Install Nginx with Mod Security & Setup

As the title said, this is a tutorial on how to install Nginx with Mod Security & How to setup.

So there are two parts.

Table of Contents

  • Install ModSecurity
    • Install LibModsecurity
    • Install Nginx ModSecurity Connector
  • Setup ModSecurity
Install LibModSecurity

1. Check Official Documents

Go to

2. Now install some required dependencies

For yum-based:

$ yum install gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel

For apt-based:

$ sudo apt-get install g++ flex bison curl doxygen libyajl-dev libgeoip-dev libtool dh-autoreconf libcurl4-gnutls-dev libxml2 libpcre++-dev libxml2-dev

Please note: Each System is quite different.. Take a look at the official Wiki before install

3. Download LibModSecurity

Clone LibModSecurity from Github

$ cd /opt/ 
$ git clone

Checkout Github branches

$ cd ModSecurity
$ git checkout -b v3/master origin/v3/master

4. Install LibModSecurity

Prepare to build

$ sh

Install SubModules

$ git submodule init
$ git submodule update

Configure & Install ModSecurity

$ ./configure
$ make
$ make install

Now LibModSecurity is installed, it’s time to install Nginx Connector

Install Nginx Connector
  1. Download & Configure Nginx Connector
$ cd /opt/
$ git clone
$ wget
$ tar -xvzf ngx_openresty-

2. Setup Environment Variables

# ensure env vars are set
export MODSECURITY_INC="/opt/ModSecurity/headers/"
export MODSECURITY_LIB="/opt/ModSecurity/src/.libs/"

3. Compile Nginx with ModSecurity Connector

# cd (your Nginx Source Code Directory)
./configure (with existing arguments) --add-module=/opt/ModSecurity-nginx 

make install

You are all set with Nginx!

Now, Setup Nginx ModSecurity

Setup ModSecurity
  1. Setup Directory
$ mkdir /etc/nginx/modsec 
$ wget -P /etc/nginx/modsec/ 
$ mv /etc/nginx/modsec/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf

2. Change SecRuleEngine to Active (Instead of Detection)

$ sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/nginx/modsec/modsecurity.conf

3.Configure Rules

Create a file called main.conf at /etc/nginx/modsec/main.conf and fill with the following contents

# From\
# modsecurity.conf-recommended
# Edit to set SecRuleEngine On
Include ""


Now, use OWASP ModSecurity Core Rule Set (CRS) from

1. Create a folder under Nginx Source

cd /etc/nginx/

2. Clone OWASP into Nginx

git clone

3. Move Core File to remove .example

mv crs-setup.conf.example crs-setup.conf

Edit the file with your own need

4. Rename Exclusion files to avoid rewrite after updates


5. Make an all-inclusive file to set as ModSecurityConfig

cd /etc/nginx/modsec

edit main.conf and add the following contents

    include owasp-modsecurity-crs/crs-setup.conf
    include owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
    include owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
    include owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
    include owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf
    include owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
    include owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf
    include owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
    include owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
    include owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
    include owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
    include owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
    include owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
    include owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
    include owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
    include owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
    include owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
    include owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
    include owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
    include owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
    include owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
    include owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
    include owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
    include owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
    include owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf
    include owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

So the file would look like

# From\
# modsecurity.conf-recommended
# Edit to set SecRuleEngine On
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""
Include ""

Then Edit your nginx main file, add the following lines inside http block

modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

Test your nginx

nginx -t


You’ve setup the basic ModSecurity Rules


Scroll to Top