使用ngx_lua_waf构建web应用防火墙

使用ngx_lua_waf构建web应用防火墙:

**用途介绍**
防止sql注入,本地包含,部分溢出,fuzzing测试,xss,SSRFweb攻击
防止svn/备份之类文件泄漏
防止ApacheBench之类压力测试工具的攻击
屏蔽常见的扫描黑客工具,扫描器
屏蔽异常的网络请求
屏蔽图片附件类目录php执行权限
防止webshell上传
环境安装:https://blog.csdn.net/m0_37886429/article/details/73732632
ngx_lua_waf构建:https://github.com/loveshell/ngx_lua_waf

环境安装

1、安装LuaJIT

wget http://luajit.org/download/LuaJIT-2.0.2.tar.gz

tar -zxvf LuaJIT-2.0.2.tar.gz

cd LuaJIT-2.0.2

make 

make install PREFIX=/usr/local/LuaJIT

export LUAJIT_LIB=/usr/local/LuaJIT/lib

export LUAJIT_INC=/usr/local/LuaJIT/include/luajit-2.0

cd /opt/download

wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz

wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz

tar -zxvf v0.3.0.tar.gz

tar -zxvf v0.10.9rc7.tar.gz

2、重新编译nginx

查看nginx当前版本和编译详情  nginx -V
下载相同版本的nginxwget http://nginx.org/download/nginx-1.12.2.tar.gz

tar -zxvf nginx-1.12.2.tar.gz

cd nginx-1.12.2

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-ipv6 --with-http_sub_module --with-openssl=/root/lnmp1.4/src/openssl-1.0.2l --add-module=/opt/download/ngx_devel_kit-0.3.0 --add-module=/opt/download/lua-nginx-module-0.10.9rc7

make && make install

3、加载lua库,加入到ld.so.conf文件

echo "/usr/local/LuaJIT/lib" >> /etc/ld.so.conf

ldconfig

搭建ngx_lua_waf构建web应用防火墙:

1、进入nginx的安装路径:cd /usr/local/nginx/conf

2、下载ngx_lua_waf :

git clone https://github.com/loveshell/ngx_lua_waf.git

3、将解压后的ngx_lua_waf文件夹重命名为waf

mv ngx_lua_waf/ waf

4、配置config.lua里的waf规则

vim /usr/local/nginx/conf/waf/config.lua

修改:RulePath = "/usr/local/nginx/conf/waf/wafconf/"(本机的安装目录)

5、在nginx_conf 的 http段添加

lua_package_path "/usr/local/nginx/conf/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file  /usr/local/nginx/conf/waf/init.lua; 
access_by_lua_file /usr/local/nginx/conf/waf/waf.lua;

6、重启nginx

nginx -s reload

7、测试是否安装成功

http://ip地址或者域名/index.php?id=../etc/passwd

没有更多推荐了,返回首页