WebApp security can be a huge challenge especially with the prevalence of malicious tools such as rootkits, scanners, bots, and other malware. Although getting breached may seem a matter of when if not if, it is prudent to implement some decent security measures to safeguard your web applications.
One of the tools that can provide a decent level of security against attacks is called ModSecurity. This is a free and open-source Web Application Firewall (WAF) that can protects your web applications from a vast array of layer 7 attacks such as cross-site scripting (XSS), SQL injection, session hijacking, and many more.
In this guide, it show how to install and configure ModSecurity to work with Nginx on Ubuntu from source.
Steps:
- Install dependencies
- Install latest Nginx version
- Download Nginx source package
- Install the Libmodsecurity3 library
- Download and compile ModSecurity v3 Nginx Connector
- Load the ModSecurity Nginx Connector module
- Download OWASP corerule set
- Testing out ModSecurity
 |
| ModSecurity |
Links: