Question
What is the best web server firewall for nginx?
- Posted February 9, 2014
I’m having hard time with setting mod_security module for my web server nginx. I get a lot of issues and errors before compiling the files.
I followed a lot of tuts on the net, but mostly end up with either none working process or cut steps that I don’t understand what to do next…
any idea??
Thanks
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I’d enjoy finding a solution to this as well… at the very least an alternative to mod_security that plays well with nginx. I remember reading that mod_security was (or is now) compatible with nginx? Not sure though as it seems one would need to have both apache and nginx to have this as a solution… in the meantime I have gone the money route by installing Dome9.
If anyone has a direction to point on this matter… how wonderful that would be!
Very interested here!!
IPTables?
@Kamal, Thanks for asking. I tried the following specifically for mod_security… <br> <br> https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_NGINX <br> <br>http://www.nginxtips.com/how-to-install-mod_security-on-nginx/ <br> <br>http://blog.madjoudj.com/2013/12/getting-started-with-modsecurity-for.html <br> <br>http://cronylab.pl/art,nginx,modsecurity,howto,201.html <br> <br> <br>And the last one available at DO, but for Apache, not Nginx: <br> <br>https://www.digitalocean.com/community/articles/how-to-set-up-mod_security-with-apache-on-debian-ubuntu <br> <br>it doesn’t seem to be compatible with Nginx. so That’s why I was wondering if I can replace Mod_security with Naxsi or not!!! <br> <br>Any idea?? <br>
What tuts have you tried following and what commands didn’t work for you?
Speaking about open-source solutions, you should definitely look at naxsi (NAXSI means Nginx Anti Xss & Sql Injection). This is short desc from official site:
Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple rules (naxsi_core.rules) containing 99% of known patterns involved in websites vulnerabilities. For example, ‘<’, ‘|’ or ‘drop’ are not supposed to be part of a URI.
In practice, you still need support it and keep rules up-to-date for your applications (but with help of built-in learning modules). If you’re a looking for more efficient and easy-to-use solution, give a chance to Wallarm. It is built on NGINX, learns from traffic to craft blocking rules, has awesome interface and even vulnerability scanner built-in — but, unfortunately, it is not free.