimit 131072SecRequestBodyLimitAction RejectSecRule REQBODY_ERROR "!@eq 0" \"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"SecRule MULTIPART_STRICT_ERROR "!@eq 0" \"id:'200003',phase:2,t:none,log,deny,status:400, \msg:'Multipart request body failed strict validation: \PE %{REQBODY_PROCESSOR_ERROR}, \BQ %{MULTIPART_BOUNDARY_QUOTED}, \BW %{MULTIPART_BOUNDARY_WHITESPACE}, \DB %{MULTIPART_DATA_BEFORE}, \DA %{MULTIPART_DATA_AFTER}, \HF %{MULTIPART_HEADER_FOLDING}, \LF %{MULTIPART_LF_LINE}, \SM %{MULTIPART_MISSING_SEMICOLON}, \IQ %{MULTIPART_INVALID_QUOTING}, \IP %{MULTIPART_INVALID_PART}, \IH %{MULTIPART_INVALID_HEADER_FOLDING}, \FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \ "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"SecPcreMatchLimit 1000SecPcreMatchLimitRecursion 1000SecRule TX:/^MSC_/ "!@streq 0" \ "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"SecResponseBodyAccess OnSecResponseBodyMimeType text/plain text/html text/xmlSecResponseBodyLimit 524288SecResponseBodyLimitAction ProcessPartialSecTmpDir /tmp/SecDataDir /tmp/SecAuditEngine RelevantOnlySecAuditLogRelevantStatus "^(?:5|4(?!04))"SecAuditLogParts ABIJDEFHZSecAuditLogType SerialSecAuditLog /var/log/nginx/modsec_audit.logSecArgumentSeparator &SecCookieFormat 0SecUnicodeMapFile unicode.mapping 20127SecStatusEngine OnCreate a file to enable ModSecurity to use the installed CRS rules.
vi /etc/nginx/modsec/main.confHere is the file content.
Include "/etc/nginx/modsec/modsecurity.conf"Include "/usr/local/owasp-modsecurity-crs/crs-setup.conf"Include "/usr/local/owasp-modsecurity-crs/rules/*.conf"Edit the Nginx configuration file for the default website.
vi /etc/nginx/sites-available/defaultAdd the following line in the Nginx configuration file.
modsecurity on;modsecurity_rules_file /etc/nginx/modsec/main.conf;Here is the file before our configuration.
server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; }}Here is the file after our configuration.
server { listen 80 default_server; listen [::]:80 default_server; modsecurity on; modsecurity_rules_file /etc/nginx/modsec/main.conf; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; }}Restart the Nginx service.
service nginx restartOptionally, use your browser to send a test request to the Nginx server.
After sending a test request, verify the ModSecurity log
tail -f /var/log/nginx/modsec_audit.logCongratulations! You have finished the ModSecurity configuration on the Nginx server.
출처 URL : https://techexpert.tips/nginx/nginx-modsecurity-installation/
※위 포스팅이 문제있을 경우 삭제 처리하겠습니다.
![[게임뉴스] 크래프톤 '배틀그라운드' PGS 시즌 9, 10 성료 외 주요 소식](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9GhT98iVHfikrXARb0MxoCA7CItumY6h4JKaJLMSFu-0WJyOCtYr03ThyphenhyphenoBb2pedjw8MXWi9rv4IbL0H2S2OswTSQpEdRBuYuGYQdeSAkVHSGB3YbSY9tCoYvsI5k2Fl7I43x2tMKTKpDnzcS6rlBIZPSYN50YceI_8Ah83lLnHz04bRr1e7UTyuPNhlm/s72-c/55.jpg)
댓글 없음:
참고: 블로그의 회원만 댓글을 작성할 수 있습니다.