一、编译安装Nginx

1.安装依赖环境
$ yum -y install gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel libtool git autoconf automake libxml2-devel  zlib-devel libgo-devel openssl-devel
2.安装Nginx
$ wget  http://nginx.org/download/nginx-1.14.0.tar.gz

$ tar xvf nginx-1.14.0.tar.gz -C /usr/local/src/

$ cd /usr/local/src/nginx-1.14.0

$ ./configure \

--prefix=/usr/local/nginx \

--with-http_ssl_module \

--with-http_flv_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--with-pcre \

--with-file-aio \

--with-http_secure_link_module \

--with-compat \

--with-http_addition_module \

--with-http_auth_request_module \

--with-http_dav_module \

--with-http_flv_module \

--with-http_gzip_static_module \

--with-http_mp4_module  \

--with-http_random_index_module \

--with-http_realip_module \

--with-http_secure_link_module


$ make && make install

  

3.编写Nginx启动脚本
$ vim /usr/lib/systemd/system/nginx.service

    [Unit]

    Description=nginx - high performance web server

    After=network-online.target remote-fs.target nss-lookup.target

    [Service]

    Type=forking

    PIDFile=/usr/local/nginx/logs/nginx.pid

    ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf

    ExecReload=/bin/kill -s HUP $MAINPID

    ExecStop=/bin/kill -s TERM $MAINPID

    [Install]

    WantedBy=multi-user.target
4.修改环境PATH
$ vim /etc/profile.d/nginx.sh

    PATH=/usr/local/nginx/sbin:$PATH

$ source /etc/profile

二、下载并编译libmodsecurity

$ cd /usr/local/src

$ git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity

$ cd ModSecurity/

$ git submodule init

$ git submodule update

$ ./build.sh

$ ./configure

# 此步骤时间较长

$ make && make install

  

在编译的时候出现如下情况是正常情况

三、配置ModSecurity和Nginx的连接

1.下载ModSecurity和Nginx的连接器
$ cd /usr/local/src/

$ git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

$ nginx -V

$ cd /usr/local/src/nginx-1.14.0/

$ ./configure ...(-V获取的configure arguments) --add-dynamic-module=/usr/local/src/ModSecurity-nginx

$ make modules

# 如果之前的是二进制的nginx的话,直接cp objs/ngx_http_modsecurity_module.so  /etc/nginx/modules/

$ make install

# 会显示如下信息,如果之前没有modules目录,也会生成

cp objs/ngx_http_modsecurity_module.so '/usr/local/nginx/modules/ngx_http_modsecurity_module.so'
2.加载Nginx ModSecurity
$ vim /usr/local/nginx/conf/nginx.conf

在顶级区间内加上

load_module /usr/local/nginx/modules/ngx_http_modsecurity_module.so;

$ nginx -t
3.下载默认的配置文件
$ cd /usr/local/src

$ wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended

$ mv modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf

$ vim /usr/local/nginx/conf/modsecurity.conf

    SecRuleEngine On

1.SecRuleEngine:是否接受来自ModSecurity-CRS目录下的所有规则的安全规则引擎。因此,我们可以根据需求设置不同的规则。要设置不同的规则有以下几种。SecRuleEngine On:将在服务器上激活ModSecurity防火墙,它会检测并阻止该服务器上的任何恶意攻击。SecRuleEngine Detection Only:如果设置这个规则它只会检测到所有的攻击,并根据攻击产生错误,但它不会在服务器上阻止任何东西。SecRuleEngine Off:这将在服务器上上停用ModSecurity的防火墙。

2.SecRequestBodyAccess:它会告诉ModSecurity是否会检查请求,它起着非常重要的作用。它只有两个参数ON或OFF。

3.SecResponseBodyAccess:如果此参数设置为ON,然后ModeSecurity可以分析服务器响应,并做适当处理。它也有只有两个参数ON和Off,我们可以根据求要进行设置。

4.SecDataDir:定义ModSecurity的工作目录,该目录将作为ModSecurity的临时目录使用。

4.配置核心规则
$ git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

$ cp -R owasp-modsecurity-crs/rules /usr/local/nginx/conf/

$ cp owasp-modsecurity-crs/crs-setup.conf.example /usr/local/nginx/conf/crs-setup.conf

$ vim /usr/local/nginx/conf/modsecurity.conf

    include crs-setup.conf

    include rules/*.conf
5.修改nginx的配置文件
$ vim /usr/local/nginx/conf/nginx.conf

# 放在server下的话,就是全局,如果只要某一个的话,可以放在location中

    modsecurity on;

    modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf;


$ nginx -t

nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/nginx/conf/modsecurity.conf. Line: 237. Column: 17. Failed to locate the unicode map file from: unicode.mapping Looking at: 'unicode.mapping', 'unicode.mapping', '/usr/local/nginx/conf/unicode.mapping', '/usr/local/nginx/conf/unicode.mapping'.  in /usr/local/nginx/conf/nginx.conf:73

方法一:

如果有如上错误的话,可以修改 /usr/local/nginx/conf/modsecurity.conf

搜索mapping,将SecUnicodeMapFile unicode.mapping 20127  注释掉

方法二:

将unicode.mapping复制到modsecurity.conf同一目录下。

$ cp /usr/local/src/ModSecurity/unicode.mapping /usr/local/nginx/conf/

$ nginx -t

$ systemctl restart nginx

  

四.测试

1.正常访问 192.168.1.93

2.带上正常的参数访问 192.168.1.93/?id=1

3.在正常的参数的基础上其他参数

加上AND 1=1 ,整个请求为: 192.168.1.93/?id=1 AND 1=1 (模拟简单的SQL注入)

此时Nginx就会返回403 Forbidden的信息,说明Modsecurity成功拦截了此请求。

访问192.168.1.93/?search=<scritp>alert('xss');</script> (模拟简单的XSS跨站攻击)

访问被拒绝,查看日志cat /var/log/modsec_audit.log

---CN4pqdMj---A--

[10/Jan/2019:14:02:56 +0800] 154710017669.078147 192.168.1.235 2139 192.168.1.235 80

---CN4pqdMj---B--

GET /?id=1%20AND%201=1 HTTP/1.1

Host: 192.168.1.93

Connection: keep-alive

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

Accept-Encoding: gzip, deflate

Accept-Language: zh,en-US;q=0.9,en;q=0.8,zh-CN;q=0.7


---CN4pqdMj---D--


---CN4pqdMj---E--

<html>\x0d\x0a<head><title>403 Forbidden</title></head>\x0d\x0a<body bgcolor="white">\x0d\x0a<center><h1>403 Forbidden</h1></center>\x0d\x0a<hr><center>nginx</center>\x0d\x0a</body>\x0d\x0a</html>\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a<!-- a padding to disable MSIE and Chrome friendly error page -->\x0d\x0a


---CN4pqdMj---F--

HTTP/1.1 403

Server: nginx

Date: Thu, 10 Jan 2019 06:02:56 GMT

Content-Length: 564

Content-Type: text/html

Connection: keep-alive


---CN4pqdMj---H--

ModSecurity: Warning. Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' (Value: `192.168.1.93' ) [file "/usr/local/nginx/conf/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "768"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [data "192.168.1.93"] [severity "4"] [ver "OWASP_CRS/3.1.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "192.168.1.235"] [uri "/"] [unique_id "154710017669.078147"] [ref "o0,12v38,12"]

ModSecurity: Warning. detected SQLi using libinjection. [file "/usr/local/nginx/conf/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: 1&1 found within ARGS:id: 1 AND 1=1"] [severity "2"] [ver "OWASP_CRS/3.1.0"] [maturity "0"] [accuracy "0"] [hostname "192.168.1.235"] [uri "/"] [unique_id "154710017669.078147"] [ref "v9,9"]

ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `8' ) [file "/usr/local/nginx/conf/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [data ""] [severity "2"] [ver ""] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "192.168.1.235"] [uri "/"] [unique_id "154710017669.078147"] [ref ""]

ModSecurity: Warning. Matched "Operator `Ge' with parameter `5' against variable `TX:INBOUND_ANOMALY_SCORE' (Value: `8' ) [file "/usr/local/nginx/conf/rules/RESPONSE-980-CORRELATION.conf"] [line "76"] [id "980130"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection; individual paranoia level scores: 8, 0, 0, 0"] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [tag "event-correlation"] [hostname "192.168.1.235"] [uri "/"] [unique_id "154710017669.078147"] [ref ""]


---CN4pqdMj---I--


---CN4pqdMj---J--


---CN4pqdMj---Z--

  

Nginx1.14.0+ModSecurity实现简单的WAF的更多相关文章

  1. nginx1.14.0版本https加密配置

    修改host文件,为最后访问域名准备 C:\Windows\System32\drivers\etc host文件目录192.168.10.140 www.joyce.com 在最后添加这个自定义域名 ...

  2. nginx1.14.0下载、安装、启动

    nginx1.14.0下载及安装 wget http://nginx.org/download/nginx-1.14.0.tar.gztar -zxvf nginx-1.14.0.tar.gzcd n ...

  3. CentOS 安装Nginx1.14.0

    原文地址:http://www.cnblogs.com/ascd-eg/p/9275441.html 一.安装所需环境   1.gcc 安装         yum install gcc-c++   ...

  4. 编译安装和apt安装Nginx1.14.0

    安装依赖 yum -y install gcc gcc-c++yum -y install zlib zlib-devel openssl openssl-devel pcre-devel 在Ubun ...

  5. nginx: [emerg] unknown directive "聽" in D:\software03\GitSpace\cms\nginx-1.14.0/conf/nginx.conf:36

    nginx: [emerg] unknown directive "聽" in D:\software03\GitSpace\cms\nginx-1.14.0/conf/nginx ...

  6. CentOS7 安装nginx-1.14.0

    nginx源码包:http://nginx.org/en/download.html 1.安装gcc gcc是用来编译下载下来的nginx源码 yum install gcc-c++ 2.安装pcre ...

  7. Centos7安装Nginx1.14.0

    一.官网下载 http://nginx.org/en/download.html 版本说明: Nginx官网提供了三个类型的版本 Mainline version:Mainline 是 Nginx 目 ...

  8. elementaryos5安装mysql5.7、php7.2、nginx1.14.0

    一.mysql5.7 安装mysql5.7: sudo apt-get install mysql-server-5.7 查看安装的mysql版本: mysql -V 5.7版本mysql安装过程中以 ...

  9. 2018.7.3 lnmp一键安装包无人值守版本 php7.2 + nginx1.14.0 + mariadb5.5 + centos7.1(1503) 环境搭建 + Thinkphp5.1.7 配置

    给自己练习用的,整个过程追求一个简单粗暴,没有配置虚拟主机,现在记录一下过程. 1. 进入到lnmp解压缩后的文件夹conf/rewrite,把thinkphp.conf复制一份到/usr/local ...

随机推荐

  1. 使用jEnv在Mac/Linux环境配置多版本Java

    jEnv 是什么? 先来看一下官方介绍 jEnv is a command line tool to help you forget how to set the JAVA_HOME environm ...

  2. 干货 | LIDAR、ToF相机、双目相机如何科学选择?

    点击"计算机视觉life"关注,置顶更快接收消息! 本文阅读时间约5分钟 本文翻译自卡内基梅隆大学 Chris asteroid 三维视觉技术的选择 传感器参数及定义 LIDAR ...

  3. 微信小程序底部弹窗动画

    第一步,在组件里编写弹窗的代码 <!-- 活动类型弹框 --> <view class='bottomModel' wx:if="{{modelFlag}}" c ...

  4. 我与C++的初识

    Q1:学习<C++语言程序设计>课程之前,你知道什么是编程吗?谈谈上这门课之前你对编程的理解,以及你对自己编程能力的评估. A1:在学习<C++语言程序设计>课程之前,我其实对 ...

  5. warnings.warn("allowed_domains accepts only domains, not URLs. Ignoring URL entry %s in allowed_doma

    多页面循环爬取数据抛出如下异常 warnings.warn("allowed_domains accepts only domains, not URLs. Ignoring URL ent ...

  6. vue进阶--外卖商家页

    一.准备工作 1.vue特性:轻量级.简洁.高效.组件化.数据驱动 2.技术分析:使用vue- resource与后端交互(ajax通信,ie9+)  使用vue-router作为前端路由   bet ...

  7. 打开word出现setup error,怎么解决?

    方法1:打开"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller" 文件 ...

  8. sql server导出数据,本地数据库远程连接不上,怎样设置防火墙(自用)

    控制面板——>系统安全——>windows防火墙——>高级设置 新建入站规则: 将一下两个应用 允许入站: D:\Program Files (x86)\Microsoft SQL ...

  9. 安卓 ToolBar 颜色样式设置

    设置Toolbar弹出菜单的字体颜色和背景颜色,包括三个点菜单颜色和返回图标的颜色. 布局文件xml <LinearLayout xmlns:android="http://schem ...

  10. java正则表达式学习笔记

    Java 正则表达式语法 为了更有效的使用正则表达式,需要了解正则表达式语法.正则表达式语法很复杂,可以写出非常高级的表达式.只有通过大量的练习才能掌握这些语法规则. 本篇文字,我们将通过例子了解正则 ...