Install LibModsecurity Web Application Firewall With Nginx On CentOS 8
LINK >>> https://blltly.com/2trkip
In this guide, we are going to learn how to configure LibModsecurity with Apache on CentOS 8. LibMosecurity also known as ModSecurity version 3, is an open source, cross platform web application firewall (WAF) engine which provides protection against a wide range of web application attacks.if(typeof ez_ad_units!='undefined'){ez_ad_units.push([[300,250],'kifarunix_com-box-3','ezslot_14',105,'0','0'])};__ez_fad_position('div-gpt-ad-kifarunix_com-box-3-0');
Clone the git repository for the ModSecurity Apache connector.cd git clone -apacheNavigate to ModSecurity-apache directory and run the following commands to compile and install it.if(typeof ez_ad_units!='undefined'){ez_ad_units.push([[336,280],'kifarunix_com-large-mobile-banner-1','ezslot_12',122,'0','0'])};__ez_fad_position('div-gpt-ad-kifarunix_com-large-mobile-banner-1-0');cd ModSecurity-apache./autogen.sh./configure --with-libmodsecurity=/usr/local/modsecurity/makemake installConfigure Apache with LibModsecurity on CentOS 8Next, configure Apache to load Modsecurity Apache connector module by adding the line below to the main Apache configuration file.if(typeof ez_ad_units!='undefined'){ez_ad_units.push([[300,250],'kifarunix_com-large-mobile-banner-2','ezslot_13',110,'0','0'])};__ez_fad_position('div-gpt-ad-kifarunix_com-large-mobile-banner-2-0');
Since we have included the OWASP Rules, proceed to install them.Install OWASP ModSecurity Core Rule Set (CRS)The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity. It aims at protecting the web applications from a wide range of attacks, including the OWASP Top Ten, minimum of false alerts.Clone the CRS from GitHub repository to /etc/apache2/modsecurity.d/ as shown below;
You can as well check Modsecurity logs;tail /var/log/httpd/modsec_audit.log...ModSecurity: Warning. Matched \"Operator `PmFromFile' with parameter `unix-shell.data' against variable `ARGS:exec' (Value: `/bin/bash' ) [file \"/etc/httpd/conf.d/modsecurity.d/owasp-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf\"] [line \"496\"] [id \"932160\"] [rev \"\"] [msg \"Remote Command Execution: Unix Shell Code Found\"] [data \"Matched Data: bin/bash found within ARGS:exec: /bin/bash\"] [severity \"2\"] [ver \"OWASP_CRS/3.2.0\"] [maturity \"0\"] [accuracy \"0\"] [tag \"application-multi\"] [tag \"language-shell\"] [tag \"platform-unix\"] [tag \"attack-rce\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION\"] [tag \"WASCTC/WASC-31\"] [tag \"OWASP_TOP_10/A1\"] [tag \"PCI/6.5.2\"] [hostname \"centos8.kifarunix-demo.com\"] [uri \"/index.html\"] [unique_id \"158386776469.002836\"] [ref \"o1,8v21,9t:urlDecodeUni,t:cmdLine,t:normalizePath,t:lowercase\"]ModSecurity: Access denied with code 403 (phase 2). Matched \"Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file \"/etc/httpd/conf.d/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"79\"] [id \"949110\"] [rev \"\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 5)\"] [data \"\"] [severity \"2\"] [ver \"\"] [maturity \"0\"] [accuracy \"0\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-generic\"] [hostname \"centos8.kifarunix-demo.com\"] [uri \"/index.html\"] [unique_id \"158386776469.002836\"] [ref \"\"]Well, there you go. ModSecurity 3 or LibModSeceurity is now installed, activated and protecting your site against web attacks.Feel free to set up more rules as you wish and protect your web application.
This tutorial is going to show you how to install and use ModSecurity with Nginx on Debian/Ubuntu servers. ModSecurity is the most well-known open-source web application firewall (WAF), providing comprehensive protection for your web applications (like WordPress, Nextcloud, Ghost etc) against a wide range of Layer 7 (HTTP) attacks, such as SQL injection, cross-site scripting, and local file inclusion.
libmodsecurrity is the ModSecurity library that actually does the HTTP filtering for your web applications. On Debian 10 and Ubuntu 20.04, 22.04, you can install it with sudo apt install libmodsecurity3, but I recommend you compile the latest stable version from the source.
Note that if you have multiple applications such as (WordPress, Nextcloud, Drupal, etc) installed on the same server, then the above rule exclusions will be applied to all applications. To minimize the security risks, you should enable a rule exclusion for one application only. To do that, go to the /etc/nginx/modsec/coreruleset-3.3.0/rules/ directory.
ModSecurity is a popular, free, open-source web application firewall used to protect web applications against several types of attacks including SQL injection, cross-site scripting, and local file inclusion. It is frequently employed to protect websites, cPanel, and other hosting control panels. While ModSecurity was primarily designed for the Apache webserver, it can also work with the Nginx web server. 1e1e36bf2d