# ModSecurity The module adds a connector for using [ModSecurity](https://modsecurity.org/) rules. ## Installation To [install](https://en.angie.software//angie/docs/installation/index.md#install-packages) the module, use one of the following packages: - Angie: `angie-module-modsecurity` - Angie PRO: `angie-pro-module-modsecurity` ## Loading the Module To work with the module, you need to load it in the `main{}` context: ```nginx load_module modules/ngx_http_modsecurity_module.so; ``` ## Configuration Example Specify the `modsecurity` and `modsecurity_rules_file` directives in the appropriate context, for example `server`: > ```nginx > server { > modsecurity on; > modsecurity_rules_file /etc/angie/modsecurity/rules.conf; > # ... > } > ``` Copy the [OWASP Core Rule Set for ModSecurity (CRS)](https://coreruleset.org/) to the `/var/lib/angie/modsecurity/` directory: > ```console > $ cd /var/lib/angie/modsecurity/ > $ sudo git clone -b v4.1.0 https://github.com/coreruleset/coreruleset > ``` In the directory with the core rules, copy the minimally required ModSecurity configuration examples: ```console $ sudo cp coreruleset/crs-setup.conf.example coreruleset/crs-setup.conf $ sudo cp coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example \ coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf $ sudo cp coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example \ coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf ``` Uncomment the `Include` directives below in the `/etc/angie/modsecurity/rules.conf` file: ```apache Include /var/lib/angie/modsecurity/coreruleset/crs-setup.conf Include /var/lib/angie/modsecurity/coreruleset/rules/*.conf ``` ## Additional Information Detailed documentation and source code are available at: [https://github.com/owasp-modsecurity/ModSecurity](https://github.com/owasp-modsecurity/ModSecurity).