//添加依赖,一下看情况而添加,不确定需不需要
apt-get install gcc libpcre3 libpcre3-dev zlib1g-dev
//tengine依赖
sudo apt-get install openssl libssl-dev libssl0.9.8 libpcre3 libpcre3-dev
sudo apt-get install libxml2 libxml2-dev libxml2-utils
sudo apt-get install libaprutil1 libaprutil1-dev
sudo apt-get install apache2-dev
1.配置
./configure
make
make install
//添加依赖,此处可能报错
apt-get install libtool
apt-get install autoconf
2.//进入modSercurity
cd ModSecurity/
./autogen.sh
./configure–enable-standalone-module –disable-mlogc
make
3.nginx添加modsecurity模块
cd tengine/
./configure –add-module=/opt/modsecurity/nginx/modsecurity/ –prefix=/usr/local/nginx
make && make install
make
4.启动OWASP规则
cp -R owasp-modsecurity-crs /local/nginx
cp /usr/local/nginx/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example /usr/local/nginx/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
cd ModSecurity/
cp modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity.conf
cp unicode.mapping /usr/local/nginx/conf
5.修改配置
gedit modsecurity.conf
SecRuleEngine on
Include owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
Include owasp-modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
Include owasp-modsecurity-crs/base_rules/modsecurity_crs_41_xss_attacks.conf
Include owasp-modsecurity-crs/base_rules/modsecurity_crs_40_generic_attacks.conf
Include owasp-modsecurity-crs/experimental_rules/modsecurity_crs_11_dos_protection.conf
Include owasp-modsecurity-crs/experimental_rules/modsecurity_crs_11_brute_force.conf
Include owasp-modsecurity-crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
6.配置nginx
在需要启用modsecurity的主机的location下面加入下面两行即可:
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
下面事例配置:
server {
listen 88;
server_name localhost;
location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
/usr/local/nginx/sbin/nginx 启动
/usr/local/nginx/sbin/nginx -s reload 重启
/usr/local/nginx/sbin/nginx -s stop 关闭
文章参考
http://www.52os.net/articles/nginx-use-modsecurity-module-as-waf.html
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX
http://drops.wooyun.org/tips/2614
http://drops.wooyun.org/tips/3804
http://drops.wooyun.org/tips/734
http://www.freebuf.com/articles/web/18084.html
http://www.freebuf.com/articles/web/16806.html