Hi Anders. If you are using nginx take a look at naxsi.
Best regards Casper > Den 20. mar. 2017 kl. 19.52 skrev "lann...@runbox.com" <lann...@runbox.com>: > > Hi, > I have spent about 2 days trying to understand how to setup mod-security on > my web server. > > I choose to rely on packages in the official repo, so if possible I will not > compile packages. > > Is correct to say that I can't have mod-security in nginx? > Is mod-security only available in apache2? > > Then I'm looking for some instruction about installing. There are a lot of > outdated material and is difficult to learn the right stuff. > > > Here is what I have typed: > > > apt-get install libcurl3-gnutls liblua5.1-0 libxml2 > apt-get install libapache2-mod-security2 > apt-get install modsecuriy-crs > sudo mv /etc/modsecurity/modsecurity.conf-recommended > /etc/modsecurity/modsecurity.conf > sudo nano /etc/modsecurity/modsecurity.conf > > > I have turned on the option SecRuleEngine > > git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git > > > Now... my questions are: > > 1) Where I have to put the rules > 2) Which other config files I have to edit > 3) How I enable modsecurity on my website > 4) Do you have sample config file to share? > > > Thanks a lot for your help. > > Anders. LA. >
