Nginx 安装 ModSecurity 模块

1.首先把需要得规则策略包丢到/usr/local目录下 

下载链接:

owasp-modsecurity-crs/rules at v3.3/dev · SpiderLabs/owasp-modsecurity-crs · GitHub

2.安装依赖工具

yum install -y epel-release

yum install -y readline-devel curl-devel gcc gcc-c++ python-devel lua-devel doxygen perl yajl-devel GeoIP-devel lmdb-devel ssdeep-devel flex bison autoconf automake

3.安装Modsecurity

cd /usr/local
#git clone https://github.com/SpiderLabs/ModSecurity
#cd ModSecurity
#git checkout -b v3/master origin/v3/master
#git submodule init
#git submodule update
#sh build.sh
#./configure
#make
#make install
#2024年4月7日更新,由于直接git clone高版本会在make时出现错误,因此改为直接下载tar包进行安装
wget --no-check-certificate https://github.com/owasp-modsecurity/ModSecurity/releases/download/v3.0.12/modsecurity-v3.0.12.tar.gz
tar -zxvf modsecurity-v3.0.12.tar.gz
cd /usr/local/modsecurity-v3.0.12
./configure
make -j4
make install

4.安装Nginx和ModSecurity-nginx(此处由于该测试服务器已安装有nginx,所以下载的同版本源码重新编译安装)

cd /usr/local

git clone https://github.com/SpiderLabs/ModSecurity-nginx

wget http://nginx.org/download/nginx-1.17.10.tar.gz

tar -zxvf nginx-1.17.10.tar.gz

cd /usr/local/nginx-1.17.10

./configure --prefix=/etc/nginx \
            --sbin-path=/usr/sbin/nginx \
            --modules-path=/usr/lib64/nginx/modules \
            --conf-path=/etc/nginx/nginx.conf \
            --error-log-path=/var/log/nginx/error.log \
            --pid-path=/var/run/nginx.pid \
            --lock-path=/var/run/nginx.lock \
            --user=nginx \
            --group=nginx \
            --build=CentOS \
            --http-log-path=/var/log/nginx/access.log \
            --with-http_stub_status_module\
            --add-module=/usr/local/ModSecurity-nginx

make

make install

5.nginx启动正常

6.最终配置

mkdir -p /etc/nginx/modsecurity/rules

cp /usr/local/ModSecurity/modsecurity.conf-recommended  /etc/nginx/modsecurity/modsecurity.conf

cp /usr/local/ModSecurity/unicode.mapping /etc/nginx/modsecurity/

7.下载规则文件压缩包

cd /usr/local/
wget http://www.modsecurity.cn/download/corerule/owasp-modsecurity-crs-3.3-dev.zip
unzip owasp-modsecurity-crs-3.3-dev.zip
cd owasp-modsecurity-crs-3.3-dev

复制crs-setup.conf.example到/etc/nginx/modsecurity/下并重命名为crs-setup.conf

cd /usr/local/owasp-modsecurity-crs-3.3-dev
cp crs-setup.conf.example /etc/nginx/modsecurity/crs-setup.conf

将下载的策略规则包解压后的rules文件夹里面的所有规则复制到/etc/nginx/modsecurity/rules下

cp -r rules/ /etc/nginx/modsecurity/

最终得目录下面有如下文件

[root@IT3 modsecurity]# ls

crs-setup.conf  modsecurity.conf  rules  unicode.mapping

上面的rules是目录,其他是文件

同时修改REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example与RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example两个文件的文件名,将".example"删除,这两个文件用于自定义规则;

cd rules
mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

编辑nginx.conf

在http或server节点中添加以下内容(在http节点添加表示全局配置,在server节点添加表示为指定网站配置)这里看具体需要,实际生产业务推荐写在server,这样方便控制

modsecurity on;

modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;

编辑modsecurity.conf

SecRuleEngine DetectionOnly改为SecRuleEngine On

同时添加以下内容:

Include /etc/nginx/modsecurity/crs-setup.conf

Include /etc/nginx/modsecurity/rules/*.conf

确保ModSecurity在记录审计日志时保存请求体IJ 改为 C

#SecAuditLogParts ABIJDEFHZ
SecAuditLogParts ABCDEFHZ

8.重启nginx

service nginx restart

注:此处可能重启报错

[root@WoMusic-test02 sbin]# nginx -t
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsecurity/rules/REQUEST-910-IP-REPUTATION.conf. Line: 75. Column: 22. This version of ModSecurity was not compiled with GeoIP or MaxMind support.  in /etc/nginx/nginx.conf:22

ref:Nginx + ModSecurity 报错_莫忘、初心的博客-CSDN博客

注释这条规则即可

测试访问:http://localhost:5080/?id=2%27or%201-3

返回403

[root@WoMusic-test02 sbin]# curl 'http://localhost:5080/?id=1 AND 1=1' -I
HTTP/1.1 403 Forbidden
Server: nginx/1.17.10
Date: Wed, 07 Apr 2021 06:41:22 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive

[root@WoMusic-test02 sbin]#

ref:

CentOS7.7下源码安装3.x.x版本ModSecurity+Nginx及配置策略 - 简书 CentOS7: Nginx+ModSecurity 安装教程_莫忘、初心的博客-CSDN博客_modsecurity nginx CentOS下Nginx+ModSecurity(3.0.x)安装教程及配置WAF规则文件_使用教程_ModSecurity-应用实践

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值
>