[Article proposal] Setting a WAF with modsecurity for nginx

mikelo2 · April 16, 2023, 3:02pm

Article Summary:

Showcase newly added nginx-mod-modsecurity package that is a connector for libmodsecurity (ModSecurity v3). modsecurity for httpd has been part of Fedora/RHEL since many years ago, so sould like to focus on nginx.

Article Description:
The proposal would be to briefly explain what a WAF does and how can help to secure webservers, introduce (lib)modsecurity and continue with installing nginx’s modsecurity conector nginx-mod-modsecurity.

The flow of the article could be:

What is a WAF?
What is modsecurity?
Configure libmodsecurity and nginx-mod-modsecurity
Create a custom rule to test the install
Extend with with new rules (pending on a proposal to mod_security_crs)

glb · April 16, 2023, 3:59pm

A big +1! This sounds like a great article for Fedora Magazine.

rlengland · April 17, 2023, 7:44pm

+1 from me, @mikelo2
I’ve created Pagure ticket #190 to track this article and it is assigned to you.

Please use comments on this ticket if you have questions or need to communicate with the editors about anything.

When you have it ready to review in the Fedora Magazine WordPress site, please leave a comment in this ticket with a preview link and we will start the review process.

Thanks for volunteering to write for the magazine.