客服电话
APP下载
迪恩网络APP
随时随地掌握行业动态
官方微信
扫描二维码
关注迪恩网络微信公众号
|
最近上新项目,搭建nginx的时候为保证安全,决定安装下waf模块,以下是具体步骤,首先下载需要的安装包,进行每个安装: wget http://luajit.org/download/LuaJIT-2.0.3.tar.gz tar -zxvf LuaJIT-2.0.3.tar.gz cd LuaJIT-2.0.3 make make install 然后下载nginx, wget http://nginx.org/download/nginx-1.7.6.tar.gz tar -zxvf nginx-1.7.6.tar.gz 下载ngx_devel_kit, wget https://github.com/simpl/ngx_devel_kit/archive/v0.2.19.tar.gz –no-check-certificate tar -zxvf v0.2.19.tar.gz 下载nginx_lua_module wget https://github.com/openresty/lua-nginx-module/archive/v0.9.13rc1.tar.gz –no-check-certificate tar -zxvf v0.9.13rc1.tar.gz cd nginx-1.7.6 安装pcre, tar -zxvf pcre-8.30.tar.gz cd pcre-8.30 ./configure make make install 安装openssl,
安装ngx_cache_purge模块:
安装zlib, 设置环境变量,进行编译, export LUAJIT_LIB=/usr/local/lib export LUAJIT_INC=/usr/local/include/luajit-2.0 ./configure –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module –add-module=/root/ngx_devel_kit-0.2.19 –add-module=/root/lua-nginx- module-0.9.13rc1 –with-http_ssl_module –with-openssl=/root/openssl-1.0.0 –add-module=/root/ngx_cache_purge-1.3 –with-pcre=/root/pcre-8.30 –with-ld-opt=”-Wl,-rpat h,$LUAJIT_LIB” make -j2 make install 建立目录存放攻击日志: mkdir -p /data/logs/hack/ chown -R nobody:nobody /data/logs/hack/ chmod -R 755 /data/logs/hack/ 下载waf, wget https://github.com/loveshell/ngx_lua_waf/archive/master.zip –no-check-certificate unzip master.zip cd ngx_lua_waf-master/ mkdir /usr/local/nginx/conf/waf mv * /usr/local/nginx/conf/waf/ cd /usr/local/nginx/conf/ vi nginx.conf 在http 段加入: lua_package_path “/usr/local/nginx/conf/waf/?.lua”; 启动前运行: ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2 否则会找不到这个模块报错。 过滤规则在wafconf下,可根据需求自行调整,每条规则需换行,或者用|分割 |
请发表评论