Nginx+ModSecurity(3.0.x)安装教程及配置WAF规则文件

本文主要介绍ModSecurity v3.0.x在Nginx环境下的安装、WAF规则文件配置、以及防御效果的验证,因此对于Nginx仅进行简单化安装。

服务器操作系统:linux 位最小化安装

一、安装相关依赖工具

Bash

  1. yum install -y git wget epel-release

  2. yum install -y gcc-c++ flex bison yajl lmdb lua curl-devel curl GeoIP-devel zlib-devel pcre-devel pcre2-devel libxml2-devel ssdeep-devel libtool autoconf automake make

  3. #以下组件无法直接yum安装,需要手动下载安装,请注意检查devel包与系统中对应组件的版本一致性

  4. wget http://rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/lua-devel-5.3.4-12.el8.x86_64.rpm

  5. wget http://rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/yajl-devel-2.1.0-12.el8.x86_64.rpm

  6. wget http://rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/lmdb-devel-0.9.24-2.el8.x86_64.rpm

  7. wget http://rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/doxygen-1.8.14-12.el8.x86_64.rpm

  8. yum localinstall -y lua-devel-5.3.4-12.el8.x86_64.rpm

  9. yum localinstall -y yajl-devel-2.1.0-12.el8.x86_64.rpm

  10. yum localinstall -y lmdb-devel-0.9.24-2.el8.x86_64.rpm

  11. yum localinstall -y doxygen-1.8.14-12.el8.x86_64.rpm

二、安装Modsecurity

Bash

  1. cd /usr/local

  2. git clone https://github.com/SpiderLabs/ModSecurity

  3. cd ModSecurity

  4. git checkout -b v3/master origin/v3/master

  5. git submodule init

  6. git submodule update

  7. sh build.sh

  8. ./configure

  9. make -j4

  10. make install

三、安装nginx与ModSecurity-nginx

Bash

  1. cd /usr/local

  2. git clone https://github.com/SpiderLabs/ModSecurity-nginx

  3. wget http://nginx.org/download/nginx-1.16.1.tar.gz

  4. tar -xvzf nginx-1.16.1.tar.gz

  5. cd /usr/local/nginx-1.16.1

  6. ./configure --add-module=/usr/local/ModSecurity-nginx

  7. make -j4

  8. make install

四、测试效果

启动nginx

Bash

  1. #关闭防火墙

  2. systemctl stop firewalld

  3. #启动nginx

  4. /usr/local/nginx/sbin/nginx

模拟攻击,测试未启动ModSecurity时的访问效果,访问URL为:http://服务器IP/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

效果如下:

Nginx+ModSecurity(3.0.x)安装教程及配置WAF规则文件

五、下载规则文件并配置:

创建用于存在配置文件的文件夹

Bash

  1. mkdir /usr/local/nginx/conf/modsecurity

  2. cd /usr/local

  3. git clone https://github.com/coreruleset/coreruleset.git

  4. cp /usr/local/ModSecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/modsecurity.conf

  5. cp /usr/local/ModSecurity/unicode.mapping /usr/local/nginx/conf/modsecurity/unicode.mapping

  6. cp -r /usr/local/coreruleset/rules /usr/local/nginx/conf/modsecurity/

  7. cp /usr/local/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/modsecurity/crs-setup.conf

编辑nginx.conf

在http或server节点中添加以下内容(在http节点添加表示全局配置,在server节点添加表示为指定网站配置):

Bash

  1. modsecurity on;

  2. modsecurity_rules_file /usr/local/nginx/conf/modsecurity/modsecurity.conf;

编辑modsecurity.conf

SecRuleEngine DetectionOnly改为SecRuleEngine On

同时添加以下内容:

Bash

  1. Include /usr/local/nginx/conf/modsecurity/crs-setup.conf

  2. Include /usr/local/nginx/conf/modsecurity/rules/*.conf

六、重新加载Nginx测试效果

Bash

/usr/local/nginx/sbin/nginx -s reload

Nginx+ModSecurity(3.0.x)安装教程及配置WAF规则文件

© 版权声明

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...