nginx is the web server that's replacing Apache in more and more of the
world's websites. Until now, nginx has not been able to benefit from the
security ModSecurity provides. Here's how to install ModSecurity
and get it working with nginx.
Earlier this year the popular open-source web application firewall,
ModSecurity, released version 3 of its software. Version 3 is a
significant departure from the earlier versions, because it's now
modularized. Before version 3, ModSecurity worked only with the Apache
web server as a dependent module, so there was no way for other HTTP
applications to utilize ModSecurity. Now the core functionality of
ModSecurity, the HTTP filtering engine, exists as a standalone library,
libModSecurity, and it can be integrated into any other application via
a "connector". A connector is a small piece of code that allows any
application to access libModSecurity.