说明:

操作系统:CentOS

Nginx安装目录:/usr/local/nginx

需求:增加Modsecurity模块,实现Nginx服务器Web应用防护系统

开始操作:

一、安装ModSecurity

cd  /usr/local/src

wget  https://www.modsecurity.org/tarball/2.9.1/modsecurity-2.9.1.tar.gz  #下载软件

yum install httpd-devel  #modsecurity安装需要APXS包,APXS在httpd-devel中

cd /usr/local/src

tar zxvf modsecurity-2.9.1.tar.gz

cd modsecurity-2.9.1

./autogen.sh

./configure --enable-standalone-module --disable-mlogc

make

安装过程报错,提示没有pcre解决办法

yum install pcre pcre-devel

安装过程报错,提示没有libxml2解决办法

yum install libxml2 libxml2-devel

二、编译nginx并添加modsecurity模块

查看nginx编译参数:/usr/local/nginx/sbin/nginx -V

添加modsecurity模块重新编译nginx:

cd /usr/local/src/nginx-1.10.1

./configure --prefix=/usr/local/nginx --without-http_memcached_module --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-openssl=/usr/local/src/openssl-1.0.2j --with-zlib=/usr/local/src/zlib-1.2.8 --with-pcre=/usr/local/src/pcre-8.39 --add-module=/usr/local/src/modsecurity-2.9.1/nginx/modsecurity/

make

make install

三、下载OWASP规则

cd /usr/local/src

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs

mv owasp-modsecurity-crs  /usr/local/nginx/conf  #移动到nginx配置目录下

cd /usr/local/nginx/conf/owasp-modsecurity-crs

cp crs-setup.conf.example  crs-setup.conf   #拷贝模板配置文件

cd /usr/local/src/modsecurity-2.9.1

cp modsecurity.conf-recommended  /usr/local/nginx/conf  #拷贝配置文件

cp unicode.mapping  /usr/local/nginx/conf  #拷贝配置文件

mv /usr/local/nginx/conf/modsecurity.conf-recommended  /usr/local/nginx/conf/modsecurity.conf  #重命名

vi /usr/local/nginx/conf/modsecurity.conf   #修改添加

SecRuleEngine DetectionOnly #修改为SecRuleEngine On

#Include owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf

#Include owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf

#Include owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

#Include owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf

#Include owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf

#Include owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf

#Include owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf

#Include owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf

#Include owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf

Include owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf

Include owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf

Include owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf

Include owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf

Include owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf

#Include owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf

#Include owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf

Include owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf

Include owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf

Include owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf

Include owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf

Include owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf

#Include owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf

Include owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf

Include owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf

Include owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf

:wq! #保存退出

四、配置nginx支持Modsecurity

在需要启用modsecurity的主机的location下面加入下面两行即可:

ModSecurityEnabled on;

ModSecurityConfig modsecurity.conf;

service nginx restart  #重启nginx使配置生效

五、规则测试

可以写一个php页面进行测试

具体规则如下:

至此,Linux下Nginx服务器配置Modsecurity实现Web应用防护系统教程完成。