Centos下nginx+Modsecurity安装:https://www.jianshu.com/p/93e310e12036
https://www.oschina.net/p/modsecurity?hmsr=aladdin1e1
http://www.modsecurity.cn/practice/post/23.html
http://www.modsecurity.cn/chm/pmFromFile.html
一,安装依赖:
# yum instal l-y gitwgetepel-releasegcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel lmdb-devel libxml2-devel ssdeep-devel lua-devel libtool autoconf automake
# yum install gcc-c++
二,安装MS:
# cd /usr/local
# git clone https://github.com/SpiderLabs/ModSecurity
# cd ModSecurity
# git checkout -b v3/master origin/v3/master
# git submodule init
# git submodule update
# sh build.sh
# ./configure
# make
# makeinstall
三,安装nginx与ModSecurity-nginx连接器:
# cd /usr/local
# git clone https://github.com/SpiderLabs/ModSecurity-nginx
# wget wget http://nginx.org/download/nginx-1.18.0.tar.gz
# tar -xvzf nginx-1.18.0.tar.gz
# cd /usr/local/nginx-1.18.0
# ./configure --add-module=/usr/local/ModSecurity-nginx
# make && make install
四,模拟攻击,测试未启动MS时的访问效果:
启动nginx:
# /usr/local/nginx/sbin/nginx
访问URL地址:
http://10.20.192.36/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
未拦截效果:
五、配置MS:
# mkdir /usr/local/nginx/conf/modsecurity
# cp /usr/local/Modsecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/modsecurity.conf
#cp /usr/local/Modsecurity/unicode.mapping /usr/local/nginx/conf/modsecurity/
#cd /usr/local/
# wget http://www.modsecurity.cn/download/corerule/owasp-modsecurity-crs-3.3-dev.zip
# unzip owasp-modsecurity-crs-3.3-dev.zip
# cd owasp-modsecurity-crs-3.3-dev
#cp crs-setup.conf.example /usr/local/nginx/conf/modsecurity/crs-setup.conf
#cp -rf /usr/local/owasp-modsecurity-crs-3.3-dev/rules /usr/local/nginx/conf/modsecurity/
# cd /usr/local/nginx/conf/modsecurity/
# mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
# mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
编辑:vi nginx.conf
在http或server节点中添加以下内容:
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/modsecurity/modsecurity.conf;
编辑:vi modsecurity.conf
SecRuleEngine DetectionOnly 改为 SecRuleEngine On
然后添加以下内容:
Include /usr/local/nginx/conf/modsecurity/crs-setup.conf
Include /usr/local/nginx/conf/modsecurity/rules/*.conf
六,重新加载Nginx测试效果:
# /usr/local/nginx/sbin/nginx -s reload
重新攻击访问:
http://10.20.192.36/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
查看nginx日志:
tailf /usr/local/nginx/logs/access.log
七、modSecurity规则指令编写:
1、一个简单的规则
在/usr/local/nginx/conf/modsecurity/rules 目录下创建wz.conf,添加规则
SecRule ARGS "(testwwd)+" \
"msg:'wwd22 test',\
id:300102,\
phase:request,\
deny,\
status:503"
# /usr/local/nginx/sbin/nginx -s reload
测试:http://10.20.192.36/?test=testwwd