Nginx:Install ModSecurity: Difference between revisions

(13 intermediate revisions by the same user not shown)

Line 3:

Konektor ModSecurity-nginx berbentuk modul Nginx yang menyediakan lapisan komunikasi antara Nginx dan ModSecurity.

Instal semua dependensi yang diperlukan untuk proses build dan kompilasi dengan perintah berikut:

Instal semua dependensi yang diperlukan untuk proses build dan kompilasi dengan perintah berikut:<syntaxhighlight lang="shell">

sudo apt-get install bison build-essential ca-certificates curl dh-autoreconf doxygen flex gawk git iputils-ping libcurl4-gnutls-dev libexpat1-dev libgeoip-dev liblmdb-dev libpcre3-dev libpcre++-dev libssl-dev libtool libxml2 libxml2-dev libyajl-dev locales lua5.3-dev pkg-config wget zlib1g-dev zlibc libxslt-dev libgd-dev

</syntaxhighlight>di Debian 11<ref>[https://www.tecmint.com/install-modsecurity-nginx-debian-ubuntu/ tecmint.com] - How to Install ModSecurity for Nginx on Debian/Ubuntu</ref><syntaxhighlight lang="bash">

sudo apt install make gcc build-essential autoconf automake libtool libfuzzy-dev ssdeep gettext pkg-config libcurl4-openssl-dev liblua5.3-dev libpcre3 libpcre3-dev libxml2 libxml2-dev libyajl-dev doxygen libcurl4 libgeoip-dev libssl-dev zlib1g-dev libxslt-dev liblmdb-dev libpcre++-dev libgd-dev

</syntaxhighlight>

*Install GIT

apt install git

apt install git

apt install gnutls-bin

</syntaxhighlight><syntaxhighlight lang="shell">

apt install gnutls-bin

</syntaxhighlight>

*Sebelum melakukan clone, pindah directory utama ke <code>/opt</code>

cd /opt

cd /opt

</syntaxhighlight>

*Clone ModSecurity dari repository Github

sudo git clone https://github.com/SpiderLabs/ModSecurity

sudo git clone https://github.com/SpiderLabs/ModSecurity

</syntaxhighlight>

*Masuk ke directory ModSecurity

cd ModSecurity

cd ModSecurity

</syntaxhighlight>

*Jalankan perintah git berikut untuk menginisialisasi dan memperbarui submodul:

sudo git submodule init

sudo git submodule init

sudo git submodule update

</syntaxhighlight><syntaxhighlight lang="shell">

sudo git submodule update

</syntaxhighlight>

*Jalankan script <code>build.sh</code>

sudo ./build.sh

sudo ./build.sh

</syntaxhighlight>

*Jalankan file <code>configure</code>, yang bertanggung jawab untuk mendapatkan semua dependensi untuk proses pembuatan:

sudo ./configure

sudo ./configure

</syntaxhighlight>

*Jalankan perintah make untuk mem-''build'' ModSecurity (tunggu 10 s/d 15 menit)

sudo make

sudo make

</syntaxhighlight>

*Setelah proses build selesai, instal ModSecurity dengan menjalankan perintah berikut:

sudo make install

sudo make install

</syntaxhighlight>

==Download ModSecurity Connector==

*Pindah directory ke <code>/opt</code>

cd /opt

cd /opt

</syntaxhighlight>

*Clone repository

sudo git clone --depth 1 ~~<nowiki>~~https://github.com/SpiderLabs/ModSecurity-nginx.git</~~nowiki~~>

sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

</syntaxhighlight>

==Build ModSecurity module untuk Nginx==

*Periksa versi [[Nginx]]

nginx -v

nginx -v

</syntaxhighlight>

*'''Output'''

nginx version: nginx/1.18.0 (Ubuntu)

nginx version: nginx/1.18.0 (Ubuntu)

</syntaxhighlight>

*Download versi [[Nginx]] yang berjalan pada system ke directory <code>/opt</code>

cd /opt

cd /opt

sudo wget ~~<nowiki>~~http://nginx.org/download/nginx-1.18.0.tar.gz</~~nowiki~~>

</syntaxhighlight><syntaxhighlight lang="shell">

sudo wget http://nginx.org/download/nginx-1.18.0.tar.gz

</syntaxhighlight>

*Extract the tarball:

sudo tar -xvzf nginx-1.18.0.tar.gz

sudo tar -xvzf nginx-1.18.0.tar.gz

</syntaxhighlight>

*Ganti directory ke <code>/nginx-1.18.0</code>

cd nginx-1.18.0

cd nginx-1.18.0

</syntaxhighlight>

*Tampilkan argumen konfigurasi yang digunakan untuk versi Nginx Anda:

nginx -V

nginx -V

</syntaxhighlight>

*'''Output Sample'''

nginx version: nginx/1.18.0 (Ubuntu)

