Install modsecurity on nginx

nginx mod-security
KevinKien picture KevinKien · Apr 23, 2014 · Viewed 10.7k times · Source

Today, I installed mod_security for nginx. I added the following block to /etc/nginx/nginx:

server {
listen       80;
server_name  localhost;

location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
}

}

After restarting Nginx, I got the following error:

nginx: [emerg] unknown directive "ModSecurityEnabled" in /etc/nginx/conf.d/nginx.conf:6
nginx: configuration file /etc/nginx/nginx.conf test failed

Output of nginx -V:

nginx version: nginx/1.4.7
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables'

What is going wrong?

Answer

cellover picture cellover · Jul 15, 2014

According to the official documentation:

The extensibility model of the nginx server does not include dynamically loaded modules, thus ModSecurity must be compiled with the source code of the main server. Since nginx is available on multiple Unix-based platforms (and also on Windows), for now the recommended way of obtaining ModSecurity for nginx is compilation in the designated environment.

Source: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX

You can not just add some lines in nginx.conf to get it working.

You might also want to consider the following if you want to be helped more efficiently and in the meantime participate in making Stack Overflow a better place:

  • Read the docs before asking for help (it took me 3 minutes to figure out the way it works).
  • Choose a more explicit title for your issue.
  • Try to auto-correct the content to make it easier to read.

Good luck!

Related questions

From inside of a Docker container, how do I connect to the localhost of the machine?

So I have a Nginx running inside a docker container, I have a mysql running on localhost, I want to connect to the MySql from within my Nginx. The MySql is running on localhost and not exposing a port to …

Read More
NGinx Default public www location?

I have worked with Apache before, so I am aware that the default public web root is typically /var/www/. I recently started working with nginx, but I can't seem to find the default public web root. Where can I …

Read More
Where can I find the error logs of nginx, using FastCGI and Django?

I'm using Django with FastCGI + nginx. Where are the logs (errors) stored in this case?

Read More