ModSecurity

Compilation

ModSecurity is not compiled by default. If you want to use ModSecurity with SEnginx, add the following option when calling se-configure.sh:

--with-modsecurity

Usage

You can follow the steps:

(1) login as root
(2) change "conf/modsecurity.conf-recommended" to "conf/modsecurity.conf" in the SEnginx installation diretory
(3) go to OWASP ModSecurity Core Rule Set (CRS) to download rules, extract it and go into the rule directory
(4) cat modsecurity_crs_10_setup.conf.example >> SEnginx-installed-dir/conf/modsecurity.conf
(5) for f in `find base_rules/ -name *.conf`; do cat $f >> SEnginx-installed-dir/conf/modsecurity.conf; done
(6) for f in `find base_rules/ -name *.data`; do cp -f $f SEnginx-installed-dir/conf/; done
(7) for f in `find optional_rules/ -name *.conf | grep comment_spam`; do cat $f >> SEnginx-installed-dir/conf/modsecurity.conf;done
(8) for f in `find optional_rules/ -name *.data | grep comment_spam`; do cp -f $f SEnginx-installed-dir/conf/; done
(9) in nginx.conf, add "ModSecurityEnabled on;" and "ModSecurityConfig modsecurity.conf;" in the locations that you wanted to enable ModSecurity.
(10) start senginx