wget http://nginx.org/download/nginx-1.6.3.tar.gz
wget http://nginx.org/download/nginx-1.8.1.tar.gz
wget http://zlib.net/zlib-1.2.8.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
wget http://www.openssl.org/source/openssl-fips-2.0.12.tar.gz
tar -zxvf nginx-1.6.3.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
tar -zxvf pcre-8.38.tar.gz
tar -zxvf openssl-fips-2.0.12.tar.gz
cd openssl-fips-2.0.10
./config
make
sudo make install
cd zlib-1.2.8
./configure
make
sudo make install
cd pcre-8.38
./configure
make
sudo make install
cd nginx-1.6.3
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.12
make
sudo make install
cd /usr/local/nginx/sbin
sudo ./nginx
----------------------------
添加 naxsi模块
wget https://github.com/nbs-system/naxsi/archive/master.zip
mv master.zip naxsi-master.zip
unzip naxsi-master.zip
在安装好的nginx/sbin/下执行 ./nginx -V 命令,可以查看到nginx的原有./configure 复制后并添加naxsi模块
添加:--add-module=../naxsi-master/naxsi_src
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.10 --add-module=../naxsi-master/naxsi_src
make
sudo make install
cp ~/naxsi-master/naxsi_config/naxsi_core.rules /usr/local/nginx/conf/
cd /usr/local/nginx/conf
vim mysite.rules
内容如下:
#------------------------
#LearningMode; #Enables learning mode
SecRulesEnabled;
#SecRulesDisabled;
DeniedUrl "/RequestDenied";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
#---------------------------
vim nginx.conf
在http部分加入如下配置
include /usr/local/nginx/conf/naxsi_core.rules;
在 server的 location / {
#在这里面增加:
include /usr/local/nginx/conf/mysite.rules;
}
#增加:
location /RequestDenied {
return 403;
}
主要参考资料:
http://blog.cnwyhx.com/centos-nginx-naxsi-install/
wget http://nginx.org/download/nginx-1.8.1.tar.gz
wget http://zlib.net/zlib-1.2.8.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
wget http://www.openssl.org/source/openssl-fips-2.0.12.tar.gz
tar -zxvf nginx-1.6.3.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
tar -zxvf pcre-8.38.tar.gz
tar -zxvf openssl-fips-2.0.12.tar.gz
cd openssl-fips-2.0.10
./config
make
sudo make install
cd zlib-1.2.8
./configure
make
sudo make install
cd pcre-8.38
./configure
make
sudo make install
cd nginx-1.6.3
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.12
make
sudo make install
cd /usr/local/nginx/sbin
sudo ./nginx
----------------------------
添加 naxsi模块
wget https://github.com/nbs-system/naxsi/archive/master.zip
mv master.zip naxsi-master.zip
unzip naxsi-master.zip
在安装好的nginx/sbin/下执行 ./nginx -V 命令,可以查看到nginx的原有./configure 复制后并添加naxsi模块
添加:--add-module=../naxsi-master/naxsi_src
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.10 --add-module=../naxsi-master/naxsi_src
make
sudo make install
cp ~/naxsi-master/naxsi_config/naxsi_core.rules /usr/local/nginx/conf/
cd /usr/local/nginx/conf
vim mysite.rules
内容如下:
#------------------------
#LearningMode; #Enables learning mode
SecRulesEnabled;
#SecRulesDisabled;
DeniedUrl "/RequestDenied";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
#---------------------------
vim nginx.conf
在http部分加入如下配置
include /usr/local/nginx/conf/naxsi_core.rules;
在 server的 location / {
#在这里面增加:
include /usr/local/nginx/conf/mysite.rules;
}
#增加:
location /RequestDenied {
return 403;
}
主要参考资料:
http://blog.cnwyhx.com/centos-nginx-naxsi-install/
扫一扫
146
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
