Skip to content

Instantly share code, notes, and snippets.

@4ft35t

4ft35t/modsecurity.md

Last active March 8, 2016 07:43
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 4ft35t/7238b65d7153d7e3fc8d to your computer and use it in GitHub Desktop.
Save 4ft35t/7238b65d7153d7e3fc8d to your computer and use it in GitHub Desktop.
Download ZIP
ubuntu install modsecurity with nginx
Raw
modsecurity.md

fix APXS error

configure: error: couldn’t find APXS

apache2-prefork-dev

ref1 ref2

~/mod_security$ ./configure --enable-standalone-module --disable-mlogc
~/mod_security$ make

~/nginx-1.2.0$ ./configure --add-module=../mod_security/nginx/modsecurity
~/nginx-1.2.0$ make
~/nginx-1.2.0$ sudo make install

启用 modsecurity crs rule

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
cp owasp-modsecurity-crs/base_rules/*.data /usr/local/nginx/conf/
cat owasp-modsecurity-crs/base_rules/*.conf >> owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example
mv modsecurity-crs/modsecurity_crs_10_setup.conf.example /usr/local/nginx/conf/modsecurity_crs_10_setup.conf

modsecurity 引擎默认关闭,需要开启

在 /usr/local/nginx/conf/modsecurity_crs_10_setup.conf 最开始加入如下几行

SecRuleEngine On
SecAuditEngine RelevantOnly
SecAuditLog /tmp/audit.log
SecAuditLogParts ABCFHZ
SecAuditLogType concurrent
SecAuditLogStorageDir /tmp/audit
SecAuditLogRelevantStatus ^(?:5|4(?!04))
SecAuditLogDirMode 0777
SecAuditLogFileMode 0550

SecStatusEngine  On
SecDebugLog /tmp/modsec_debug.log
SecDebugLogLevel 3

nginx 配置

location / {
           ModSecurityEnabled on;
           ModSecurityConfig modsecurity_crs_10_setup.conf;
           proxy_pass http://localhost:8011;
           proxy_read_timeout 180s;
       }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment