Nginx ModSecurity Tutorial | Nginx WAF

Просмотров 37 тыс.

% 816

In this video, we will take a look at how to secure Nginx with ModSecurity. ModSecurity is a free and open-source web application firewall for apache, it started out as an apache module but has grown into a fully-fledged web application firewall.
It works by inspecting requests sent to the webserver in real-time against a predefined ruleset.
ModSecurity prevents typical web application attacks like XSS, SQL Injection. It does this by actively monitoring and logging requests being sent to the webserver.
Video Documentation: www.linode.com/docs/guides/securing-nginx-with-modsecurity/
-----------------------------------------------------------------------------------
REGISTER FOR PART 2: bit.ly/3fsFPZV
GET $100 IN LINODE CREDIT: bit.ly/2PeFnDO
-----------------------------------------------------------------------------------
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
-----------------------------------------------------------------------------------
TWITTER ►► bit.ly/3sNKXfq
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
-----------------------------------------------------------------------------------
CYBERTALK PODCAST ►► open.spotify.com/show/6j0RhRiofxkt39AskIpwP7
-----------------------------------------------------------------------------------
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
-----------------------------------------------------------------------------------
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#WebAppSec#Infosec

Наука

Опубликовано:

29 мар 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 69

@tiom28x 3 года назад

Alexis ,hope you read this mate. Just wanted to write that none of my lectures can explain in the way you do. Perspective of your lessons are on one of the highest levels. My route is Digital forensics and cybersecurity, and because of you I'm hungry for more knowledge. Big THANK YOU . DANKE

@HackerSploit 3 года назад

Hello, thank you very much for your support. I am glad you find value in the videos. That is great, we have an upcoming series on forensics.

@tiom28x 3 года назад

@@HackerSploit I cant wait to learn more from you. If you have discord group or maybe planning to create one ,I'm in. The content , explanations, and the way you teach are seriously one of the best. I have so many questions ,that I'd like to ask you to put me on the right path (focus to go in right direction) regards.

@mohammadabdi1793 3 года назад

Thank goodness you’re back👊🏾👊🏾

@martintovmassian5538 Год назад

Excellent! Thank you for the step by step tour!

@yeppa31 Год назад

its very clear guide. Thank you for high quality content

@HackerSploit 3 года назад

Documentation: www.linode.com/docs/guides/securing-nginx-with-modsecurity/

@ChapalPuteh_ 3 месяца назад

Thank you alexis, you make me curious on WAF … 😊

@timothylrobb 27 дней назад

Thank you. This was very helpful.

@nicocolt 2 года назад

Perfect ! many thanks to you !

@peopleyoumustknow1325 2 года назад

Thank you from Vietnam.

@sameerakwc 3 года назад

Awesome tutorial - first shot it worked like charm on nginx 1.18 and Ubuntu server 20.04 focal fossa ❤️ love it

@djebabliazakaria4593 2 года назад

How People Get Infected With Malicious Word Document': ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-E-Xc_bQyG2c.html

@binaryfire 2 года назад

Great video. What are your thoughts on NAXSI? Modsec has a huge performance hit. NAXSI is supposed to be a lot faster

@aleejunaid 2 года назад

Hi, My all 12 cores of my server shoots to 100% usage after turning the Modsecurity On. It works fine after turning it off. What is wrong?

@mbm6048 3 года назад

Cool awesome video

@mazenn99 2 года назад

thank you very much

@mecrayavcin 2 года назад

Hi i have a question What if ubuntu is upgraded / updated , so maybe there can be a higher version of nginx (example 1.25) ! (can nginx be upgraded if we upgrade Ubuntu version? I don't know this buy the way ) So we composed module from nginx 1.14 nginx file Is tihs make a problem?

@memorysells 3 года назад

Very detailed and informative. However, please check that the path mentioned in Step 3 of Configuring Modsecurity is incorrect. This can cause confusion for newbies because the path is not correct

@mohamedhabas7391 2 года назад

Hey , can you tell me how to get around this ?? please :) ?

@azizutkuozdemir 2 года назад

Is there some docker version which all tools enabled and still you can check what has been installed with dockerfile or so :)

@anthonydelagarde3990 2 года назад

Can please you list the tools you installed post the NGINx install

@ThoriumHeavyIndustries 2 года назад

There is an error in your documentation in the section configure modsecurity. Either the path to copy or config from/to are wrong or you left a step to create the directories. Please, check. Thanks.

