Nginx + Naxsi

2019独角兽企业重金招聘Python工程师标准>>>

#1, 下载及编译

sudo yum install -y gcc gcc-c++
#PCRE install
cd pcre-8.39
 ./configure --prefix=/usr/local/pcre-8.39 --libdir=/usr/local/lib/pcre --includedir=/usr/local/include/pcre
make
sudo make install
root exe: echo "/usr/local/lib/pcre" >> /etc/ld.so.conf


wget https://github.com/nbs-system/naxsi/archive/0.55.zip
wget http://nginx.org/download/nginx-1.11.6.tar.gz
unzip 0.55.zip
tar zxvf nginx-1.11.6.tar.gz
cd nginx-1.11.6/
./configure --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi-0.55/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --prefix=/usr

pcre/zlib/openssl: --with-pcre=path(path of source_code)

pcre: https://sourceforge.net/projects/pcre/files/pcre/8.39/pcre-8.39.tar.gz/download
zlib: wget http://zlib.net/zlib-1.2.8.tar.gz
openssl: wget http://www.openssl.org/source/openssl-1.0.0e.tar.gz

openssl install : http://blog.csdn.net/maryzhao1985/article/details/8874483
pcre install: http://jingyan.baidu.com/album/7f766dafaed5e44100e1d041.html?picindex=7

adding module in ../naxsi-0.55/naxsi_src/
 + ngx_http_naxsi_module was configured
creating objs/Makefile

Configuration summary
  + using PCRE library: /usr/lib64
  + using OpenSSL library: /usr/bin
  + using zlib library: /usr/lib64

  nginx path prefix: "/usr"
  nginx binary file: "/usr/sbin/nginx"
  nginx modules path: "/usr/modules"
  nginx configuration prefix: "/etc/nginx"
  nginx configuration file: "/etc/nginx/nginx.conf"
  nginx pid file: "/var/run/nginx.pid"
  nginx error log file: "/var/log/nginx/error.log"
  nginx http access log file: "/var/log/nginx/access.log"
  nginx http client request body temporary files: "/var/lib/nginx/body"
  nginx http proxy temporary files: "/var/lib/nginx/proxy"
  nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"

make
sudo make install
sudo mkdir -p /var/lib/nginx/body ```


#2, 配置

sudo cp ../naxsi-0.55/naxsi_config/naxsi_core.rules /etc/nginx/ sudo vim /etc/nginx/nginx.conf http { include /etc/nginx/naxsi_core.rules; // add include mime.types;

    location / {
        root   html;
        index  index.html index.htm;

/* add beg SecRulesEnabled; DeniedUrl "/RequestDenied";

        ## Check & Blocking Rules
        CheckRule "$SQL >= 8" BLOCK;
        CheckRule "$RFI >= 8" BLOCK;
        CheckRule "$TRAVERSAL >= 4" BLOCK;
        CheckRule "$EVADE >= 4" BLOCK;
        CheckRule "$XSS >= 8" BLOCK;

        access_log  /var/log/nginx/naxsi_access.log;
        error_log   /var/log/nginx/naxsi_error.log debug;

    } // **no add**

    location /RequestDenied {
        return 418; #I'm a teapot
    }

add end */ ```

#3, test

[naxis[@localhost](https://my.oschina.net/u/570656) nginx-1.11.6]$ curl -I http://localhost/?name=1/**/and/**/1=1
HTTP/1.1 418
Server: nginx/1.11.6
Date: Thu, 01 Dec 2016 09:03:03 GMT
Content-Length: 0
Connection: keep-alive


[naxis[@localhost](https://my.oschina.net/u/570656) nginx-1.11.6]$ curl -I http://localhost
HTTP/1.1 200 OK
Server: nginx/1.11.6
Date: Thu, 01 Dec 2016 09:03:30 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 01 Dec 2016 07:33:12 GMT
Connection: keep-alive
ETag: "583fd238-264"
Accept-Ranges: bytes ```

转载于:https://my.oschina.net/u/2567345/blog/798252