Line 76:

Line 95:

sudo ./configure --add-dynamic-module=../ModSecurity-nginx paste disini mulai dari berwarna merah

atau<syntaxhighlight lang="shell">

./configure --with-compat --add-dynamic-module=../ModSecurity-nginx

</syntaxhighlight>

*Build modul dengan perintah berikut:

sudo make modules

sudo make modules

</syntaxhighlight>

*Buat direktori untuk modul Modsecurity di folder konfigurasi Nginx sistem Anda:

sudo mkdir /etc/nginx/modules

sudo mkdir /etc/nginx/modules

</syntaxhighlight>

*Salin modul Modsecurity yang di compile ke dalam folder konfigurasi Nginx Anda:

sudo cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules

sudo cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules

</syntaxhighlight>

==Memuat Modul ModSecurity di Nginx==

*Buka konfigurasi [[Nginx]] pada directory <code>/etc/nginx/nginx.conf</code>

vim /etc/nginx/nginx.conf

vim /etc/nginx/nginx.conf

</syntaxhighlight>

*Tambahkan code berikut

load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;

load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;

</syntaxhighlight>

*'''Sample'''

user www-data;

worker_processes auto;

pid /run/nginx.pid;

user www-data;

include /etc/nginx/modules-enabled/*.conf;

worker_processes auto; pid /run/nginx.pid;

~~~~load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;</~~span~~>

include /etc/nginx/modules-enabled/*.conf;

load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;

</syntaxhighlight>

==Setting Up OWASP-CRS==

Line 102:

Line 135:

*Pertama, hapus kumpulan aturan saat ini bawaan sebelumnya dengan ModSecurity, menggunakan perintah berikut:

sudo rm -rf /usr/share/modsecurity-crs

sudo rm -rf /usr/share/modsecurity-crs

</syntaxhighlight>

*Clone repository ke directory <code>/usr/local/modsecurity-crs</code>

sudo git clone https://github.com/coreruleset/coreruleset /usr/local/modsecurity-crs

sudo git clone https://github.com/coreruleset/coreruleset /usr/local/modsecurity-crs

</syntaxhighlight>

*Rename the <code>crs-setup.conf.example</code> ke <code>crs-setup.conf</code>:

sudo mv /usr/local/modsecurity-crs/crs-setup.conf.example /usr/local/modsecurity-crs/crs-setup.conf

sudo mv /usr/local/modsecurity-crs/crs-setup.conf.example /usr/local/modsecurity-crs/crs-setup.conf

</syntaxhighlight>

*Ganti nama file aturan pengecualian permintaan default:

sudo mv /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

sudo mv /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

</syntaxhighlight>

Sekarang harus menyiapkan OWASP-CRS dan siap digunakan dalam konfigurasi [[Nginx]].

Line 117:

Line 161:

==Konfigurasi ModSecurity==

*Mulailah dengan membuat direktori ModSecurity di direktori <code>/etc/nginx/</code>:

sudo mkdir -p /etc/nginx/modsec

sudo mkdir -p /etc/nginx/modsec

</syntaxhighlight>

*Salin file pemetaan unicode dan file konfigurasi ModSecurity dari repository GitHub ModSecurity cloning kalian:

~~sudo cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec~~

sudo cp /opt/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf

sudo cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec

</syntaxhighlight>

sudo cp /opt/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf

</syntaxhighlight>

*Hapus ekstensi <code>.recommended</code> dari nama file konfigurasi ModSecurity dengan perintah berikut:

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

</syntaxhighlight>

*Dengan editor teks seperti vim atau nano, buka <code>/etc/modsecurity/modsecurity.conf</code> dan ubah nilai untuk <code>SecRuleEngine</code> menjadi <code>On</code>:

# -- Rule engine initialization ----------------------------------------------

# Enable ModSecurity, attaching it to every transaction. Use detection

# -- Rule engine initialization ----------------------------------------------

# only to start with, because that minimises the chances of post-installation

# disruption.

# Enable ModSecurity, attaching it to every transaction. Use detection

#

# only to start with, because that minimises the chances of post-installation

