How to Set Up ModSecurity Web Application Firewall with NGINX Server?

An open-source web application firewall (WAF) that runs on several platforms is called ModSecurity. It aids in identifying and thwarting web application attacks. This module can strengthen server security by thwarting popular exploits like code injection. It contains guidelines for guarding against trojans, malicious user agents, SQL injection, cross-site scripting, and other attacks.

Discover the basic security for applications with the NGINX load balancer

ModSecurity is pre-installed on AccuWeb.Cloud certified NGINX stacks, which comprise load balancers and application servers. Take these actions to activate this feature on your containers:

Step 1. To load the shared NGINX module for ModSecurity, uncomment the corresponding line in the /etc/nginx/nginx.conf file.

#load_module modules/ngx_http_modsecurity_module.so;

Save the changes made to the file.

Step 2. Then, in the configuration file found at /etc/nginx/nginx.conf for the NGINX application server stack (or, in our case, /etc/nginx/nginx-jelastic.conf for the load balancer), you can activate ModSecurity by deleting the ‘#’ symbol from the designated lines.

#modsecurity on;
#modsecurity_rules_file /etc/nginx/conf.d/modsecurity/modsec_includes.conf;

Remember to save the file after making your adjustments.

Step 3. According to the configuration file at /etc/nginx/conf.d/modsecurity/modsec_includes.conf, a default OWASP ModSecurity Core Rule Set (CRS) is included. This set offers general protection against common vulnerabilities typically found in web applications.

You can also upload your custom rule files (with a .conf extension) to the /etc/nginx/conf.d/modsecurity/owasp-modsecurity-crs/rules folder if necessary.

Step 4. After making these changes, remember to restart the relevant NGINX node to apply all the customizations.

Step 5. Now that ModSecurity is protecting your application, you can confirm that it’s active by running the command `nginx -V` on the node (for example, through Web SSH) and checking for the ModSecurity module in the output list.

Step 6. You can test ModSecurity by simulating an attack on your application. For instance, try adding the `/?q=”><script>alert(1)</script>` string to your domain environment. If ModSecurity is functioning correctly, you should see a 403 error page, and the action will be logged in the error log file.

ModSecurity is up and running, protecting your online application.

Know more about how to use load balancing for highly available applications.

Start a free trial now to use AccuWeb.Cloud platform for high-level protection while managing your projects.