What is the best web server firewall for nginx?

February 9, 2014 24.3k views
FMCB
By:
FMCB
I'm having hard time with setting mod_security module for my web server nginx. I get a lot of issues and errors before compiling the files. I followed a lot of tuts on the net, but mostly end up with either none working process or cut steps that I don't understand what to do next.... any idea?? Thanks
1 comment
  • AlanTurnbull October 19, 2014

    Speaking about open-source solutions, you should definitely look at naxsi (NAXSI means Nginx Anti Xss & Sql Injection). This is short desc from official site:

    Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple rules (naxsi_core.rules) containing 99% of known patterns involved in websites vulnerabilities. For example, '<', '|' or 'drop' are not supposed to be part of a URI.

    In practice, you still need support it and keep rules up-to-date for your applications (but with help of built-in learning modules). If you're a looking for more efficient and easy-to-use solution, give a chance to Wallarm. It is built on NGINX, learns from traffic to craft blocking rules, has awesome interface and even vulnerability scanner built-in — but, unfortunately, it is not free.

Log In to Comment
5 Answers
kamaln7 MOD February 10, 2014
What tuts have you tried following and what commands didn't work for you?
Reply
FMCB February 11, 2014
@Kamal, Thanks for asking. I tried the following specifically for mod_security...

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_NGINX

http://www.nginxtips.com/how-to-install-mod_security-on-nginx/

http://blog.madjoudj.com/2013/12/getting-started-with-modsecurity-for.html

http://cronylab.pl/art,nginx,modsecurity,howto,201.html


And the last one available at DO, but for Apache, not Nginx:

https://www.digitalocean.com/community/articles/how-to-set-up-mod_security-with-apache-on-debian-ubuntu

it doesn't seem to be compatible with Nginx. so That's why I was wondering if I can replace Mod_security with Naxsi or not!!!

Any idea??
How To Set Up mod_security with Apache on Debian/Ubuntu
by Jesin A
Here's how to set up mod_security with Apache on Debian/Ubuntu.
Reply
Jon February 14, 2014
IPTables?
Reply
pabagan March 10, 2014
Very interested here!!
Reply
info670162 July 18, 2014

I'd enjoy finding a solution to this as well.. at the very least an alternative to modsecurity that plays well with nginx. I remember reading that modsecurity was (or is now) compatible with nginx? Not sure though as it seems one would need to have both apache and nginx to have this as a solution... in the meantime I have gone the money route by installing Dome9.

If anyone has a direction to point on this matter... how wonderful that would be!

Reply
Have another answer? Share your knowledge.