~~~~SecRuleEngine On</~~span~~>

# disruption.

#

SecRuleEngine On

</syntaxhighlight>

*Buat file konfigurasi baru bernama <code>main.conf</code> di direktori <code>/etc/nginx/modsec</code>:

~~sudo nano~~ /etc/nginx/modsec/main.conf

vim /etc/nginx/modsec/main.conf

</syntaxhighlight>

*Copy code berikut

Include /etc/nginx/modsec/modsecurity.conf

Include /usr/local/modsecurity-crs/crs-setup.conf

Include /usr/local/modsecurity-crs/rules/*.conf

Include /etc/nginx/modsec/modsecurity.conf

Include /usr/local/modsecurity-crs/crs-setup.conf

Include /usr/local/modsecurity-crs/rules/*.conf

</syntaxhighlight>

==Konfigurasi pada Nginx==

*Buka konfigurasi Nginx kalian biasanya pada directory /etc/nginx/sites-enabled, dengan menambahkan

~~nano~~ /etc/nginx/sites-enabled/default.conf

vim /etc/nginx/sites-enabled/default.conf

</syntaxhighlight>

atau

~~nano~~ /etc/nginx/conf.d/default.conf

vim /etc/nginx/conf.d/default.conf

</syntaxhighlight>

*Lalu tambahkan code berikut

~~modsecurity on;~~

~~modsecurity_rules_file /etc/nginx/modsec/main.conf;~~

modsecurity on;

modsecurity_rules_file /etc/nginx/modsec/main.conf;

</syntaxhighlight>

{{Note|Jika mengikuti tutorial dari awal, konfigurasi default.conf berada di dorectory /etc/nginx/conf.d}}

Line 158:

Line 232:

*'''Sample'''

server {

listen 80;

listen [::]:80;

server {

server_name _;

listen 80;

root /usr/share/nginx/html/;

listen [::]:80;

index index.php index.html index.htm index.nginx-debian.html;

server_name _;

~~~~modsecurity on;~~~~

root /usr/share/nginx/html/;

~~~~modsecurity_rules_file /etc/nginx/modsec/main.conf;</~~span~~>

index index.php index.html index.htm index.nginx-debian.html;

modsecurity on;

modsecurity_rules_file /etc/nginx/modsec/main.conf;

</syntaxhighlight>

==Source==

*[https://www.linode.com/docs/guides/securing-nginx-with-modsecurity/ linode.com]

*[https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/ nginx.com]

*[https://github.com/SpiderLabs/ModSecurity-nginx/issues/117 github.com]

[[Category:Security]]

[[Category:Server]]

[[Category:Nginx]]

[[Category:ModSecurity]]

@@ Line 3: / Line 3: @@
 Konektor ModSecurity-nginx berbentuk modul Nginx yang menyediakan lapisan komunikasi antara Nginx dan ModSecurity.
-Instal semua dependensi yang diperlukan untuk proses build dan kompilasi dengan perintah berikut:
+Instal semua dependensi yang diperlukan untuk proses build dan kompilasi dengan perintah berikut:<syntaxhighlight lang="shell">
+sudo apt-get install bison build-essential ca-certificates curl dh-autoreconf doxygen flex gawk git iputils-ping libcurl4-gnutls-dev libexpat1-dev libgeoip-dev liblmdb-dev libpcre3-dev libpcre++-dev libssl-dev libtool libxml2 libxml2-dev libyajl-dev locales lua5.3-dev pkg-config wget zlib1g-dev zlibc libxslt-dev libgd-dev
- sudo apt-get install bison build-essential ca-certificates curl dh-autoreconf doxygen  flex gawk git iputils-ping libcurl4-gnutls-dev libexpat1-dev libgeoip-dev liblmdb-dev  libpcre3-dev libpcre++-dev libssl-dev libtool libxml2 libxml2-dev libyajl-dev locales  lua5.3-dev pkg-config wget zlib1g-dev zlibc libxslt-dev libgd-dev
+</syntaxhighlight>di Debian 11<ref>[https://www.tecmint.com/install-modsecurity-nginx-debian-ubuntu/ tecmint.com] - How to Install ModSecurity for Nginx on Debian/Ubuntu</ref><syntaxhighlight lang="bash">
+sudo apt install make gcc build-essential autoconf automake libtool libfuzzy-dev ssdeep gettext pkg-config libcurl4-openssl-dev liblua5.3-dev libpcre3 libpcre3-dev libxml2 libxml2-dev libyajl-dev doxygen libcurl4 libgeoip-dev libssl-dev zlib1g-dev libxslt-dev liblmdb-dev libpcre++-dev libgd-dev
+</syntaxhighlight>
 *Install GIT
- apt install git
+<syntaxhighlight lang="shell">
+apt install git
- apt install gnutls-bin
+</syntaxhighlight><syntaxhighlight lang="shell">
+apt install gnutls-bin
+</syntaxhighlight>
 *Sebelum melakukan clone, pindah directory utama ke <code>/opt</code>
- cd /opt
+<syntaxhighlight lang="shell">
+cd /opt
+</syntaxhighlight>
 *Clone ModSecurity dari repository Github
- sudo git clone https://github.com/SpiderLabs/ModSecurity
+<syntaxhighlight lang="shell">
+sudo git clone https://github.com/SpiderLabs/ModSecurity
+</syntaxhighlight>
 *Masuk ke directory ModSecurity
- cd ModSecurity
+<syntaxhighlight lang="shell">
+cd ModSecurity
+</syntaxhighlight>
 *Jalankan perintah git berikut untuk menginisialisasi dan memperbarui submodul:
- sudo git submodule init
+<syntaxhighlight lang="shell">
+sudo git submodule init
- sudo git submodule update
+</syntaxhighlight><syntaxhighlight lang="shell">
+sudo git submodule update
+</syntaxhighlight>
 *Jalankan script <code>build.sh</code>
- sudo ./build.sh
+<syntaxhighlight lang="shell">
+sudo ./build.sh
+</syntaxhighlight>
 *Jalankan file <code>configure</code>, yang bertanggung jawab untuk mendapatkan semua dependensi untuk proses pembuatan:
- sudo ./configure
+<syntaxhighlight lang="shell">
+sudo ./configure
+</syntaxhighlight>
 *Jalankan perintah make untuk mem-''build'' ModSecurity (tunggu 10 s/d 15 menit)
- sudo make
+<syntaxhighlight lang="shell">
+sudo make
+</syntaxhighlight>
 *Setelah proses build selesai, instal ModSecurity dengan menjalankan perintah berikut:
- sudo make install
+<syntaxhighlight lang="shell">
+sudo make install
+</syntaxhighlight>
 ==Download ModSecurity Connector==
 *Pindah directory ke <code>/opt</code>
- cd /opt
+<syntaxhighlight lang="shell">
+cd /opt
+</syntaxhighlight>
 *Clone repository
- sudo git clone --depth 1 <nowiki>https://github.com/SpiderLabs/ModSecurity-nginx.git</nowiki>
+<syntaxhighlight lang="shell">
+sudo git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git
+</syntaxhighlight>
 ==Build ModSecurity module untuk Nginx==
 *Periksa versi [[Nginx]]
- nginx -v
+<syntaxhighlight lang="shell">
+nginx -v
+</syntaxhighlight>
 *'''Output'''
- nginx version: nginx/1.18.0 (Ubuntu)
+<syntaxhighlight lang="shell">
+nginx version: nginx/1.18.0 (Ubuntu)
+</syntaxhighlight>
 *Download versi [[Nginx]] yang berjalan pada system ke directory <code>/opt</code>
- cd /opt
+<syntaxhighlight lang="shell">
+cd /opt
- sudo wget <nowiki>http://nginx.org/download/nginx-1.18.0.tar.gz</nowiki>
+</syntaxhighlight><syntaxhighlight lang="shell">
+sudo wget http://nginx.org/download/nginx-1.18.0.tar.gz
+</syntaxhighlight>
 *Extract the tarball:
- sudo tar -xvzf nginx-1.18.0.tar.gz
+<syntaxhighlight lang="shell">
+sudo tar -xvzf nginx-1.18.0.tar.gz
+</syntaxhighlight>
 *Ganti directory ke <code>/nginx-1.18.0</code>
-  cd nginx-1.18.0
+<syntaxhighlight lang="shell">
+cd nginx-1.18.0
+</syntaxhighlight>
 *Tampilkan argumen konfigurasi yang digunakan untuk versi Nginx Anda:
- nginx -V
+<syntaxhighlight lang="shell">
+nginx -V
+</syntaxhighlight>
 *'''Output Sample'''
   nginx version: nginx/1.18.0 (Ubuntu)
@@ Line 76: / Line 95: @@
   sudo ./configure --add-dynamic-module=../ModSecurity-nginx <span style="color:#ff0000">paste disini mulai dari berwarna merah</span>
+atau<syntaxhighlight lang="shell">
+./configure --with-compat --add-dynamic-module=../ModSecurity-nginx
+</syntaxhighlight>
 *Build modul dengan perintah berikut:
- sudo make modules
+<syntaxhighlight lang="shell">
+sudo make modules
+</syntaxhighlight>
 *Buat direktori untuk modul Modsecurity di folder konfigurasi Nginx sistem Anda:
- sudo mkdir /etc/nginx/modules
+<syntaxhighlight lang="shell">
+sudo mkdir /etc/nginx/modules
+</syntaxhighlight>
 *Salin modul Modsecurity yang di compile ke dalam folder konfigurasi Nginx Anda:
- sudo cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
+<syntaxhighlight lang="shell">
+sudo cp objs/ngx_http_modsecurity_module.so /etc/nginx/modules
+</syntaxhighlight>
 ==Memuat Modul ModSecurity di Nginx==
 *Buka konfigurasi [[Nginx]] pada directory <code>/etc/nginx/nginx.conf</code>
- vim /etc/nginx/nginx.conf
+<syntaxhighlight lang="shell">
+vim /etc/nginx/nginx.conf
+</syntaxhighlight>
 *Tambahkan code berikut
- load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
+<syntaxhighlight lang="nginx">
+load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
+</syntaxhighlight>
 *'''Sample'''
- user www-data;
- worker_processes auto;
+<syntaxhighlight lang="nginx" line="1">
- pid /run/nginx.pid;
+user www-data;
- include /etc/nginx/modules-enabled/*.conf;
+worker_processes auto; pid /run/nginx.pid;
- <span style="color:#ff0000">load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;</span>
+include /etc/nginx/modules-enabled/*.conf;
+load_module /etc/nginx/modules/ngx_http_modsecurity_module.so;
+</syntaxhighlight>
 ==Setting Up OWASP-CRS==
@@ Line 102: / Line 135: @@
 *Pertama, hapus kumpulan aturan saat ini bawaan sebelumnya dengan ModSecurity, menggunakan perintah berikut:
- sudo rm -rf /usr/share/modsecurity-crs
+<syntaxhighlight lang="shell">
+sudo rm -rf /usr/share/modsecurity-crs
+</syntaxhighlight>
 *Clone repository ke directory <code>/usr/local/modsecurity-crs</code>
- sudo git clone https://github.com/coreruleset/coreruleset /usr/local/modsecurity-crs
+<syntaxhighlight lang="shell">
+sudo git clone https://github.com/coreruleset/coreruleset /usr/local/modsecurity-crs
+</syntaxhighlight>
 *Rename the <code>crs-setup.conf.example</code> ke <code>crs-setup.conf</code>:
- sudo mv /usr/local/modsecurity-crs/crs-setup.conf.example /usr/local/modsecurity-crs/crs-setup.conf
+<syntaxhighlight lang="shell">
+sudo mv /usr/local/modsecurity-crs/crs-setup.conf.example /usr/local/modsecurity-crs/crs-setup.conf
+</syntaxhighlight>
 *Ganti nama file aturan pengecualian permintaan default:
- sudo mv /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+<syntaxhighlight lang="shell">
+sudo mv /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example /usr/local/modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+</syntaxhighlight>
 Sekarang harus menyiapkan OWASP-CRS dan siap digunakan dalam konfigurasi [[Nginx]].
@@ Line 117: / Line 161: @@
 ==Konfigurasi ModSecurity==
 *Mulailah dengan membuat direktori ModSecurity di direktori <code>/etc/nginx/</code>:
- sudo mkdir -p /etc/nginx/modsec
+<syntaxhighlight lang="shell">
