用ModSecurity启动WAF的一次小试
来源:岁月联盟
时间:2020-03-16
--with-mail_ssl_module /
--with-stream /
--with-stream_ssl_module /
--with-compat /
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -DNGX_HTTP_HEADERS' /
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed'i /
--add-dynamic-module=../ModSecurity-nginx /
--add-dynamic-module=../ngx_http_geoip2_module
make
make install
cd ..
useradd -m -c'nginx' nginx
mkdir -p /var/cache/nginx/client_temp
chown nginx:nginx /var/cache/nginx/client_temp
配置ModSecurity
nginx被编译并安装到modsec即可,ModSec(SpiderLabs)的创建者有提供下载默认配置,让我们着手行动。
mkdir -p /usr/local/nginx/etc/modsec
wget
https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended /
-O /usr/local/nginx/etc/modsec/modsecurity.conf
cp -p /root/owasp/modsecurity-v3.0.4/unicode.mapping /usr/local/nginx/etc/modsec/unicode.mapping
sed -i 's/^SecRuleEngine.*/SecRuleEngine On/' /usr/local/nginx/etc/modsec/modsecurity.conf
cat '@EOF' > /usr/local/nginx/etc/modsec/main.conf
Include "/usr/local/nginx/etc/modsec/modsecurity.conf"
# Basic test rule
SecRule ARGS:blogtest "@contains test" "id:1111,deny,status:403"
SecRule REQUEST_URI "@beginsWith /admin"
"phase:2,t:lowercase,id:2222,deny,msg:'block admin'"
@EOF
使用ModSec模块配置nginx。
worker_processes 1;
load_module modules/ngx_http_modsecurity_module.so;
load_module modules/ngx_http_geoip2_module.so;
load_module modules/ngx_stream_geoip2_module.so;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
modsecurity on;
modsecurity_rules_file /usr/local/nginx/etc/modsec/main.conf;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
上一页 [1] [2] [3] [4] [5] 下一页
上一篇:避免凭证转储攻击的5个技巧
