美文网首页WAF
基于Nginx的WAF实现

基于Nginx的WAF实现

作者: zhicheng_li | 来源:发表于2017-03-02 09:25 被阅读0次

    准备

    centos 6
    tengine2.2.0(尽量用最新版本)
    LuaJIT 2.1.0-beta2

    2

    2.1依赖安装

    yum install zlib zlib-devel openssl openssl-devel pcre pcre-devel libxslt-devel gd-devel geoip-devel

    2.2编译安装LuaJIT

    wget http://luajit.org/download/LuaJIT-2.1.0-beta2.tar.gz
    tar -xvf LuaJIT-2.1.0-beta2.tar.gz
    cd LuaJIT-2.1.0-beta2
    make
    make install PREFIX=/opt/luajit/
    ln -s /opt/luajit/bin/luajit-2.1.0-beta2 /usr/bin/luajit
    安装好后LUAJIT_LIB和LUAJIT_INC的路径是:
    库文件 LUAJIT_LIB=/opt/luajit/lib
    头文件 LUAJIT_INC=/opt/luajit/include/luajit-2.1
    这两个路径编译tengine时要用到。

    2.3 安装jemalloc

    wget http://www.canonware.com/download/jemalloc/jemalloc-3.6.0.tar.bz2
    tar -xvf jemalloc-3.6.0.tar.bz2
    cd jemalloc-3.6.0
    ./configure
    make && make install
    echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
    ldconfig

    2.4编译安装tengine

    useradd -s /sbin/nologin nginx
    mkdir -pv /data/ngx_temp
    chown nginx /data/ngx_temp/ -R
    wget http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
    tar -xvf tengine-2.2.0.tar.gz
    cd tengine-2.2.0
    ./configure --prefix=/opt/nginx --with-http_gzip_static_module --with-http_realip_module --with-http_concat_module --with-http_lua_module --with-luajit-lib=/opt/luajit/lib/ --with-luajit-inc=/opt/luajit/include/luajit-2.1/ --with-ld-opt=-Wl,-rpath,/opt/luajit/lib --with-jemalloc=/usr/local/src/jemalloc-3.6.0 --user=nginx --group=nginx
    make -j 8
    make install
    测试:
    nginx.conf添加:
    dso { load ngx_http_fastcgi_module.so; load ngx_http_rewrite_module.so; load ngx_http_lua_module.so; } location /lua { default_type 'text/plain'; content_by_lua 'ngx.say("hello, lua")'; }
    启动nginx,访问curl localhost:8080/lua,返回hello, lua,测试成功。

    3 配置ngx_lua_waf

    cd /opt/nginx/conf/
    git clone https://github.com/loveshell/ngx_lua_waf
    mv ngx_lua_waf/ waf
    在nginx.conf的http段添加:
    lua_package_path "/opt/nginx/conf/waf/?.lua"; lua_shared_dict limit 10m; init_by_lua_file /opt/nginx/conf/waf/init.lua; access_by_lua_file /opt/nginx/conf/waf/waf.lua;
    编辑/opt/nginx/conf/waf/config.lua
    RulePath = "/opt/nginx/conf/waf/wafconf/" attacklog = "on" logdir = "/data/logs/nginx/hack/"
    绝对路径如有变动,需对应修改

    测试:

    https://github.com/loveshell/ngx_lua_waf
    https://github.com/starjun/openstar

    相关文章

      网友评论

        本文标题:基于Nginx的WAF实现

        本文链接:https://www.haomeiwen.com/subject/ddrhgttx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        WAF

        关于我们|服务条款|联系我们|基于Nginx的WAF实现|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!