I would like to migrate from Apache to Nginx… Nginx installation process looks straightforward, but I do not know how to install WAF. I use mod_security in Apache and would like to use it as well on Nginx if it makes sense…
Since I do not have experience with Nginx, could anyone give me some advises on what WAF to choose (what is the most popular) and point me to valid installation howto/docs/manual…
Hi @bzc0fq ,
Atomicorp has an implementation for this in both their ASL (commercial product) and Atomic (OSS) repositories. Take a look a their doc on this here. There is another player out there too, Coraza.
I was unable to download software from Atomic repository, it looks it is not there any longer.
Also it seems that Coraza is in development stage yet - not in production.
Could anyone please advise on what is working WAF solution for nginx?
There must be one - WAF is a basic thing… I guess…
Maybe this will help: GitHub - wallarm/awesome-nginx-security: 🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Nginx + WAF is not unique to Rocky, so I just googled “nginx waf”. How you then implement just requires editing the appropriate nginx config file or whatever, which will generally be the same for most distros, just the location to the config file will be different for EL-based distros, than like Debian/Ubuntu, etc.
There may even not be packages available, in which case means packaging yourself or compiling and installing with the version of nginx you are using.
There is also this: GitHub - SpiderLabs/ModSecurity-nginx: ModSecurity v3 Nginx Connector modsecurity for nginx.
But probably, even easier is:
dnf install nginx-mod-modsecurity
which is in EPEL repository. You can use dnf to search for packages, eg:
dnf list nginx*
dnf search nginx
dnf search modsecurity
for How’To’s I suggest search Google for them.
Thank you very much for the links to the documentation. It helped me a lot. I have uploaded owasp-modsecurity-crs-3.0.2…
I will test the installation later this week…