NGINX Documentation

NGINX ModSecurity WAF

Protect against Layer 7 attacks such as SQLi, XSS, CSRF, LFI, RFI, and more. The NGINX ModSecurity web application firewall (WAF) is built on ModSecurity 3.0.

Installation Instructions

  1. Install the NGINX ModSecurity WAF module.

    For Amazon Linux, CentOS, Oracle Linux, and RHEL:

    $ yum install nginx-plus-module-modsecurity

    For Debian and Ubuntu:

    $ apt-get install nginx-plus-module-modsecurity

    For SLES:

    $ zypper install nginx-plus-module-modsecurity
  2. Put the load_module directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:

    load_module modules/;
  3. Perform additional configuration as required by the module.

  4. Reload NGINX Plus to enable the module:

    $ nginx -t && nginx -s reload

More Info