Article Summary:
Showcase newly added nginx-mod-modsecurity
package that is a connector for libmodsecurity (ModSecurity v3). modsecurity for httpd
has been part of Fedora/RHEL since many years ago, so sould like to focus on nginx.
Article Description:
The proposal would be to briefly explain what a WAF does and how can help to secure webservers, introduce (lib)modsecurity and continue with installing nginx’s modsecurity conector nginx-mod-modsecurity
.
The flow of the article could be:
- What is a WAF?
- What is modsecurity?
- Configure libmodsecurity and nginx-mod-modsecurity
- Create a custom rule to test the install
- Extend with with new rules (pending on a proposal to
mod_security_crs
)