nginx添加WAF模块

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx添加WAF模块相关的知识,希望对你有一定的参考价值。

WAF全称叫Web Application Firewall,web应用防火墙

 

最近公司网页发现有人天天在刷单,ELk真心不错,能多维度的发现这些问题。所以现在考虑给nginx增加个WAF模块,找了个老外的ModSecurity,下面讲下如何安装

 

1、安装依赖rpm包

yum -y install gcc gcc-c++ ncurses-devel libxml2-devel openssl-devel curl-devel libjpeg-devel libpng-devel autoconf pcre-devel libtool-libs freetype-devel gd zlib-devel zip unzip wget crontabs iptables file bison cmake patch mlocate flex diffutils automake make readline-devel glibc-devel glibc-static glib2-devel bzip2-devel gettext-devel libcap-devel logrotate ntp libmcrypt-devel GeoIP* gd-devel libxslt-devel libtool

 

2、下载ModSecurity和Nginx

cd /usr/src
wget http://tengine.taobao.org/download/tengine-2.1.0.tar.gz
git clone https://github.com/SpiderLabs/ModSecurity.git modsecurity

  开始安装modsecurity

cd /usr/src/modsecurity/
./autogen.sh
./configure --enable-standalone-module --disable-mlogc
make

  现在开始编译安装tenginx,增加一个modsecurity模块

tar xfz tengine-2.1.0.tar.gz
cd  tengine-2.1.0
./configure   --with-debug   --with-ipv6   --with-http_ssl_module   --add-module=/usr/src/modsecurity/nginx/modsecurity

make && make install

  查看一下安装出来的文件

cd /usr/local/nginx/

ls -l
drwxr-xr-x  2 root root 4096 Mar  10 11:21 conf/
drwxr-xr-x  2 root root 4096 Mar  10 11:21 html/
drwxr-xr-x  2 root root 4096 Mar  10 11:21 logs/
drwxr-xr-x  2 root root 4096 Mar  10 11:21 sbin/

ln -s /usr/local/nginx/sbin/nginx /bin/nginx

     配置ModSecurity

cp /usr/src/modsecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
cp /usr/src/modsecurity/unicode.mapping /usr/local/nginx/conf/

cd /usr/Local/nginx/conf/
vi modsecurity.conf

SecRuleEngine On          #第7行
SecRequestBodyLimit 100000000   #第39行

SecAuditLogType Concurrent     #第192行
#SecAuditLog /var/log/modsec_audit.log  

# Specify the path for concurrent audit logging.
SecAuditLogStorageDir /usr/local/nginx/logs  

#确保nginx服务对logs目录有写的权限

  配置OWASP规则

cd /usr/src/
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

cd owasp-modsecurity-crs
cp -R base_rules/ /usr/Local/nginx/conf/

  编辑modsecuity.conf配置文件

cd /usr/Local/nginx/conf/
vi modsecurity.conf

#DefaultAction
SecDefaultAction "log,deny,phase:1"

#If you want to load single rule /usr/loca/nginx/conf
#Include base_rules/modsecurity_crs_41_sql_injection_attacks.conf

#Load all Rule
Include base_rules/*.conf

#Disable rule by ID from error message (for my wordpress)
SecRuleRemoveById 981172 981173 960032 960034 960017 960010 950117 981004 960015

  配置nginx.conf,把modsecuity.conf加进去

  location ~ \.php$ {

          ModSecurityEnabled on;
          ModSecurityConfig modsecurity.conf;

            root           /var/www/html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

  重启nginx服务

nginx -s  reload

  查看日志信息,ModSecurity成功启动

2016/03/10 12:30:18 [notice] 3706#0: signal process started
2016/03/10 12:31:46 [notice] 3794#0: ModSecurity for nginx (STABLE)/2.8.0 (http://www.modsecurity.org/) configured.
2016/03/10 12:31:46 [notice] 3794#0: ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9" 2016/03/10 12:31:46 [notice] 3794#0: ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
2016/03/10 12:31:46 [notice] 3794#0: ModSecurity: LIBXML compiled version="2.7.6" 2016/03/10 12:31:46 [notice] 3794#0: ModSecurity: StatusEngine call: "2.8.0,ModSecurity Standalone,1.3.9/1.3.9,7.8/7.8 2008-09-05,(null),2.7.6,8707623d80eb7bec6055da659a5e03f88f4e4016"
2016/03/10 12:31:46 [notice] 3794#0: ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/

 

如果有报错可以参考下https://www.52os.net/articles/nginx-use-modsecurity-module-as-waf.html这篇文章,讲的蛮详细的。

 

 

以上是关于nginx添加WAF模块的主要内容,如果未能解决你的问题,请参考以下文章

nginx在动态modsecurity模块下的waf实现方式

nginx+ngx_lua支持WAF防护功能

为Nginx加入一个使用深度学习的软WAF

安装nginx+ngx_lua支持WAF防护功能

记录ngx_lua_waf安装记录

Nginx+Modsecurity实现WAF