This is a series of NGINX / ModSecurity tutorials that start with the basics and build up the full stack including the tuning of the OWASP ModSecurity Core Rule Set.
(The series is still incomplete, that’s why the numbers do not make much sense so far.)
- Tutorial 1: Compiling NGINX
- Tutorial 2: Configuring a Minimal NGINX Web Server
- Tutorial 6: Embedding ModSecurity
- Tutorial 7: Including OWASP ModSecurity Core Rule Set
- Tutorial 8: Handling False Positives with the OWASP ModSecurity Core Rule Set
The advanced tutorials make use of several scripts and aliases which are listed below:
- .nginx-modsec.alias (Github Link)
- apachex (Github Link)
- arbigraph (Github Link)
- basicstats.awk (Github Link)
- do-binning.rb (Github Link)
- lastrequestsummary (Github Link)
- modsec-positive-stats.rb (Github Link)
- modsec-rulereport.rb (Github Link)
- parse-apache-logs.rb (Github Link)
- percent.awk (Github Link)
- watch-lastrequestsummary (Github Link)