centos nginx 1.6.3安装过程(带waf)
2016-06-19 14:32
417 查看
wget http://nginx.org/download/nginx-1.6.3.tar.gz
wget http://nginx.org/download/nginx-1.8.1.tar.gz
wget http://zlib.net/zlib-1.2.8.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
wget http://www.openssl.org/source/openssl-fips-2.0.12.tar.gz
tar -zxvf nginx-1.6.3.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
tar -zxvf pcre-8.38.tar.gz
tar -zxvf openssl-fips-2.0.12.tar.gz
cd openssl-fips-2.0.10
./config
make
sudo make install
cd zlib-1.2.8
./configure
make
sudo make install
cd pcre-8.38
./configure
make
sudo make install
cd nginx-1.6.3
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.12
make
sudo make install
cd /usr/local/nginx/sbin
sudo ./nginx
----------------------------
添加 naxsi模块
wget https://github.com/nbs-system/naxsi/archive/master.zip
mv master.zip naxsi-master.zip
unzip naxsi-master.zip
在安装好的nginx/sbin/下执行 ./nginx -V 命令,可以查看到nginx的原有./configure 复制后并添加naxsi模块
添加:--add-module=../naxsi-master/naxsi_src
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.10 --add-module=../naxsi-master/naxsi_src
make
sudo make install
cp ~/naxsi-master/naxsi_config/naxsi_core.rules /usr/local/nginx/conf/
cd /usr/local/nginx/conf
vim mysite.rules
内容如下:
#------------------------
#LearningMode; #Enables learning mode
SecRulesEnabled;
#SecRulesDisabled;
DeniedUrl "/RequestDenied";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
#---------------------------
vim nginx.conf
在http部分加入如下配置
include /usr/local/nginx/conf/naxsi_core.rules;
在 server的 location / {
#在这里面增加:
include /usr/local/nginx/conf/mysite.rules;
}
#增加:
location /RequestDenied {
return 403;
}
主要参考资料:
http://blog.cnwyhx.com/centos-nginx-naxsi-install/
wget http://nginx.org/download/nginx-1.8.1.tar.gz
wget http://zlib.net/zlib-1.2.8.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
wget http://www.openssl.org/source/openssl-fips-2.0.12.tar.gz
tar -zxvf nginx-1.6.3.tar.gz
tar -zxvf zlib-1.2.8.tar.gz
tar -zxvf pcre-8.38.tar.gz
tar -zxvf openssl-fips-2.0.12.tar.gz
cd openssl-fips-2.0.10
./config
make
sudo make install
cd zlib-1.2.8
./configure
make
sudo make install
cd pcre-8.38
./configure
make
sudo make install
cd nginx-1.6.3
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.12
make
sudo make install
cd /usr/local/nginx/sbin
sudo ./nginx
----------------------------
添加 naxsi模块
wget https://github.com/nbs-system/naxsi/archive/master.zip
mv master.zip naxsi-master.zip
unzip naxsi-master.zip
在安装好的nginx/sbin/下执行 ./nginx -V 命令,可以查看到nginx的原有./configure 复制后并添加naxsi模块
添加:--add-module=../naxsi-master/naxsi_src
./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.10 --add-module=../naxsi-master/naxsi_src
make
sudo make install
cp ~/naxsi-master/naxsi_config/naxsi_core.rules /usr/local/nginx/conf/
cd /usr/local/nginx/conf
vim mysite.rules
内容如下:
#------------------------
#LearningMode; #Enables learning mode
SecRulesEnabled;
#SecRulesDisabled;
DeniedUrl "/RequestDenied";
## check rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
#---------------------------
vim nginx.conf
在http部分加入如下配置
include /usr/local/nginx/conf/naxsi_core.rules;
在 server的 location / {
#在这里面增加:
include /usr/local/nginx/conf/mysite.rules;
}
#增加:
location /RequestDenied {
return 403;
}
主要参考资料:
http://blog.cnwyhx.com/centos-nginx-naxsi-install/
相关文章推荐
- nginx代理指定目录
- 访问Nginx发生SSL connection error的一种情况
- Nginx+Naxsi部署专业级Web应用防火墙
- CentOS 6.2实战部署Nginx+MySQL+PHP
- nginx中http核心模块的配置指令2
- nginx中http核心模块的配置指令3
- nginx中http核心模块的配置指令4
- nginx中http的fastcgi模块的配置指令1
- Nginx 学习笔记(一)
- 网站502与504错误分析
- 用zabbix监控nginx_status状态
- 艰难完成 nginx + puma 部署 rails 4的详细记录
- 把Lua编译进nginx步骤方法
- web 应用中常用的各种 cache详解
- Linux系统上配置Nginx+Ruby on Rails+MySQL超攻略
- window+nginx+php环境配置 附配置搭配说明
- 解析CI即CodeIgniter框架在Nginx下的重写规则
- 将PHP从5.3.28升级到5.3.29时Nginx出现502错误
- 基于Nginx0.8.54+PHP5.3.4+MySQL5.5.8的全新LNMP稳定版架构搭建的VPS