ModSecurity

Compilation

Currently, only the 1.5 development versions of SEnginx supports ModSecurity, and it is not compiled by default. If you wanna use ModSecurity, add the following option when calling se-configure.sh:

--with-modsecurity

Usage

You can follow the steps:

(1) login as root
(2) change "conf/modsecurity.conf-recommended" to "conf/modsecurity.conf" in the SEnginx installation diretory
(3) go to https://github.com/SpiderLabs/owasp-modsecurity-crs to download rules, extract it and go into the rule directory
(4) cat modsecurity_crs_10_setup.conf.example >> SEnginx-installed-dir/conf/modsecurity.conf
(5) for f in `find base_rules/ -name *.conf`; do cat $f >> SEnginx-installed-dir/conf/modsecurity.conf; done
(6) for f in `find base_rules/ -name *.data`; do cp -f $f SEnginx-installed-dir/conf/; done
(7) for f in `find optional_rules/ -name *.conf | grep comment_spam`; do cat $f >> SEnginx-installed-dir/conf/modsecurity.conf;done
(8) for f in `find optional_rules/ -name *.data | grep comment_spam`; do cp -f $f SEnginx-installed-dir/conf/; done
(9) in nginx.conf, add "ModSecurityEnabled on;" and "ModSecurityConfig modsecurity.conf;" in the locations that you wanted to enable ModSecurity.
(10) start senginx