ModSecurity + Apache 安装

Platform: Ubuntu 16.04.3 LTS


1. Apache源码安装

1.1 安装包

wget http://archive.apache.org/dist/apr/apr-1.4.5.tar.gz  
wget http://archive.apache.org/dist/apr/apr-util-1.3.12.tar.gz  
wget http://jaist.dl.sourceforge.net/project/pcre/pcre/8.10/pcre-8.10.zip 
wget http://mirrors.tuna.tsinghua.edu.cn/apache//httpd/httpd-2.4.29.tar.gz

1.2 解压缩

.tar.gz -- tar -zvxf 
.zip -- unzip -o 

1.3 apr/apr-util/pcre安装

./configure --prefix=/usr/local/apr 
make && make install

./configure --prefix=/usr/local/apr-util \
  --with-apr=/usr/local/apr/
make && make install

./configure --prefix=/usr/local/pcre
make && make install

1.4 apache安装

./configure --prefix=/usr/local/httpd/ \
  --sysconfdir=/etc/httpd/ \
  --with-include-apr \
  --disable-userdir \
  --enable-so \
  --enable-defate=shared \
  --enable-expires-shared \
  --enable-rewrite=shared \
  --enable-static-support \
  --with-apr=/usr/local/apr/ \
  --with-apr-util=/usr/local/apr-util/bin \
  --with-pcre=/usr/local/pcre/ \
  --with-ssl \
  --with-z \

make && make install

1.5 启动

cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
/etc/init.d/httpd start

1.6 Apache代理配置

#加载proxy模块
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

#代理配置

        ServerName 172.16.77.66
        ProxyPass / http://172.16.77.67:8081/
        ProxyPassReverse / http://172.16.77.67:8081/

2. Mod_security安装

2.1 安装包

https://www.modsecurity.org/tarball/2.9.2/modsecurity-2.9.2.tar.gz

2.2 依赖

APR:Apache Portable Runtime (Apache Portable Runtime Project, retrieved 29 December 2016)
APU:APR-Util (Apache Portable Runtime Project, retrieved 29 December 2016)
libcurl (libcurl, retrieved 29 December 2016)
libxml2 (xmlsoft.org, retrieved 29 December 2016)
Lua 5.2 (Lua.org, retrieved 29 December 2016)
PCRE:Perl Compatible Regular Expressions (PCRE, retrieved 29 December 2016)
ssdeep (SourceForge, retrieved 29 December 2016)
YAJL (GitHub, retrieved 29 December 2016)

2.3 安装依赖

apt-get install libcurl3-dev libxml2-dev libfuzzy-dev libyajl-dev

2.4 安装modsecurity

./configure --with-apxs=/usr/local/httpd/bin/apxs \
  --with-apr=/usr/local/apr/ \
  --with-apu=/usr/local/apr-util/bin \
  --with-pcre=/usr/local/pcre/ \

 make && make install

2.5 确认Apache已添加Mod_security模块

root@66:/usr/local/httpd/modules# ll
......
-r--r--r--  1 root root 2614880 Dec  5 03:46 mod_security2.so
......

2.6 确认Apache和Mod_security指向同一个PCRE库

root@66:/usr/local# ldd httpd/bin/httpd | grep pcre
    libpcre.so.1 => /usr/local/pcre/lib/libpcre.so.1 (0x00007f8807a94000)
root@66:/usr/local# ldd httpd/modules/mod_security2.so | grep pcre
    libpcre.so.1 => /usr/local/pcre/lib/libpcre.so.1 (0x00007f32aa0e2000)

2.7 为Mod_security添加权限

root@66:/usr/local/httpd/modules# chmod +wx mod_security2.so
root@66:/usr/local/httpd/modules# ll
......
-rwxr-xr-x  1 root root 2614880 Dec  5 03:46 mod_security2.so*
......

2.8 在Apache上加载Mod_security模块

#加载Mod_security模块
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so

#Mod_security配置

        Include /etc/httpd/extra/security_main.conf

  • OWASP Mod_security Core Rule Set
    owasp-modsecurity-crs

你可能感兴趣的:(ModSecurity + Apache 安装)