2019独角兽企业重金招聘Python工程师标准>>>
1、安装pcre
yum -y install pcre-devel openssl openssl-devel zlib zlib-devel
2、安装 openResty
cd /usr/local/
wget https://openresty.org/download/openresty-1.11.2.2.tar.gz
tar xf openresty-1.11.2.2.tar.gz
cd openresty-1.11.2.2
./configure
gmake && gmake install
建立用户www,供nginx使用
useradd www -M -s /sbin/nologin
3、配置nginx
vim /usr/local/openresty/nginx/conf/nginx.conf
user www;
worker_processes 1;events {worker_connections 1024;
}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;server {listen 80;server_name localhost;location / {default_type text/html;content_by_lua_block {ngx.say("Hello World!");}}}}
保存配置文件,启动nginx
ln -s /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx
nginx //启动nginx
curl localhost
# 打印Hello World!
4、下载ngx_lua_waf模块
cd /usr/local/openresty/nginx
git clone https://github.com/loveshell/ngx_lua_waf.git
在nginx的http模块中添加
lua_package_path "/usr/local/openresty/nginx/ngx_lua_waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file /usr/local/openresty/nginx/ngx_lua_waf/init.lua;
access_by_lua_file /usr/local/openresty/nginx/ngx_lua_waf/waf.lua;
进入ngx_lua_waf
安装目录,并修改config.lua
RulePath = "/usr/local/openresty/nginx/ngx_lua_waf/wafconf/"
attacklog = "on"
logdir = "/usr/local/openresty/nginx/logs/ngx_lua_waf/"
UrlDeny="on"
Redirect="on"
CookieMatch="on"
postMatch="on"
whiteModule="on"
black_fileExt={"php","jsp"}
ipWhitelist={"127.0.0.1"}
ipBlocklist={"1.0.0.1"}
CCDeny="off"
CCrate="100/60"
html=[[
go away!
]]
5、手动添加日志文件
cd /usr/local/openresty/nginx/logs
mkdir ngx_lua_waf
cd ../
chown www.www logs/ -R
重启nginx
nginx -s reload
6、测试(浏览器)
http://182.92.200.105/index.asp?id=../etc/passwd
结果:go away!
进入刚刚创建的日志目录,查看生成的日志
[root@iZ25l0m95piZ sbin]# cd /usr/local/openresty/nginx/logs/ngx_lua_waf/
[root@iZ25l0m95piZ ngx_lua_waf]# ls
localhost_2016-12-13_sec.log
[root@iZ25l0m95piZ ngx_lua_waf]# cat localhost_2016-12-13_sec.log
192.168.1.52 [2016-12-13 14:06:48] "GET localhost/index.asp?id=../etc/passwd" "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36" "\.\./"
192.168.1.52 [2016-12-13 14:16:17] "GET localhost/index.asp?id=../etc/passwd" "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36" "\.\./"
====>>>>END