环境:
CentOS7
Nginx1.16
一、安装依赖
yum install -y git wget epel-release
yum install -y gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel lmdb-devel libxml2-devel ssdeep-devel lua-devel libtool autoconf automake
二、安装ModSecurity
当前目录/root/
git clone https://github.com/SpiderLabs/ModSecurity
cd ModSecurity (1)
git submodule init
git submodule update
sh build.sh
./configure
make
make install
注:第1行用git clone https://gitee.com/dzf2012/ModSecurity
(1)执行后提示以下内容,表示执行成功。
注:按照官方执行 git clone https://github.com/SpiderLabs/ModSecurity 会出错,这里省略这一步。
三、安装nginx与ModSecurity-nginx
cd /root/
git clone https://github.com/SpiderLabs/ModSecurity-nginx
wget http://nginx.org/download/nginx-1.16.1.tar.gz
tar -xvzf nginx-1.16.1.tar.gz
cd nginx-1.16.1
./configure --add-module=/root/ModSecurity-nginx
make
make install
注:第3行用git clone https://gitee.com/dzf2012/ModSecurity-nginx
四、启动nginx并测试没有启动ModSecurity的效果
启动nginx
/usr/local/nginx/sbin/nginx
测试
http://172.16.2.48/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
查看nginx版本及已安装模块
/usr/local/nginx/sbin/nginx -V
五、配置ModSecurity
(一)下载规则文件
1)创建用于存在配置文件的文件夹
mkdir /usr/local/nginx/conf/modsecurity
2)创建配置文
cp /root/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/modsecurity.conf
3)下载规则文件
从https://github.com/SpiderLabs/owasp-modsecurity-crs/下载规则并解压,上传到/root/,或
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
或
git clone https://gitee.com/dzf2012/owasp-modsecurity-crs
rules/,执行以下操作:
cd /root/rules
cp crs-setup.conf.example /usr/local/nginx/conf/modsecurity/crs-setup.conf
cp /root/ModSecurity/unicode.mapping /usr/local/nginx/conf/modsecurity
cp -r rules /usr/local/nginx/conf/modsecurity/
cd /usr/local/nginx/conf/modsecurity/rules
mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
注:可将自己写的规则放置于 REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf 和RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf 中
(二)配置ModSecurity
1)nginx.conf文件
cd /usr/local/nginx/conf/
vi nginx.conf
在http或server节点中添加以下内容(在http节点添加表示全局配置,在server节点添加表示为指定网站配置):
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/modsecurity/m