@rabbitcreative 9 месяцев назад

Errors are sometimes put in on purpose. Makes it easier to sell support contracts. Also evil.

@unly243 3 года назад

good video

@juul216 3 года назад

amazing

@Mia-cutee 5 месяцев назад

does it work for ubuntu 22?

@mohanraam869 3 года назад

What tool is used identify the defects in bug bounty please tell bro

@christoferfrascarelli3944 3 года назад

can UFW and modsecurity coexist? or would it be better to use only one? Thanks a lot!!

@jacksoncremean1664 2 года назад

UFW is a layer 3 firewall modsecurity is layer 7

@danlegend3104 3 года назад

If you were to do this for a friend/client and secure their server for their website what would be a fair price to charge as a freelance engineer? They already have a website the web designer just hasn’t secured or optimised anything.

@HackerSploit 3 года назад

It depends on the scale of the project and cost factor. Do you charge per hour?

@danlegend3104 3 года назад

@@HackerSploit hourly or per day which ever is cheaper for them, that’s usually how repeat business is kept over here in the Uk

@HackerSploit 3 года назад

@@danlegend3104 Thank you for the clarification, in that case depending on your skill level I would suggest anywhere from 30-50$ per hour. This is just a rough estimate based on the nature of the work likely will be doing.

@realhomy 3 года назад

YESSIR

@imadedwis5658 2 года назад

Can you upload video waf nginx on centOS 8.5 ?

@thinnadisoe4039 11 месяцев назад

how to host a static php website in nginx server

@realhomy 3 года назад

LET'S GOOO we got 3 vids in one day

@mbm6048 3 года назад

Bro you beat me in a few seconds for the first comment .😅

@realhomy 3 года назад

@@mbm6048 damn u were close congrats

@732_dipen4 3 года назад

why you keep switching OS sometimes parrot sometimes kali sometimes ubuntu

@betterwithrum Год назад

My only complaint is something this complicated should be automated with an Ansible playbook or Chef cookbook, IMHO

@cryptolicious3738 3 года назад

cool video! is there a app or way to get notifications of IPs violating rules, what rule and what url and button to send to fail2ban jail? if not ill dev one

@HackerSploit 3 года назад

Not yet, that is a great video idea. I will definitely work on this.

@cryptolicious3738 3 года назад

@@HackerSploit , excellent , thanks! lets dev it together in flutter , u wanna, if nothings out there already?

@kossidoh Год назад

Hello. Thanks forthe video. I was installing the modsecurity for nginx but I run into trouble. This is the error message i got "adding module in /build/nginx-qDpDX0/nginx-1.18.0/debian/modules/http-geoip2 ./configure: error: no /build/nginx-qDpDX0/nginx-1.18.0/debian/modules/http-geoip2/config was found" Can you help on this. the ubuntu system is 22. and there is no help on this on the internet.

@juantavarez9493 Год назад

Did you resolve this ? I'm facing the samething

@h4cker 3 года назад

I don't know why but You looks like my elder brother 😂 ...

@drishalballaney6590 3 года назад

3 videos in less than 2 hrs today?

@faust9091 3 года назад

First EDIT:Damn

@sajjadjafaribojd3189 3 года назад

thank very much. very useful video .You speak very fast man ... a little slower please

@shubhamghosh2228 3 года назад

Missed your voice more than your videos. Lol 😅

@Jawlaya 3 года назад

@namansharma1330 3 года назад

Can ece stream guy learn ethical hacking?

@ass_awper 3 года назад

Hi bro, Is there any way to crack WPS version - 2.0 ?

@enos5192 3 года назад

What does this Video look like you man ? Some wifi tutorial ? 😂😂

@8080VB 3 года назад

Hww k worked

@kermitdaphrogge525 3 года назад

Bro can you make a video "impact of AI in cybersecurity and future of jobs in cybersecurity" please?

@enos5192 3 года назад

Nobody finished the Video, I bet . Cuz it's just 3 minutes after Release 😂😂

@user-tv4kh4pc7s Год назад

Lolka

@hirthicshyam9290 3 года назад

Hello

@dipadityadas Год назад

just change the SELinux context thats it. No need of Mob Security.

@Ayush_kumar123 Год назад

I have done everything as you have said, but after running the command "sudo nginx -t" to test nginx syntax, it throws an error saying modsecurity_rules_file" directive Rules error. File: /usr/local/modsecurity-crs/rules/REQUEST-922-MULTIPART-ATTACK.conf Then i removed the file and everything worked fine. But it is an important config file why is this happeing.