If you have done installing NGINX using the repository can check if the module mod_security is enabled with the command:
- strings /usr/sbin/nginx | grep -i sec //Folder where binaries NGINX
if no return, it will be necessary to recompile the NGINX if already installed or do an installation using sources.
At the time this matter, the version below was the most current (http://wiki.nginx.org/Install)
- wget http://nginx.org/download/nginx-1.6.0.tar.gz
**Let's see the installation of NGINX, only superficially, because it is not our goal**
Installing ModSecurity (The installation is based on RedHat derivatives)
First we will install all dependencies
- yum install gcc make libxml2 libxml2-devel httpd-dev pcre-devel curl-devel
For installing mod_security, we use git (yum install git), and download the latest version of the project.
- git clone git://github.com/SpiderLabs/ModSecurity.git
- cd ModSecurity
- ./autogen.sh
- ./configure --enable-standalone-module --disable-mlogc
- make
- make install
** In case of doubt during installation, please come back in our first article. **
Being successful our installation, we will install or recompile the NGINX
- tar zxvf nginx-1.6.0.tar.gz
- cd nginx-1.6.0/
- ./configure --add-module=../ModSecurity/nginx/modsecurity
- make && make install
Now if we execute the command below, we have a return
- strings /usr/local/nginx/sbin/nginx | grep -i modsec
Mod_security settings are defined in nginx.conf
Add the following lines within the policy location /
- ModSecurityEnabled on;
- ModSecurityConfig modsecurity.conf;
ex.
location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
root html;
index index.html index.htm;
}
Well, now that we have the mod_sec already compiled and ready to run on the web server of our preferred,
let's start looking mod_security settings.
In that first moment I'll just show some of the major sections of the configuration file and
from the next article, go ja explaining in a little more detail.
It is important to say that it is good we go through all the settings, because even if they do not see the use at that time, you can
might need and it's good to know that we have available.
Again I say:
THE PURPOSE OF SUCH ARTICLES It EXPLAIN HOW IT WORKS mod_security AND HOW'S YOUR STRUCTURE,
That we are not hostages TO RULE THAT NOT, BECAUSE EACH HAVE YOUR NEED
Below is an overview of policy standards mod_security
SecArgumentSeparator ---------- Sets the application/x-www-form-urlencoded parameter separator
SecCookieFormat ---------- Sets the cookie parser version
SecDataDir ---------- Sets the folder for persistent storage
SecRequestBodyAccess ---------- Controls request body buffering
SecRequestBodyInMemoryLimit ---------- Sets the size of the per-request memory buffer
SecRequestBodyLimit ---------- Sets the maximum request body size ModSecurity will accept
SecRequestBodyLimitAction ---------- Controls what happens once the request body limit is reached
SecRequestBodyNoFilesLimit ---------- Sets the maximum request body size, excluding uploaded files
SecResponseBodyAccess ---------- Controls response body buffering
SecResponseBodyLimit ---------- Specifies the response body buffering limit
SecResponseBodyLimitAction ---------- Controls what happens once the response body limit is reached
SecResponseBodyMimeType ---------- Specifies a list of response body MIME types to inspect
SecResponseBodyMimeTypesClear ---------- Clears the list of response body MIME types
SecRuleEngine ---------- Controls the operation of the rule engine
SecTmpDir ---------- Sets the folder for temporary files
In the next article we will continue to see the structure of mod_security and drill some more.
It is very important to see these concepts, to understand how mod_security works.
Ref:
ModSecurity HandBook https://www.feistyduck.com/books/modsecurity-handbook/
http://blog.spiderlabs.com/
