Linux serverlinux web serverNETWORK ADMINISTRATIONS

Nginx ModSecurity Tutorial | Nginx WAF

In this video, we will take a look at how to secure Nginx with ModSecurity. ModSecurity is a free and open-source web application firewall for apache, it started out as an apache module but has grown into a fully-fledged web application firewall.
It works by inspecting requests sent to the webserver in real-time against a predefined ruleset.
ModSecurity prevents typical web application attacks like XSS, SQL Injection. It does this by actively monitoring and logging requests being sent to the webserver.

Video Documentation: https://www.linode.com/docs/guides/securing-nginx-with-modsecurity/

———————————————————————————–

REGISTER FOR PART 2: https://bit.ly/3fsFPZV
GET $100 IN LINODE CREDIT: https://bit.ly/2PeFnDO

———————————————————————————–

BLOG ►► https://bit.ly/3qjvSjK
FORUM ►► https://bit.ly/39r2kcY
ACADEMY ►► https://bit.ly/39CuORr

———————————————————————————–

TWITTER ►► https://bit.ly/3sNKXfq
INSTAGRAM ►► https://bit.ly/3sP1Syh
LINKEDIN ►► https://bit.ly/360qwlN
PATREON ►► https://bit.ly/365iDLK
MERCHANDISE ►► https://bit.ly/3c2jDEn

———————————————————————————–

CYBERTALK PODCAST ►► https://open.spotify.com/show/6j0RhRiofxkt39AskIpwP7

———————————————————————————–

We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.

———————————————————————————–

Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d’avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة

———————————————————————————–
#WebAppSec#Infosec

source

by HackerSploit

linux web server

27 thoughts on “Nginx ModSecurity Tutorial | Nginx WAF

  • I just realized that *NGINX App Protect Modern WAF and Denial of Service to protect apps and APIs.* is only for nginx plus, so Nginx open source is useless , well If I don't want to pay I will look for other web server but if I have to pay I will choose the best. I don't know if i can trust in spiderlabs. Nginx should remove "nginx open source web server" because it is insecure , I don't recommend it, pay for something good. Thanks for your video.

  • E: Unable to locate package libpcre++-dev

    E: Couldn't find any package by regex 'libpcre++-dev'

    E: Unable to locate package zlibc

    E: Unable to locate package libxslt

  • just change the SELinux context thats it. No need of Mob Security.

  • its very clear guide. Thank you for high quality content

  • My only complaint is something this complicated should be automated with an Ansible playbook or Chef cookbook, IMHO

  • Hello. Thanks forthe video. I was installing the modsecurity for nginx but I run into trouble. This is the error message i got "adding module in /build/nginx-qDpDX0/nginx-1.18.0/debian/modules/http-geoip2
    ./configure: error: no /build/nginx-qDpDX0/nginx-1.18.0/debian/modules/http-geoip2/config was found"
    Can you help on this. the ubuntu system is 22. and there is no help on this on the internet.

  • I have done everything as you have said, but after running the command "sudo nginx -t" to test nginx syntax, it throws an error saying modsecurity_rules_file" directive Rules error. File: /usr/local/modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf Then i removed the file and everything worked fine. But it is an important config file why is this happeing.

  • Hi i have a question
    What if ubuntu is upgraded / updated , so maybe there can be a higher version of nginx (example 1.25) !
    (can nginx be upgraded if we upgrade Ubuntu version? I don't know this buy the way )
    So we composed module from nginx 1.14 nginx file
    Is tihs make a problem?

  • Is there some docker version which all tools enabled and still you can check what has been installed with dockerfile or so 🙂

  • There is an error in your documentation in the section configure modsecurity. Either the path to copy or config from/to are wrong or you left a step to create the directories. Please, check. Thanks.

  • Hi,
    My all 12 cores of my server shoots to 100% usage after turning the Modsecurity On. It works fine after turning it off.
    What is wrong?

  • Great video. What are your thoughts on NAXSI? Modsec has a huge performance hit. NAXSI is supposed to be a lot faster

  • I am having an error right after I run the step 6. in Building the ModSecurity Module For Nginx section

    adding module in /build/nginx-m1Thpq/nginx-1.14.2/debian/modules/http-auth-pam
    ./configure: error: no /build/nginx-m1Thpq/nginx-1.14.2/debian/modules/http-auth-pam/config was found

  • Awesome tutorial – first shot it worked like charm on nginx 1.18 and Ubuntu server 20.04 focal fossa ❤️ love it

Comments are closed.