#1, 下载及编译
sudo yum install -y gcc gcc-c++
#PCRE install
cd pcre-8.39
./configure --prefix=/usr/local/pcre-8.39 --libdir=/usr/local/lib/pcre --includedir=/usr/local/include/pcre
make
sudo make install
root exe: echo "/usr/local/lib/pcre" >> /etc/ld.so.conf
wget https://github.com/nbs-system/naxsi/archive/0.55.zip
wget http://nginx.org/download/nginx-1.11.6.tar.gz
unzip 0.55.zip
tar zxvf nginx-1.11.6.tar.gz
cd nginx-1.11.6/
./configure --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi-0.55/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --prefix=/usr
pcre/zlib/openssl: --with-pcre=path(path of source_code)
pcre: https://sourceforge.net/projects/pcre/files/pcre/8.39/pcre-8.39.tar.gz/download
zlib: wget http://zlib.net/zlib-1.2.8.tar.gz
openssl: wget http://www.openssl.org/source/openssl-1.0.0e.tar.gz
openssl install : http://blog.csdn.net/maryzhao1985/article/details/8874483
pcre install: http://jingyan.baidu.com/album/7f766dafaed5e44100e1d041.html?picindex=7
adding module in ../naxsi-0.55/naxsi_src/
+ ngx_http_naxsi_module was configured
creating objs/Makefile
Configuration summary
+ using PCRE library: /usr/lib64
+ using OpenSSL library: /usr/bin
+ using zlib library: /usr/lib64
nginx path prefix: "/usr"
nginx binary file: "/usr/sbin/nginx"
nginx modules path: "/usr/modules"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/var/run/nginx.pid"
nginx error log file: "/var/log/nginx/error.log"
nginx http access log file: "/var/log/nginx/access.log"
nginx http client request body temporary files: "/var/lib/nginx/body"
nginx http proxy temporary files: "/var/lib/nginx/proxy"
nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
make
sudo make install
sudo mkdir -p /var/lib/nginx/body ```
#2, 配置
sudo cp ../naxsi-0.55/naxsi_config/naxsi_core.rules /etc/nginx/ sudo vim /etc/nginx/nginx.conf http { include /etc/nginx/naxsi_core.rules; // add include mime.types;
location / {
root html;
index index.html index.htm;
/* add beg SecRulesEnabled; DeniedUrl "/RequestDenied";
## Check & Blocking Rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
access_log /var/log/nginx/naxsi_access.log;
error_log /var/log/nginx/naxsi_error.log debug;
} // **no add**
location /RequestDenied {
return 418; #I'm a teapot
}
add end */ ```
#3, test
[naxis[@localhost](https://my.oschina.net/u/570656) nginx-1.11.6]$ curl -I http://localhost/?name=1/**/and/**/1=1
HTTP/1.1 418
Server: nginx/1.11.6
Date: Thu, 01 Dec 2016 09:03:03 GMT
Content-Length: 0
Connection: keep-alive
[naxis[@localhost](https://my.oschina.net/u/570656) nginx-1.11.6]$ curl -I http://localhost
HTTP/1.1 200 OK
Server: nginx/1.11.6
Date: Thu, 01 Dec 2016 09:03:30 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 01 Dec 2016 07:33:12 GMT
Connection: keep-alive
ETag: "583fd238-264"
Accept-Ranges: bytes ```