Friday, December 20, 2013

Nginx with mod_security support repo for Fedora 20 and EPEL 6 (RHEL 6 / CentOS 6)

ModSecurity for Nginx is a web server module for nginx, because of nginx extensibility model (does not use dynamically loaded modules), I can't just build mod_security like the one for Apache HTTPd, nginx module must be added at compile time.

So I made a repo of a modified Nginx with mod_security support, currently only available for Fedora 20 and EPEL 6 (RHEL 6 / CentOS 6) (can extend it latter - just ask).

I'll try to track the main package version, if you have issues with this repo, email me at athmane (AT) fedora domain or ping me on IRC (athmane)

http://repos.fedorapeople.org/repos/athmane/nginx-mod_security/

Next blog post we'll see how to use Core rules set with Nginx

Edit: http://blog.madjoudj.com/2013/12/getting-started-with-modsecurity-for.html

Edit 2: I forgot to specify that ModSecurity for Nginx is a BETA quality and you should not use it in production (for instance large POST requests to backend may timeout).

4 comments:

  1. Any idea why this isn't in Fedora proper?

    ReplyDelete
    Replies
    1. Mainly for two reasons:

      1) nginx does not support dynamically loaded modules, we can't just have a sub-package, we have to recompile the same package with mod_security bundled-in which leads to conflict with the main nginx package.

      2) mod_security for nginx is still beta and can't be used in production.

      Delete
    2. Thanks for explaining!

      Delete
  2. All of the gang enjoying their time in the magical Flinders Ranges and Broken Hill. Broken Hill is a mecca for great movie sets and fascinating people.
    Share if you like like the great photos!!
    For more info visit: handicapped travel

    ReplyDelete