Enable Web Application Firewall

This page need to be updated
Blocklet Server has opt-in support for Web Application Firewall with following open-source projects:
https://github.com/owasp-modsecurity/ModSecurity
https://github.com/owasp-modsecurity/ModSecurity-nginx
https://github.com/coreruleset/coreruleset
Since ModSecurity is not shipped with nginx by default, you will need to build a custom nginx with ModSecurity enabled to make the web application firewall work.

Setup ModSecurity on Amazon Linux 2023## prepare directory
rm -rf /data/setup
mkdir -p /data/nginx
cd /data/nginx

# Install dependencies
sudo dnf groupinstall 'Development Tools' -y
sudo dnf install -y zlib-devel pcre pcre-devel  gperftools gperftools-devel perl-ExtUtils-Embed

# Install ModSecurity
cd /data/nginx
git clone --recursive https://github.com/owasp-modsecurity/ModSecurity
cd ModSecurity
git checkout v3.0.13
./build.sh
./configure
make
sudo make install

# Install ModSecurity-nginx
cd /data/nginx
git clone https://github.com/SpiderLabs/ModSecurity-nginx
cd ModSecurity-nginx
git checkout ef64996aedd4bb5fa1831631361244813d48b82f

# Install nginx
cd /data/nginx
wget https://nginx.org/download/nginx-1.24.0.tar.gz
tar -zxvf nginx-1.24.0.tar.gz
cd nginx-1.24.0
./configure --prefix=/usr/local/nginx \
	--sbin-path=/usr/local/bin/nginx \
	--modules-path=/usr/lib64/nginx/modules \
	--with-compat \
	--with-debug \
	--with-file-aio \
	--with-google_perftools_module \
	--with-http_addition_module \
	--with-http_auth_request_module \
	--with-http_dav_module \
	--with-http_degradation_module \
	--with-http_flv_module \
	--with-http_gunzip_module \
	--with-http_gzip_static_module \
	--with-http_mp4_module \
	--with-http_random_index_module \
	--with-http_realip_module \
	--with-http_secure_link_module \
	--with-http_slice_module \
	--with-http_ssl_module \
	--with-http_stub_status_module \
	--with-http_sub_module \
	--with-http_v2_module \
	--with-mail=dynamic \
	--with-mail_ssl_module \
	--with-pcre \
	--with-pcre-jit \
	--with-stream=dynamic \
	--with-stream_realip_module \
	--with-stream_ssl_module \
	--with-stream_ssl_preread_module \
	--with-threads \
	--with-cc-opt='-I/usr/local/include' \
	--with-ld-opt='-L/usr/local/lib64' \
	--conf-path=/usr/local/nginx/nginx.conf \
	--pid-path=/usr/local/nginx/nginx.pid \
	--lock-path=/usr/local/nginx/nginx.lock \
	--http-client-body-temp-path=/usr/local/nginx/nginx/client_body_temp \
	--http-proxy-temp-path=/usr/local/nginx/nginx/proxy_temp \
	--http-fastcgi-temp-path=/usr/local/nginx/nginx/fastcgi_temp \
	--http-uwsgi-temp-path=/usr/local/nginx/nginx/uwsgi_temp \
	--http-scgi-temp-path=/usr/local/nginx/nginx/scgi_temp \
	--http-log-path=/usr/local/nginx/nginx/access.log \
	--error-log-path=/usr/local/nginx/nginx/error.log \
	--add-module=../ModSecurity-nginx

make
sudo make install

sudo setcap cap_net_bind_service=+ep /usr/local/bin/nginxSetup ModSecurity on Ubuntu#This part is not complete yet.
Welcome

Getting Started

How to Guides

Reference Guides

Conceptual Guides

Frequently Asked Questions

Enable Web Application Firewall

Setup ModSecurity on Amazon Linux 2023#

Setup ModSecurity on Ubuntu#

Security

Defend against CSRF attacks
