How To Install ModSecurity with Nginx on Ubuntu 22.04 LTS
In this tutorial, we will show you how to install ModSecurity with Nginx on Ubuntu 22.04 LTS. For those of you who didn’t know, ModSecurity is a free and open-source Web Application Firewall (WAF) that protects your website from several types of attacks, including cross-site scripting (XSS), SQL injection, session hijacking, and many more. It also allows for HTTP traffic monitoring, logging, and real-time analysis. ModSecurity was created as a module for the Apache HTTP Server. However, since its early days, the WAF has grown and now covers an array of HyperText Transfer Protocol request and response filtering capabilities for various platforms such as Microsoft IIS, Nginx, and Apache.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of ModSecurity 3 with Nginx on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install ModSecurity with Nginx on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, make sure that all your system packages are up-to-date by running the following apt commands in the terminal.
sudo apt update sudo apt upgrade sudo apt install wget apt-transport-https gnupg2 software-properties-common sudo apt install g++ flex bison curl apache2-dev doxygen libyajl-dev ssdeep liblua5.2-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev git liblmdb-dev libpkgconf3 lmdb-doc pkgconf zlib1g-dev libssl-dev
Step 2. Installing ModSecurity on Ubuntu 22.04.
By default, ModSecurity is available on Ubuntu 22.04 base repository. Now run the following command below to download the latest version of ModSecurity with the following command:
wget https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.8/modsecurity-v3.0.8.tar.gz
Next, extract the downloaded file:
tar -xvzf modsecurity-v3.0.8.tar.gz
After that, we change to the extracted directory and configure it with the following command below:
cd modsecurity-v3.0.8 ./build.sh ./configure make make install
Step 3. Installing Nginx with ModSecurity Support.
Now we download the ModSecurity-Nginx connector from GitHub using the following command:
cd ~ git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
Next, download the Nginx from the official source using the following command:
wget https://nginx.org/download/nginx-1.20.2.tar.gz
Then, extract the Nginx source with the following command:
tar xzf nginx-1.20.2.tar.gz
Also, create a user for Nginx with the following command:
useradd -r -M -s /sbin/nologin -d /usr/local/nginx nginx
After that, change the directory to the Nginx source and configure it:
cd nginx-1.20.2 ./configure --user=nginx --group=nginx --with-pcre-jit --with-debug --with-compat --with-http_ssl_module --with-http_realip_module --add-dynamic-module=/root/ModSecurity-nginx --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
Once is done, install it with the following command:
make make modules make install
Finally, create a symbolic link of Nginx with the following command:
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
Verify the Nginx version using the following command:
nginx -V
Output:
nginx version: nginx/1.20.2 built by gcc 11.2.3 (Ubuntu 11.2.2-19ubuntu1) built with OpenSSL 3.0.2 20 May 2022 TLS SNI support enabled configure arguments: --user=nginx --group=nginx --with-pcre-jit --with-debug --with-compat --with-http_ssl_module --with-http_realip_module --add-dynamic-module=/root/ModSecurity-nginx --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
For additional resources on installing and managing Nginx, read the post below:
Step 4. Configure Nginx with ModSecurity.
First, copy the sample configuration files with the following command:
cp ~/modsecurity-v3.0.8/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf cp ~/modsecurity-v3.0.8/unicode.mapping /usr/local/nginx/conf/
In addition, backup the Nginx configuration file:
cp /usr/local/nginx/conf/nginx.conf{,.bak}
Next, edit the Nginx configuration file:
nano /usr/local/nginx/conf/nginx.conf
Add the following lines:
load_module modules/ngx_http_modsecurity_module.so;
user nginx;
worker_processes 1;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name nginx.your-domain.com;
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;
access_log /var/log/nginx/access_your-domain.log;
error_log /var/log/nginx/error_your-domain.log;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Save and close the file, then enable the ModSecurity with the following command:
sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /usr/local/nginx/conf/modsecurity.conf
Step 4. Installing OWASP ModSecurity Rules.
Now we download the latest ModSecurity Core Rule Set (CRS) from the Open Web Application Security Project (OWASP):
cd git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/local/nginx/conf/owasp-crs
Next, rename crs-setup.conf.example to crs-setup.conf file:
cp /usr/local/nginx/conf/owasp-crs/crs-setup.conf{.example,}
Then, define the rules with the following command:
echo -e "Include owasp-crs/crs-setup.conf Include owasp-crs/rules/*.conf" >> /usr/local/nginx/conf/modsecurity.conf
Step 5. Create Systemd Service File for Nginx.
Now create a systemd service file to manage the Nginx service:
nano /etc/systemd/system/nginx.service
Add the following lines:
[Unit] Description=A high performance web server and a reverse proxy server Documentation=man:nginx(8) After=network.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;' ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' ExecReload=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid TimeoutStopSec=5 KillMode=mixed [Install] WantedBy=multi-user.target
Save and close the file, then reload the systemd daemon to apply the changes:
sudo systemctl daemon-reload sudo systemctl start nginx sudo systemctl enable nginx
Step 6. Verify ModSecurity on Nginx
Once successfully installed and setup, It’s time to test it. Run the following command to test the Modsecurity against command injection:
curl localhost?doc=/bin/ls
If everything is fine, you will get the “403 Forbidden” massage.
<html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.20.2</center> </body> </html>
Congratulations! You have successfully installed ModSecurity. Thanks for using this tutorial for installing ModSecurity with Nginx on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official ModSecurity website.
