Recently I migrated my infrastructure from Apache to NGINX and noticed that it lacks packaging for ModSecurity and a proper rule set like the coreruleset from OWASP.
So I decided to start packaging the necessary components to get the coreruleset running.
This link will redirect you to the repository.
After installation you may edit “/etc/nginx/modsecurity.d/coreruleset/crs-setup.conf” and change
#SecDefaultAction "phase:1,log,auditlog,pass" #SecDefaultAction "phase:2,log,auditlog,pass"
to
SecDefaultAction "phase:1,log,auditlog,deny,status:403" SecDefaultAction "phase:2,log,auditlog,deny,status:403"
notice you could change the http status code to anything else e.g. 444.
Add your expetions to this files:
cp /etc/nginx/modsecurity.d/coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /etc/nginx/modsecurity.d/coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf cp /etc/nginx/modsecurity.d/coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example /etc/nginx/modsecurity.d/coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
P.S. I compiled my own libmodsecurity because the default one includes LMDB which caused segfaults on my machine so I just removed it completely.