# Install mod_security on nginx webserver



## prot3ct0r (Sep 19, 2015)

Hello Guys !

Can anybody explain how to install mod_security2 and OWASP rules on www/nginx step by step.

*Notice that I use from latest version of FreeBSD.*

Thank you


----------



## junovitch@ (Sep 20, 2015)

The 3rd party ModSecurity module isn't a default option for the port.  To start, you would have to install www/nginx via ports by doing `cd /usr/ports/www/nginx && make install`.


----------



## prot3ct0r (Sep 20, 2015)

I was installed nginx webserver with pkg : `pkg install nginx` now uninstall that? How?
And in port, I was install www/nginx and ticked modsecurity on install configuration but when in nginx.conf sets ModSecurityEnabled on; now how set the default WAF protection rules on nginx?


----------



## drhowarddrfine (Sep 20, 2015)

`pkg delete nginx`

A simple Google of "nginx mod_security2" brought up a multitude of articles on how to do that.


----------



## prot3ct0r (Sep 20, 2015)

drhowarddrfine said:


> `pkg delete nginx`
> 
> A simple Google of "nginx modsecurity" brought up a multitude of articles on how to do that.


Hi
I active modsecurity on www/nginx.
Is there anything like owasp CRS for rules?
I did not find anything for configuration WAF .
Thank you


----------



## drhowarddrfine (Sep 20, 2015)

I don't know but a simple Google for "web application firewall nginx" brought up a multitude of articles on that.


----------



## prot3ct0r (Sep 20, 2015)

I searched a lot but couldn't find anything.


----------



## rudelgurke (Sep 20, 2015)

Well - I simply installed the port by selecting the corresponding option, then using "https://github.com/SpiderLabs/owasp-modsecurity-crs" and doing local changes.

Still one issue that was problematic - and made me move mod_sec back to the backend Apache - was it doesn't seem possible to use "SecRuleRemoveById" inside a Nginx "location". It seems it's only possible to either globally disable or enable rules - unlike in Apache where you can disable rules on a location / directory base.


----------

