WAF,英文名称Web Application Firewall,中文叫做Web应用防护系统,也可以称为Web应用防火墙,可以抵御日常的sql注入、本地包含、CC攻击等,下面就介绍下nginx+lua的waf方案。
安装OpenResty
cd /usr/local/
wget https://openresty.org/download/openresty-1.11.2.2.tar.gz
tar xf openresty-1.11.2.2.tar.gz
cd openresty-1.11.2.2
./configure
gmake && gmake install
建立www
用户
useradd www -M -s /sbin/nologin
配置nginx
vim /usr/local/openresty/nginx/conf/nginx.conf
user www;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
default_type text/html;
content_by_lua_block {
ngx.say("Hello World");
}
}
}
}
保存配置文件,启动nginx
ln -s /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx
nginx
curl localhost
# 打印Hello World
下载ngx_lua_waf
模块
cd /usr/local/openresty/nginx
git clone https://github.com/loveshell/ngx_lua_waf.git
在nginx的http模块中添加
lua_package_path "/usr/local/openresty/nginx/ngx_lua_waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file /usr/local/openresty/nginx/ngx_lua_waf/init.lua;
access_by_lua_file /usr/local/openresty/nginx/ngx_lua_waf/waf.lua;
进入ngx_lua_waf
安装目录,并修改config.lua
RulePath = "/usr/local/openresty/nginx/ngx_lua_waf/wafconf/"
attacklog = "on"
logdir = "/usr/local/openresty/nginx/logs/ngx_lua_waf/"
UrlDeny="on"
Redirect="on"
CookieMatch="on"
postMatch="on"
whiteModule="on"
black_fileExt={"php","jsp"}
ipWhitelist={"127.0.0.1"}
ipBlocklist={"1.0.0.1"}
CCDeny="off"
CCrate="100/60"
html=[[
go away
]]
手动添加日志文件
cd /usr/local/openresty/nginx/logs
mkdir ngx_lua_waf
cd ../
chown www.www logs/ -R
重启nginx
nginx -s reload
测试
[root@molaifeng ngx_lua_waf]# curl http://10.254.21.41/index.asp?id=../etc/passwd
go away
进入刚刚创建的日志目录,查看生成的日志
cd /usr/local/openresty/nginx/logs/ngx_lua_waf/
cat localhost_2016-12-04_sec.log
#显示如下
10.254.21.41 [2016-12-04 23:09:52] "GET localhost/index.asp?id=../etc/passwd" "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2" "\.\./"