NGINX ModSecurity WAF

Protect against Layer 7 attacks such as SQLi, XSS, CSRF, LFI, and RFI, with the NGINX ModSecurity WAF dynamic module, supported by NGINX.

The NGINX ModSecurity web application firewall (WAF) is built on ModSecurity 3.0.

Note:
The ModSecurity WAF module is deprecated since NGINX Plus Release 29.

Installation

  1. Check the Technical Specifications page to verify that the module is supported by your operating system.

  2. Install the NGINX ModSecurity WAF module package nginx-plus-module-modsecurity.

    For Amazon Linux 2, CentOS, Oracle Linux, and RHEL:

    yum install nginx-plus-module-modsecurity
    
    Note:
    ppc64le is currently not supported for Amazon Linux, CentOS, Oracle Linux, and RHEL.

    For Amazon Linux 2023:

    dnf install nginx-plus-module-modsecurity
    

    For Debian and Ubuntu:

    apt-get install nginx-plus-module-modsecurity
    
    Note:
    aarch64 and ppc64le is currently not supported for Ubuntu.

    For SLES:

    zypper install nginx-plus-module-modsecurity
    

    For Alpine:

    apk add nginx-plus-module-modsecurity
    

Configuration

After installation you will need to enable and configure the module in NGINX Plus configuration file nginx.conf.

  1. Enable dynamic loading of the module with the load_module directive specified in the top-level (“main”) context:

    load_module modules/ngx_http_modsecurity_module.so;
    
  2. Perform additional configuration as required by the module.

  3. Test the configuration and reload NGINX Plus to enable the module:

    nginx -t && nginx -s reload
    
  4. Configure the module.

More Info