测试环境:
centos5.6 x32,nginx1.4.4,LuaJIT-2.0.3,ngx_devel_kit-0.2.19、lua-nginx-module-0.9.11,ngx_lua_waf
1、安装nginx_lua_module模块
mkdir /data/soft
上传nginx1.4.4,LuaJIT-2.0.3,ngx_devel_kit-0.2.19、lua-nginx-module-0.9.11
unzip LuaJIT-2.0.3.zip
cd LuaJIT-2.0.3
make&&make install
出现如下内容,表示安装成功
==== Successfully installed LuaJIT 2.0.3 to /usr/local ====
tar -zxvf ngx_devel_kit-0.2.19.tar.gz
tar -zxvf lua-nginx-module-0.9.11.tar.gz
以下为以/usr/local/nginx/conf/nginx.conf中加入作为nginx安装路径为例说明
tar -zxvf nginx-1.4.4
cd nginx-1.4.4
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.0
export LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH
./configure --prefix=/usr/local/nginx --add-module=/data/soft/ngx_devel_kit-0.2.19 --add-module=/data/soft/lua-nginx-module-0.9.11
make -j2
make install
在/usr/local/nginx/conf/nginx.conf中加入以下内容并保存
server{
......
location /hello {
default_type ‘text/plain‘;
content_by_lua ‘ngx.say("hello, lua")‘;
}
}
/usr/local/nginx/sbin/nginx –t 检查nginx配置,应无报错
/usr/local/nginx/sbin/nginx
访问localhost/hello,会出现“hello,lua,说明安装成功!
2、安装并配置ngx_lua_waf
cd /usr/local/nginx/conf
rz 上传ngx_lua_waf-master.zip
tar -zxvf ngx_lua_waf-master.zip
rm ngx_lua_waf-master.zip
mv ngx_lua_waf-master waf
vi conf/nginx.conf,在http段添加以下内容并保存退出
lua_package_path "/usr/local/nginx/conf/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file /usr/local/nginx/conf/waf/init.lua;
access_by_lua_file /usr/local/nginx/conf/waf/waf.lua;
以nginx进程用户为www为例说明
mkdir -R /usr/local/nginx/logs/hack
chown -R www:www /usr/local/nginx/logs/hack/
chmod -R 755 /usr/local/nginx/logs/hack/
如果nginx安装路径和攻击日志存储路径与上述示例不一致,需要
vi waf /config.lua修改RulePath和logdir
重启nginx
/usr/local/nginx/sbin/nginx –s reload
访问:域名/etc/passwd,页面提示:Please go away~~ ,同时/usr/local/nginx/logs/hack/目录下生成类似server_name-2014-08-26_sec.log的文件,说明安装配置成功
如果需要修改页面提示内容,可以修改config.lua中的html字段内容为:403 Fprbidden
rm -rf /data/softl
参考文档:http://www.cnblogs.com/yjf512/archive/2012/03/27/2419577.html
时间: 2024-08-29 03:24:59