+sudo mkdir -p /etc/nginx/modsec
+</syntaxhighlight>
 *Salin file pemetaan unicode dan file konfigurasi ModSecurity dari repository GitHub ModSecurity cloning kalian:
- sudo cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec
- sudo cp /opt/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
+<syntaxhighlight lang="shell">
+sudo cp /opt/ModSecurity/unicode.mapping /etc/nginx/modsec
+</syntaxhighlight>
+<syntaxhighlight lang="shell">
+sudo cp /opt/ModSecurity/modsecurity.conf-recommended /etc/nginx/modsec/modsecurity.conf
+</syntaxhighlight>
 *Hapus ekstensi <code>.recommended</code> dari nama file konfigurasi ModSecurity dengan perintah berikut:
-  sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
+<syntaxhighlight lang="shell">
+sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
+</syntaxhighlight>
 *Dengan editor teks seperti vim atau nano, buka <code>/etc/modsecurity/modsecurity.conf</code> dan ubah nilai untuk <code>SecRuleEngine</code> menjadi <code>On</code>:
- # -- Rule engine initialization ----------------------------------------------
+<syntaxhighlight lang="shell" line="1">
- # Enable ModSecurity, attaching it to every transaction. Use detection
+# -- Rule engine initialization ----------------------------------------------
- # only to start with, because that minimises the chances of post-installation
- # disruption.
+# Enable ModSecurity, attaching it to every transaction. Use detection
- #
+# only to start with, because that minimises the chances of post-installation
- <span style="color:#ff0000">SecRuleEngine On</span>
+# disruption.
+#
+SecRuleEngine On
+</syntaxhighlight>
 *Buat file konfigurasi baru bernama <code>main.conf</code> di direktori <code>/etc/nginx/modsec</code>:
- sudo nano /etc/nginx/modsec/main.conf
+<syntaxhighlight lang="shell">
+vim /etc/nginx/modsec/main.conf
+</syntaxhighlight>
 *Copy code berikut
- Include /etc/nginx/modsec/modsecurity.conf
- Include /usr/local/modsecurity-crs/crs-setup.conf
+<syntaxhighlight lang="shell" line="1">
- Include /usr/local/modsecurity-crs/rules/*.conf
+Include /etc/nginx/modsec/modsecurity.conf
+Include /usr/local/modsecurity-crs/crs-setup.conf
+Include /usr/local/modsecurity-crs/rules/*.conf
+</syntaxhighlight>
 ==Konfigurasi pada Nginx==
 *Buka konfigurasi Nginx kalian biasanya pada directory /etc/nginx/sites-enabled, dengan menambahkan
- nano /etc/nginx/sites-enabled/default.conf
+<syntaxhighlight lang="shell">
+vim /etc/nginx/sites-enabled/default.conf
+</syntaxhighlight>
 atau
- nano /etc/nginx/conf.d/default.conf
+<syntaxhighlight lang="shell">
+vim /etc/nginx/conf.d/default.conf
+</syntaxhighlight>
 *Lalu tambahkan code berikut
- modsecurity on;
- modsecurity_rules_file /etc/nginx/modsec/main.conf;
+<syntaxhighlight lang="nginx" line="1">
+modsecurity on;
+modsecurity_rules_file /etc/nginx/modsec/main.conf;
+</syntaxhighlight>
 {{Note|Jika mengikuti tutorial dari awal, konfigurasi default.conf berada di dorectory /etc/nginx/conf.d}}
@@ Line 158: / Line 232: @@
 *'''Sample'''
- server {
-   listen 80;
+<syntaxhighlight lang="nginx" line="1">
-   listen [::]:80;
+server {
-   server_name _;
+  listen 80;
-   root /usr/share/nginx/html/;
+  listen [::]:80;
-   index index.php index.html index.htm index.nginx-debian.html;
+  server_name _;
-   <span style="color:#ff0000">modsecurity on;</span>
+  root /usr/share/nginx/html/;
-   <span style="color:#ff0000">modsecurity_rules_file /etc/nginx/modsec/main.conf;</span>
+  index index.php index.html index.htm index.nginx-debian.html;
+  modsecurity on;
+  modsecurity_rules_file /etc/nginx/modsec/main.conf;
+</syntaxhighlight>
 ==Source==
+<references />
 *[https://www.linode.com/docs/guides/securing-nginx-with-modsecurity/ linode.com]
+*[https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/ nginx.com]
+*[https://github.com/SpiderLabs/ModSecurity-nginx/issues/117 github.com]
 [[Category:Security]]
 [[Category:Server]]
+[[Category:Nginx]]
+[[Category:ModSecurity]]