测试环境:
centos5.6 x32,nginx1.4.4,LuaJIT-2.0.3,ngx_devel_kit-0.2.19、lua-nginx-module-0.9.11,ngx_lua_waf
1、安装nginx_lua_module模块 mkdir /data/soft 上传nginx1.4.4,LuaJIT-2.0.3,ngx_devel_kit-0.2.19、lua-nginx-module-0.9.11 unzip LuaJIT-2.0.3.zip cd LuaJIT-2.0.3 make&&make install 出现如下内容,表示安装成功 ==== Successfully installed LuaJIT 2.0.3 to /usr/local ==== tar -zxvf ngx_devel_kit-0.2.19.tar.gz tar -zxvf lua-nginx-module-0.9.11.tar.gz 以下为以/usr/local/nginx/conf/nginx.conf中加入作为nginx安装路径为例说明 tar -zxvf nginx-1.4.4 cd nginx-1.4.4 export LUAJIT_LIB=/usr/local/lib export LUAJIT_INC=/usr/local/include/luajit-2.0 export LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH ./configure --prefix=/usr/local/nginx --add-module=/data/soft/ngx_devel_kit-0.2.19 --add-module=/data/soft/lua-nginx-module-0.9.11 make -j2 make install 在/usr/local/nginx/conf/nginx.conf中加入以下内容并保存 server{ ...... location /hello { default_type ‘text/plain‘; content_by_lua ‘ngx.say("hello, lua")‘; } } /usr/local/nginx/sbin/nginx –t 检查nginx配置,应无报错 /usr/local/nginx/sbin/nginx 访问localhost/hello,会出现“hello,lua,说明安装成功! 2、安装并配置ngx_lua_waf cd /usr/local/nginx/conf rz 上传ngx_lua_waf-master.zip tar -zxvf ngx_lua_waf-master.zip rm ngx_lua_waf-master.zip mv ngx_lua_waf-master waf vi conf/nginx.conf,在http段添加以下内容并保存退出 lua_package_path "/usr/local/nginx/conf/waf/?.lua"; lua_shared_dict limit 10m; init_by_lua_file /usr/local/nginx/conf/waf/init.lua; access_by_lua_file /usr/local/nginx/conf/waf/waf.lua; 以nginx进程用户为www为例说明 mkdir -R /usr/local/nginx/logs/hack chown -R www:www /usr/local/nginx/logs/hack/ chmod -R 755 /usr/local/nginx/logs/hack/ 如果nginx安装路径和攻击日志存储路径与上述示例不一致,需要 vi waf /config.lua修改RulePath和logdir 重启nginx /usr/local/nginx/sbin/nginx –s reload 访问:域名/etc/passwd,页面提示:Please go away~~ ,同时/usr/local/nginx/logs/hack/目录下生成类似server_name-2014-08-26_sec.log的文件,说明安装配置成功 如果需要修改页面提示内容,可以修改config.lua中的html字段内容为:403 Fprbidden rm -rf /data/softl
参考文档:http://www.cnblogs.com/yjf512/archive/2012/03/27/2419577.html
时间: 2024-11-07 20:05:01