NGINX ModSecurity WAF
Protect against Layer 7 attacks such as SQLi, XSS, CSRF, LFI, RFI, and more. The NGINX ModSecurity web application firewall (WAF) is built on ModSecurity 3.0.
Installation Instructions
Install the NGINX ModSecurity WAF module.
For Amazon Linux, CentOS, Oracle Linux, and RHEL:
$ yum install nginx-plus-module-modsecurity
Note: ppc64le is currently not supported for Amazon Linux, CentOS, Oracle Linux, and RHEL.
For Debian and Ubuntu:
$ apt-get install nginx-plus-module-modsecurity
Note: aarch64 and ppc64le is currently not supported for Ubuntu.
For SLES:
$ zypper install nginx-plus-module-modsecurity
For Alpine:
$ apk add nginx-plus-module-modsecurity
Put the
load_module
directive in the top‑level (“main”) context of NGINX Plus configuration file, nginx.conf:load_module modules/ngx_http_modsecurity_module.so;
Perform additional configuration as required by the module.
Reload NGINX Plus to enable the module:
$ nginx -t && nginx -s reload
Configure the module.