操作系统 CenOS 7.9
ModSecurity: 2.9.3 (中文社区可下载)
http://www.modsecurity.cn/download/modsecurity/modsecurity-2.9.3.tar.gz
部署开始
一、安装相关工具
yum install -y wget epel-release
yum install -y httpd httpd-devel pcre pcre-devel libxml2-devel gcc lua-devel yajl-devel ssdeep-devel curl-devel
二、编译Modsecurity
将modsecurity安装包上传至/usr/local目录下
cd /usr/local
wget http://www.modsecurity.cn/download/modsecurity/modsecurity-2.9.3.tar.gz
tar -zxvf modsecurity-2.9.3.tar.gz
cd modsecurity-2.9.3
./configure --enable-standalone-module --disable-mlogc
make
三、安装Nginx
cd /usr/local
wget http://nginx.org/download/nginx-1.21.4.tar.gz
tar -xvzf nginx-1.21.4.tar.gz
cd /usr/local/nginx-1.21.4
./configure --add-module=/usr/local/modsecurity-2.9.3/nginx/modsecurity/ --prefix=/usr/local/nginx
make
make install
四、测试效果
启动nginx
/usr/local/nginx/sbin/nginx
模拟攻击,测试未启动ModSecurity时的访问效果,访问URL为:http://服务器IP/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E
效果如下:
[root@virtual_cloud nginx-1.21.4]# curl "10.0.0.14/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E"
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
五、最后配置
创建用于存在配置文件的文件夹,并复制相关配置文件到目录中
mkdir -p /usr/local/nginx/conf/modsecurity/
cp /usr/local/modsecurity-2.9.3/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/modsecurity.conf
cp /usr/local/modsecurity-2.9.3/unicode.mapping /usr/local/nginx/conf/modsecurity/unicode.mapping
规则文件 http://www.modsecurity.cn/download/corerule/owasp-modsecurity-crs-3.3-dev.zip
下载规则文件压缩包,解压后复制crs-setup.conf.example到/usr/local/nginx/conf/modsecurity/下并重命名为crs-setup.conf;
复制rules文件夹到/usr/local/nginx/conf/modsecurity/下,同时在rules内修改REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example与RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example两个文件的文件名,将".example"删除,可将自己写的规则放置于此两个文件中;
编辑nginx.conf
在http或server节点中添加以下内容(在http节点添加表示全局配置,在server节点添加表示为指定网站配置):
ModSecurityEnabled on;
ModSecurityConfig modsecurity/modsecurity.conf;
http {
include mime.types;
default_type application/octet-stream;
ModSecurityEnabled on;
ModSecurityConfig modsecurity/modsecurity.conf;
---
编辑modsecurity.conf
SecRuleEngine DetectionOnly改为SecRuleEngine On
同时在文件末尾添加以下内容:
Include crs-setup.conf
Include rules/*.conf
六、重新加载Nginx测试效果
/usr/local/nginx/sbin/nginx -s reload
[root@virtual_cloud modsecurity]# curl "10.0.0.14/?param=%22%3E%3Cscript%3Ealert(1);%3C/script%3E"
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.21.4</center>
</body>
</html>
