How to Install & Configure ModSecurity in NGINX

configure modsecurity in nginx

ModSecurity is a powerful module that helps protect your website from malicious attacks and vulnerabilities. Let us take a look at how to install & configure ModSecurity in NGINX.


How to Install & Configure ModSecurity in NGINX

Here are the steps to install & configure ModSecurity in NGINX on Ubuntu. You can easily customize it for your Linux distribution.


1. Install Dependencies

Before we install dependencies, we need to stop Apache server, if it is running.

$ sudo systemctl stop apache2
$ ​sudo systemctl disable apache2

This will only stop Apache server and disable it from starting at boot.

Next, we install ModSecurity dependencies

$ sudo apt-get install -y git build-essential libpcre3 libpcre3-dev libssl-dev libtool autoconf apache2-dev libxml2-dev libcurl4-openssl-dev automake pkgconf


2. Compile ModSecurity

Next, we compile ModSecurity. We will directly download its source

$ cd /usr/src
$ ​git clone -b nginx_refactoring


Once the download is complete, you can compile ModSecurity with the following commands

cd ModSecurity
​./ --enable-standalone-module --disable-mlogcmake


3. Compile NGINX

Similarly, we will download and compile NGINX.

$ cd /usr/src
$ ​sudo wget


Extract the downloaded tarball

$ sudo tar xvzf nginx-1.13.4.tar.gz


Before we compile NGINX, we will change to root user

$sudo -s

Then we compile NGINX

$cd nginx-1.13.4/
​$ ./configure --user=www-data --group=www-data --add-module=/usr/src/ModSecurity/nginx/modsecurity --with-http_ssl_module
​$ make
$ ​make install


Modify default NGINX user with the command

$ sed -i "s/#user nobody;/user www-data www-data;/" /usr/local/nginx/conf/nginx.conf


Test the installation with the following command

$ /usr/local/nginx/sbin/nginx -t


You will see a message “…test is successful”



4. Create systemd unit file

To ensure that NGINX starts at boot, create the following systemd file with the command

$ sudo nano /lib/systemd/system/nginx.service

and add the following lines in it

ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
KillStop=/usr/local/nginx/sbin/nginx -s stop





Save and close the file. You can start, stop & restart NGINX with the following commands

$ sudo systemctl start nginx.service
$ sudo systemctl stop nginx.service
$ sudo systemctl restart nginx.service


5. Configure ModSecurity and NGINX

Open NGINX config file

$ sudo nano /usr/local/nginx/conf/nginx.conf


Look for the following block of code

location / {
 root html;
 index index.html index.htm;


Change it to

location / {
 ModSecurityEnabled on;
 ModSecurityConfig modsec_includes.conf;
 root html;
 index index.html index.htm;


Save and close the file.


Next, we enable OWASPcore rules. Open ModSecurity config file

$ sudo nano /usr/local/nginx/conf/modsec_includes.conf

and add the commands

include modsecurity.conf
include owasp-modsecurity-crs/crs-setup.conf
include owasp-modsecurity-crs/rules/*.conf


Save and close the file.



6. Import Necessary modules

Next we import all the required ModSecurity config files

$ sudo cp /usr/src/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
$ sudo cp /usr/src/ModSecurity/unicode.mapping /usr/local/nginx/conf/


Enable SecRuleEngine option in modsecurity.conf

$ sudo sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" /usr/local/nginx/conf/modsecurity.conf


Add the OWASP ModSecurity Core Rule Set

$ cd /usr/local/nginx/conf
$ sudo git clone
$ sudo cd owasp-modsecurity-crs
$ sudo mv crs-setup.conf.example crs-setup.conf
$ sudo cd rules


7. Open the Firewall

Add appropriate firewall rules

$ sudo ufw allow OpenSSH
$ sudo ufw allow 80
$ sudo ufw default deny
$ sudo ufw enable


8. Test the Setup

Test the setup with the command

$ sudo tail -f /usr/local/nginx/logs/error.log


Open a web browser and go to (replace SERVER_IP below with IP address of your server)



Watch the output of your tail command above. You should see an error message from ModSecurity after blocking such a malicious request to your site

how to install and configure modsecurity in nginx

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!