NGINX ModSecurity WAF

Protect against Layer 7 attacks such as SQLi, XSS, CSRF, LFI, RFI, and more. The NGINX ModSecurity web application firewall (WAF) is built on ModSecurity 3.0.

Installation Instructions

Install the NGINX ModSecurity WAF module.

For Amazon Linux, CentOS, Oracle Linux, and RHEL:
```
$ yum install nginx-plus-module-modsecurity
```
Note: ppc64le is currently not supported for Amazon Linux, CentOS, Oracle Linux, and RHEL.

For Debian and Ubuntu:
```
$ apt-get install nginx-plus-module-modsecurity
```
Note: aarch64 and ppc64le is currently not supported for Ubuntu.

For SLES:
```
$ zypper install nginx-plus-module-modsecurity
```
For Alpine:
```
$ apk add nginx-plus-module-modsecurity
```
Put the load_module directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:
```
load_module modules/ngx_http_modsecurity_module.so;
```
Perform additional configuration as required by the module.
Reload NGINX Plus to enable the module:
```
$ nginx -t && nginx -s reload
```
Configure the module.

Your Cookie Settings

Have a 🍪? :)

NGINX Documentation

NGINX ModSecurity WAF

Table of Contents

Installation Instructions

More Info

njs Scripting Language

NGINX Developer Kit

Need help from NGINX directly?

Navigation

NGINX Documentation

NGINX ModSecurity WAF

Table of Contents

Installation Instructions

More Info

njs Scripting Language

NGINX Developer Kit

Navigation

Need help from NGINX directly?