CentOS下Nginx+ModSecurity(3.0.3)安装文档

一，安装依赖：

#yum instal l-y gitwgetepel-releasegcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel lmdb-devel libxml2-devel ssdeep-devel lua-devel libtool autoconf automake

二，安装MS：

#cd /usr/local

#git clone https://github.com/SpiderLabs/ModSecurity

#cd ModSecurity

#git checkout -b v3/master origin/v3/master      

#git submodule init                              

#git submodule update

#sh build.sh

#./configure

#make

#makeinstall

三，安装nginx与ModSecurity-nginx连接器：

#cd /usr/local

#git clone https://github.com/SpiderLabs/ModSecurity-nginx

#wget http://nginx.org/download/nginx-1.16.2.tar.gz

#tar -xvzf nginx-1.16.2.tar.gz

#cd /usr/local/nginx-1.16.2

#./configure --add-module=/usr/local/ModSecurity-nginx

#make && make install

四，模拟攻击，测试未启动MS时的访问效果：

启动nginx：

#/usr/local/nginx/sbin/nginx

访问URL地址：

http://服务器IP/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

未拦截效果：

五、配置MS：

#mkdir /usr/local/nginx/conf/modsecurity            

#cp /usr/local/Modsecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/

#mv /usr/local/nginx/conf/modsecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/modsecurity.conf

#cp /usr/local/Modsecurity/unicode.mapping /usr/local/nginx/conf/modsecurity/

#cd /usr/local/

#wget http://www.modsecurity.cn/download/corerule/owasp-modsecurity-crs-3.3-dev.zip

#unzip owasp-modsecurity-crs-3.3-dev.zip

#cd owasp-modsecurity-crs-3.3-dev

#cp crs-setup.conf.example /usr/local/nginx/conf/modsecurity/

#mv /usr/local/nginx/conf/modsecurity/crs-setup.conf.example /usr/local/nginx/conf/modsecurity/crs-setup.conf

#cp /usr/local/owasp-modsecurity-crs-3.3-dev/rules/* /usr/local/nginx/conf/modsecurity/

#cd /usr/local/nginx/conf/modsecurity/

#mv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf                 

#mv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

编辑nginx.conf

在http或server节点中添加以下内容：

modsecurity on;

modsecurity_rules_file /usr/local/nginx/conf/modsecurity/modsecurity.conf;

编辑modsecurity.conf

SecRuleEngine DetectionOnly改为SecRuleEngine On

然后添加以下内容：

Include /usr/local/nginx/conf/modsecurity/crs-setup.conf

Include /usr/local/nginx/conf/modsecurity/rules/*.conf

六，重新加载Nginx测试效果：

#/usr/local/nginx/sbin/nginx -s reload

重新攻击访问：

http://服务器IP/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

查看NG访问错误日志验证防护效果：