OpenResty + lua构建waf功能测试

OpenResty又被称为ngx_openresty,是基于Nginx的核心Web应用程序服务器。OpenResty是基于Nginx和Lua的高性能Web平台,OpenResty通过汇聚各种设计精良的Nginx模块,从而将Nginx有效地变成一个强大的通用Web应用平台。

OpenResty同样也支持开源的waf组件,通过Nginx和Lua的结合,可以简化攻击的配置,OpenResty抵御CC攻击。

# 1、安装依赖包

yum -y install gcc make pcre pcre-devel zlib zlib-devel openssl-devel

 

# 2、下载openresty 并解压

cd /usr/local/src

wget https://openresty.org/download/openresty-1.19.9.1.tar.gz

tar zxf openresty-1.19.9.1.tar.gz

 

# 3、编译安装

./configure --prefix=/root/openresty/application --with-http_stub_status_module --with-file-aio --with-threads --with-stream

make -j 5  或者  gmake

make install  或者  gmake install

 

# 4、部署lua程序写的waf

# git clone https://github.com/unixhot/waf.git

\# cp -r ./waf/waf /root/openresty/application/nginx/conf/

\# vim /root/openresty/application/nginx/conf/nginx.conf

\#在http{}中增加,注意路径,同时WAF日志默认存放在/tmp/日期_waf.log

\#WAF

  lua_shared_dict limit 50m;

  lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";

  init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";

  access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";

\# ln -s /usr/local/openresty/lualib/resty/ /usr/local/openresty/nginx/conf/waf/resty

\# /root/openresty/application/nginx/sbin/nginx -t

\# /root/openresty/application/nginx/sbin/nginx -s reload

 

# 5、修改配置

在nginx.conf文件的http标签中增加配置

  \# 4、增加waf配置

  \# lua_load_resty_core off;

  lua_shared_dict limit 50m;

  lua_package_path "/root/openresty/application/nginx/conf/waf/?.lua";

  init_by_lua_file "/root/openresty/application/nginx/conf/waf/init.lua";

  access_by_lua_file "/root/openresty/application/nginx/conf/waf/access.lua";

 

## 启动过程中遇到的问题

[root@linux-node3 core]# nginx

nginx: [alert] failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: module 'resty.core' not found:

no field package.preload['resty.core']

no file '/root/openresty/application/nginx/conf/waf/resty/core.lua'

no file '/root/openresty/application/site/lualib/resty/core.so'

no file '/root/openresty/application/lualib/resty/core.so'

no file './resty/core.so'

no file '/usr/local/lib/lua/5.1/resty/core.so'

no file '/root/openresty/application/luajit/lib/lua/5.1/resty/core.so'

no file '/usr/local/lib/lua/5.1/loadall.so'

no file '/root/openresty/application/site/lualib/resty.so'

no file '/root/openresty/application/lualib/resty.so'

no file './resty.so'

no file '/usr/local/lib/lua/5.1/resty.so'

no file '/root/openresty/application/luajit/lib/lua/5.1/resty.so'

no file '/usr/local/lib/lua/5.1/loadall.so') in /root/openresty/application/nginx/conf/nginx.conf:134

 

# 解决办法:创建软链接

ln -s /usr/local/openresty/lualib/resty/ /usr/local/openresty/nginx/conf/waf/resty

ln -s /root/openresty/application/lualib/resty/ /root/openresty/application/nginx/conf/waf/resty

 

## 在Nginx文件中增加了lua扩展模块,启动时遇到的问题

2021/09/01 09:06:12 [error] 59260#59260: *3 failed to load external Lua file "/root/openresty/application/nginx/conf/waf/access.lua": cannot open /root/openres

ty/application/nginx/conf/waf/access.lua: Permission denied, client: 192.168.56.1, server: localhost, request: "GET /hello HTTP/1.1", host: "192.168.56.7"

 

2021/09/01 09:11:20 [error] 61312#61312: *1 lua entry thread aborted: runtime error: /root/openresty/application/nginx/conf/waf/init.lua:152: bad argument #1 t

o 'pairs' (table expected, got nil)

stack traceback:

coroutine 0:

[C]: in function 'pairs'

/root/openresty/application/nginx/conf/waf/init.lua:152: in function 'user_agent_attack_check'

/root/openresty/application/nginx/conf/waf/access.lua:6: in function 'waf_main'

/root/openresty/application/nginx/conf/waf/access.lua:18: in main chunk, client: 192.168.56.1, server: localhost, request: "GET /hello HTTP/1.1", host:

"192.168.56.7"

 

# 解决办法:修改/waf/config.lua文件中的规则文件夹参数

--rule setting

config_rule_dir = "/root/openresty/application/nginx/conf/waf/rule-config"

 

#6、 测试结果

[root@linux-node3 logs]# curl http://192.168.56.7/hello

This is a test html!!!

[root@linux-node3 logs]# curl http://192.168.56.7/hello -A 'sqlmap' # 仿sqlmap的User-Agent测试URL

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<meta http-equiv="Content-Language" content="zh-cn" />

<title>OpsAny|Web应用防火墙</title>

</head>

<body>

<h1 align="center"> 欢迎白帽子进行授权安全测试,安全漏洞请联系QQ:57459267

</body>

</html>

 

鸣谢:https://www.unixhot.com/ 赵班长

 

posted @ 2021-09-01 16:45  MENGXP  阅读(596)  评论(0编辑  收藏  举报