HugeServer Knowledgebase

How to Install Nginx with libModSecurity and OWASP core rule set on Ubuntu 16


libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax and feature set of ModSecurity while delivering improved performance, stability, and a new experience in easy integration. Even though ModSecurity 2.9.x was offered for different platforms, it really favored deploying with Apache and deploying with other platforms required various 3rd party dependencies at the cost of performance. LibModSecurity changes all that by being a rewrite from scratch.
In this tutorial, we will show you how to compile the latest version of Nginx with libModSecurity We will also be integrating the OWASP ModSecurity Core Rule Set (CRS).

Install Dependencies

As we are going to Compile both Nginx and libModSecurity from the source we are going to need following dependencies installed, so before start installing the dependencies, update your repository list with the following command:

apt-get update

Now execute the following command to install all of the needed dependencies:

apt-get install apache2-dev autoconf automake build-essential bzip2 checkinstall devscripts flex g++ gcc git graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat libaio-dev libaio1 libass-dev libatomic-ops-dev libavcodec-dev libavdevice-dev libavfilter-dev libavformat-dev libavutil-dev libbz2-dev libcdio-cdda1 libcdio-paranoia1 libcdio13 libcurl4-openssl-dev libfaac-dev libfreetype6-dev libgd-dev libgeoip-dev libgeoip1 libgif-dev libgpac-dev libgsm1-dev libjack-jackd2-dev libjpeg-dev libjpeg-progs libjpeg8-dev liblmdb-dev libmp3lame-dev libncurses5-dev libopencore-amrnb-dev libopencore-amrwb-dev libpam0g-dev libpcre3 libpcre3-dev libperl-dev libpng12-dev libpng12-0 libpng12-dev libreadline-dev librtmp-dev libsdl1.2-dev libssl-dev libssl1.0.0 libswscale-dev libtheora-dev libtiff5-dev libtool libva-dev libvdpau-dev libvorbis-dev libxml2-dev libxslt-dev libxslt1-dev libxslt1.1 libxvidcore-dev libxvidcore4 libyajl-dev make openssl perl pkg-config tar texi2html unzip zip zlib1g-dev

Download and Install libModSecurity

In this section we are going to clone the ModSecurity source form it’s official Git repository then checkout and build the libModSecurity so execute the following commands one by one to get it done:

cd /opt/
git clone
cd ModSecurity
git checkout -b v3/master origin/v3/master
git submodule init
git submodule update

If you have done everything right, you will not see any errors during the configuration, so you can go ahead and start compiling with the following command (It’s going to take a few minutes):

make && make install

After the installation process is finished, it’s a good idea to check if everything has been installed correctly with the following command:

make check

Download the ModSecurity Nginx connector

Switch back to the “opt” directory and clone the ModSecurity-nginx connector with the command below:

cd /opt/
git clone

Download and Install Nginx

In this section, we are going to download the latest stable version of Nginx which is “1.12.2” at the time of the writing. you can always go to Nginx official website to get the latest stable version.

Download the source file in the “opt” directory using Wget:

cd /opt/

Extract the source files with the command below:

tar xvzf nginx-1.12.2.tar.gz

Now execute the following commands one by one to compile and install Nginx:

cd nginx-1.12.2
./configure --user=www-data --group=www-data --with-pcre-jit --with-debug --with-http_ssl_module --with-http_realip_module --add-module=/opt/ModSecurity-nginx
make && make install

The ModSecurity source code that we downloaded earlier includes a sample ModSecurity.conf file with some recommended settings. Copy this file to the folder with the Nginx configuration files:

cp /opt/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf

Create a symlink from the Nginx binary to our executable path:

ln -s /usr/local/nginx/sbin/nginx /bin/nginx

Configuring Nginx

In order to get libModSecurity working with your Nginx, you have to do some configuration first. so open the Nginx global configuration file with the command below:

nano /usr/local/nginx/conf/nginx.conf

At the very beginning of the file, you can see a line that refers to “user”, uncomment it and change its value like below:

user www-data;

Find the “pid” line and make it looks like below:

pid /var/run/;

Find the “server” directive and delete everything within the two curly braces “{}” and add the following lines in it:

listen 80;
server_name localhost;
modsecurity on;
location / {
root html;
index index.html index.htm;
modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;

Save and Exit the editor.
Now we are going to create a “systemd” service for Nginx. Create a “nginx.service” file in the proper path with the following command:

nano /etc/systemd/system/nginx.service

Paste the following lines into the file then save and exit:

Description=The NGINX HTTP and reverse proxy server

ExecStartPre=/bin/nginx -t
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID


Execute the following command to take effect:

systemctl daemon-reload

You can check if your Nginx configurations are ok with the following command:

nginx -t

You have to see something like below:

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

Install OWASP Core Rule Set (CRS)

Clone and copy the latest version of OWASP rules and configurations to Nginx:

cd /opt/
git clone
cd owasp-modsecurity-crs/
cp -R rules/ /usr/local/nginx/conf/
cp /opt/owasp-modsecurity-crs/crs-setup.conf.example /usr/local/nginx/conf/crs-setup.conf

Edit the ModSecurity config file to include the OWASP rule set files:

nano /usr/local/nginx/conf/modsecurity.conf

Paste the following lines at the end of the file:

#Load OWASP Config
Include crs-setup.conf
#Load all other Rules
Include rules/*.conf
#Disable rule by ID from error message
#SecRuleRemoveById 920350

At last, Restart your Nginx to take effect with the command below:

systemctl restart nginx

You can view the following log file to see all of the ModSecurity events:

tail -f /var/log/modsec_audit.log

You can visit LibModSecurity official Github page to access different releases and more information!

Was this tutorial helpful?

Thank you for your vote.Thank you for your vote.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *