ModSecurity+Nginx构建WAF

栏目: 服务器 · Nginx · 发布时间: 7年前

内容简介：ModSecurity+Nginx构建WAF

A+

所属分类：Nginx

+++++++++++++++++++++++++++

os: centos7.2_64bit

modsecurity: 2.9.1

nginx: 1.10.3

by: chenb

at: 2017-03-22

+++++++++++++++++++++++++++

modsecurity原本是Apache上的一款开源waf，可以有效的增强web安全性，目前已经支持nginx和IIS，配合nginx的灵活和高效，可以打造成生产级的WAF，是保护和审核web安全的利器。

一、安装ModSecurity

yum -y install httpd-devel pcre pcre-devel libxml2-devel libxml2
cd /home/tools
wget  https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz
tar zxvf modsecurity-2.9.1.tar.gz
cd modsecurity-2.9.1
./autogen.sh
./configure --enable-standalone-module --disable-mlogc
make

二、编译nginx并添加modsecurity和nginx-sticky模块

cd /home/tools
unzip nginx-sticky-module-ng.zip
解压后从命名为：nginx-goodies-nginx-sticky
 
groupadd nginx
useradd -r -g nginx -s /sbin/nologin -M nginx
 
cd /home/tools
tar zxvf nginx-1.10.3.tar.gz
cd nginx-1.10.3/
 
./configure \
--with-pcre \
--prefix=/usr/local/nginx \
--user=nginx  \
--group=nginx  \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--add-module=/home/tools/modsecurity-2.9.1/nginx/modsecurity \
--add-module=/home/tools/nginx-goodies-nginx-sticky
 
make && make install

三、下载OWASP规则

cd /home/tools/
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
mv owasp-modsecurity-crs  /usr/local/nginx/conf  #移动到nginx配置目录下
cd /usr/local/nginx/conf/owasp-modsecurity-crs
cp crs-setup.conf.example  crs-setup.conf   #拷贝模板配置文件
cd /home/tools/modsecurity-2.9.1/
cp modsecurity.conf-recommended  /usr/local/nginx/conf  #拷贝配置文件
cp unicode.mapping  /usr/local/nginx/conf  #拷贝配置文件
mv /usr/local/nginx/conf/modsecurity.conf-recommended  /usr/local/nginx/conf/modsecurity.conf  #重命名
vim /usr/local/nginx/conf/modsecurity.conf   #修改添加
SecRuleEngine DetectionOnly #修改为SecRuleEngine On
在最后加上如下：
#Include owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
#Include owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
#Include owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
#Include owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
#Include owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf
#Include owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
#Include owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf
#Include owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
#Include owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
#Include owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
#Include owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
#Include owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
Include owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
Include owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
Include owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
Include owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
Include owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
Include owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
Include owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
Include owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
Include owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
Include owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
Include owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
Include owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
Include owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf
:wq! #保存退出

四、配置nginx支持Modsecurity

在需要启用modsecurity的主机的location下面加入下面两行即可：

ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
location / {
            root   html;
            index  index.html index.htm;i
            ModSecurityEnabled on;
            ModSecurityConfig modsecurity.conf;
}

至此，Modsecurity模块+nginx的安装完成。

五、查看ip地址的连接数前十：

netstat -nt | awk '{print $5}' | awk -F: '{print ($1>$4?$1:$4)}' | \
sort | uniq -c | sort -nr | head 10

微信公众号

扫一扫关注运维生存时间公众号，获取最新技术文章~

以上就是本文的全部内容，希望本文的内容对大家的学习或者工作能带来一定的帮助，也希望大家多多支持码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络，本站转载出于传递更多信息之目的，版权归原作者或者来源机构所有，如转载稿涉及版权问题，请联系我们。

码农书籍

The Starfish and the Spider

Ori Brafman、Rod A. Beckstrom / Portfolio Hardcover / 2006-10-05 / USD 24.95

Understanding the amazing force that links some of today's most successful companies If you cut off a spider's leg, it's crippled; if you cut off its head, it dies. But if you cut off a st......一起来看看《The Starfish and the Spider》这本书的介绍吧!

码农工具