How to set up the ModSecurity module

How to set up the ModSecurity module#

After the ModSecurity package was installed, additional setup is required.

  1. Enable the installed module in your configuration with the load_module directive:

    /etc/angie/angie.conf#
    load_module modules/ngx_http_modsecurity_module.so;
    
  2. Use the modsecurity and modsecurity_rules_file directives in an appropriate context, such as server:

    /etc/angie/http.d/default.conf#
    server {
        modsecurity on;
        modsecurity_rules_file /etc/angie/modsecurity/rules.conf;
        # ...
    }
    
  3. Copy the OWASP ModSecurity Core Rule Set (CRS) to /var/lib/angie/modsecurity/:

    $ cd /var/lib/angie/modsecurity/
    $ sudo git clone -b v4.1.0 https://github.com/coreruleset/coreruleset
    

    Tip

    Find the latest release number here: coreruleset/coreruleset

  4. In the core rule set directory, copy the minimal necessary ModSecurity configuration examples:

    $ sudo cp coreruleset/crs-setup.conf.example coreruleset/crs-setup.conf
    $ sudo cp coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example \
          coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
    $ sudo cp coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example \
          coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
    
  5. Uncomment the following Include directives in /etc/angie/modsecurity/rules.conf:

    Include /var/lib/angie/modsecurity/coreruleset/crs-setup.conf
    Include /var/lib/angie/modsecurity/coreruleset/rules/*.conf
    
  6. Reload Angie configuration to apply the changes:

    $ sudo angie -t && sudo service angie reload