使用Nginx+Lua实现的WAF,nginxlua实现waf


一.OpenResty安装和测试

官方网站:https://openresty.org/cn/
LUA学习:http://blog.jobbole.com/70480/

1.安装OpenResty:

# yum install -y readline-devel pcre-devel openssl-devel
# cd /usr/local/src
下载并编译安装openresty
# wget https://openresty.org/download/ngx_openresty-1.9.3.2.tar.gz
# tar zxf ngx_openresty-1.9.3.2.tar.gz
# cd ngx_openresty-1.9.3.2
# ./configure --prefix=/usr/local/openresty-1.9.3.2 \
--with-luajit --with-http_stub_status_module \
--with-pcre --with-pcre-jit
# gmake && gmake install
# ln -s /usr/local/openresty-1.9.3.2/ /usr/local/openresty
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11

2.测试openresty安装:

vim /usr/local/openresty/nginx/conf/nginx.conf

server {
    location /hello {
            default_type text/html;
            content_by_lua_block {
                ngx.say("HelloWorld")
            }
        }
}
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8

3.启动openresty并测试:

/usr/local/openresty/nginx/sbin/nginx -t
/usr/local/openresty/nginx/sbin/nginx

http://172.16.1.211/hello #访问后出现“HelloWorld”

二.WAF安装和测试

参考资料: https://github.com/unixhot/waf
PS: 这个是赵班长写的WAF安全检测模块,过滤了一些常见的入侵方式,性能也非常不错。

1.安装并配置WAF:

#git clone https://github.com/unixhot/waf.git
#cp -a ./waf/waf /usr/local/openresty/nginx/conf/

修改Nginx的配置文件,在HTTP字段加入以下配置。注意路径,同时WAF日志默认存放在/tmp/日期_waf.log
vim /usr/local/openresty/nginx/conf/nginx.conf
#WAF
    lua_shared_dict limit 50m;
    lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
    init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
    access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";

[root@openstack-compute-node5 ~]# /usr/local/openresty/nginx/sbin/nginx –t
[root@openstack-compute-node5 ~]# /usr/local/openresty/nginx/sbin/nginx
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13

2.WAF配置文件:

vim /usr/local/openresty/nginx/conf/waf/config.lua

--waf 是否开启
config_waf_enable = "on"
--日杂文件目录
config_log_dir = "/tmp"
--配置文件目录
config_rule_dir = "/usr/local/openresty/nginx/conf/waf/rule-config"
--是否开启 白名单链接
config_white_url_check = "on"
--enable/disable 白名单IP
config_white_ip_check = "on"
--enable/disable 黑名单IP
config_black_ip_check = "on"
--enable/disable URL检测
config_url_check = "on"
--enalbe/disable url 参数检查
config_url_args_check = "on"
--enable/disable user agent filtering
config_user_agent_check = "on"
--enable/disable cookie deny filtering
config_cookie_check = "on"
--enable/disable cc 检测
config_cc_check = "on"
--CC检测限制60秒内同一URL只能访问10config_cc_rate = "10/60"
--enable/disable post 检测(这个功能作者没完成)
config_post_check = "on"
--config waf output redirect/html
config_waf_output = "html"

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29

3.验证:

http://172.16.1.211/a.sql    #访问会出现安全检测页面
ab -n100 -c1 http://172.16.1.211/   #模仿CC攻击

  • 1
  • 2
  • 3
        <link rel="stylesheet" href="https://csdnimg.cn/release/phoenix/template/css/markdown_views-ea0013b516.css">
            </div>

相关内容

    暂无相关文章