Nginx 웹방화벽 설치순서

Step 1 : Installing needed packages

apt-get install -y apt-utils autoconf automake build-essential git libcurl4-openssl-dev libgeoip-dev liblmdb-dev libpcre++-dev libtool libxml2-dev libyajl-dev pkgconf wget zlib1g-dev


yum install -y pcre pcre-devel \libxml2 libxml2-devel curl curl-devel \openssl openssl-devel pcre-devel gcc \GeoIP GeoIP-data geoipupdate \yajl-devel ssdeep-devel \lua-devel git lmdb-devel lmdb \libtool automake

##Step 2 : Download and Compile the ModSecurity 3 Source Code##

git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity
cd ModSecurity
git submodule init
git submodule update
./build.sh
./configure
make
make install

Note: The compilation takes about 15 minutes, depending on the processing power of your system. #Step 3 : Download the NGINX Connector for ModSecurity and Compile It as a Dynamic Module#

git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
wget http://nginx.org/download/nginx-1.19.6.tar.gz 
tar zxvf nginx-1.19.6.tar.gz 
cd nginx-1.19.6
./configure --with-compat --add-dynamic-module=../ModSecurity-nginx
make modules
cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules

##Step 4 : Load the NGINX ModSecurity Connector Dynamic Module ## Add this line to /etc/nginx/nginx.conf

load_module modules/ngx_http_modsecurity_module.so;

##Step 5 : Configure and Enable## Set up the appropriate ModSecurity configuration file. Here we’re using the recommended ModSecurity configuration provided by TrustWave Spiderlabs, the corporate sponsors of ModSecurity.

mkdir /etc/nginx/modsec
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended
wget -P /etc/nginx/modsec/ https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/unicode.mapping
mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf

Change the SecRuleEngine directive in the configuration to change from the default “detection only” mode to actively dropping malicious traffic.

sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf

Configure one or more rules. For the purposes of this blog we’re creating a single simple rule that drops a request in which the URL argument called testparam includes the string test in its value. Put the following text in /etc/nginx/modsec/main.conf

# From https://github.com/SpiderLabs/ModSecurity/blob/master/\
# modsecurity.conf-recommended
#
# Edit to set SecRuleEngine On
Include "/etc/nginx/modsec/modsecurity.conf"


# Basic test rule
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403"

Add the modsecurity and modsecurity_rules_file directives to the NGINX configuration to enable ModSecurity:

server {
    # ...
    modsecurity on;
    modsecurity_rules_file /etc/nginx/modsec/main.conf;
}