centos nginx 1.6.3安装过程(带waf)

wget http://nginx.org/download/nginx-1.6.3.tar.gz
wget http://nginx.org/download/nginx-1.8.1.tar.gz
wget http://zlib.net/zlib-1.2.8.tar.gz
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz
wget http://www.openssl.org/source/openssl-fips-2.0.12.tar.gz
tar -zxvf nginx-1.6.3.tar.gz

tar -zxvf zlib-1.2.8.tar.gz

tar -zxvf pcre-8.38.tar.gz

tar -zxvf openssl-fips-2.0.12.tar.gz

cd openssl-fips-2.0.10

./config

make

sudo make install

cd zlib-1.2.8

./configure

make

sudo make install

cd pcre-8.38

./configure

make

sudo make install

cd nginx-1.6.3

./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.12

make

sudo make install

cd /usr/local/nginx/sbin

sudo ./nginx

----------------------------

添加 naxsi模块

wget https://github.com/nbs-system/naxsi/archive/master.zip
mv master.zip naxsi-master.zip

unzip naxsi-master.zip

在安装好的nginx/sbin/下执行 ./nginx -V 命令，可以查看到nginx的原有./configure 复制后并添加naxsi模块

添加：--add-module=../naxsi-master/naxsi_src

./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.10 --add-module=../naxsi-master/naxsi_src

make

sudo make install

cp ~/naxsi-master/naxsi_config/naxsi_core.rules /usr/local/nginx/conf/

cd /usr/local/nginx/conf

vim mysite.rules

内容如下：

#------------------------

#LearningMode; #Enables learning mode

SecRulesEnabled;

#SecRulesDisabled;

DeniedUrl "/RequestDenied";

## check rules

CheckRule "$SQL >= 8" BLOCK;

CheckRule "$RFI >= 8" BLOCK;

CheckRule "$TRAVERSAL >= 4" BLOCK;

CheckRule "$EVADE >= 4" BLOCK;

CheckRule "$XSS >= 8" BLOCK;

#---------------------------

vim nginx.conf

在http部分加入如下配置

include /usr/local/nginx/conf/naxsi_core.rules;

在 server的 location / {

#在这里面增加：

include /usr/local/nginx/conf/mysite.rules;

}

#增加：

location /RequestDenied {

return 403;

}

主要参考资料:
http://blog.cnwyhx.com/centos-nginx-naxsi-install/