Securing Nginx With ModSecurity

Discussion in 'Tips/Tricks/Mods' started by concept21, Sep 16, 2024.

  1. concept21

    concept21 Active Member

  2. pyte

    pyte Well-Known Member HowtoForge Supporter

    There are a few posts in the forums within the last 2 years of people using modsecurity with nginx you might want to check them out. It seems like there are no major issues with it.
     
    concept21 likes this.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess the only downside is that you will most likely have to compile your own Nginx binaries.
     
    ahrasis and concept21 like this.
  4. concept21

    concept21 Active Member

    Nice.
    I will compile my own module after I have upgraded my system to Ubuntu 24.04 in which Nginx version becomes v1.2x, not v1.1x any more.:rolleyes:
     
  5. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Never used this since your last thread about this few years back because I know ISPConfig won't work well with version other than that shipped with the OS. I thought you tested that with Ondrej Sury Nginx Mainline and knew that already, I mean since compiling it from the latest version is almost similar to that, right? What are the gains that can benefit you from this hassle?
     
  6. concept21

    concept21 Active Member

    I did compile a 3rd party module for Nginx on Ubuntu 20.04.
    You can choose the Ubuntu source with this command:
    sudo fakeroot apt source nginx
    Then, it will download the Ubuntu Nginx source for you. :cool:
     
  7. concept21

    concept21 Active Member

    This 3rd party module for Nginx is also a good choice, with low rule set maintenance, light weight. I have been using it since Ubuntu 20.04 to Ubuntu 22.04. :cool:
    https://github.com/wargio/naxsi
     
  8. variable99

    variable99 Member

    Hm, and how such compiled from source module behaves with ISPC? For example: you must recompile it each time new nginx version comes out?
     
    ahrasis likes this.
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    There is nothing ISPConfig specific, as long as your manually compiled version uses the same folders e.g. for config files that the regular Nginx version uses.

    I think so, and that's the main reason why I would avoid using it on my systems.
     
    ahrasis likes this.
  10. concept21

    concept21 Active Member

    Yes, for example, from v1.18 to v1.20.

    However, Nginx of Ubuntu 20.04 and Ubuntu 22.04 have the same version number v1.18, I can still use them. :cool:

    If you are going to upgrade to Ubuntu 24.04 with Nginx v1.24, then you must disable it and then recompile. :rolleyes:
     

Share This Page