Nginx+Lua实现自定义WAF(一)
安装环境:centOS7 1810
Step1:安装编译所依赖的软件
[root@waf ~]# yum install gcc-c++ libtool gmake make -y [root@waf ~]# yum install pcre pcre-devel openssl openssl-devel zlib zlib-devel readline readline-devel-y
Step2:创建nginx用户/组
[root@waf ~]# groupadd nginx [root@waf ~]# useradd -d /home/nginx -g nginx -s /sbin/nginx nginx
step3:编译安装Openresty
[root@waf ~]# wget https://openresty.org/download/openresty-1.17.8.2.tar.gz [root@waf ~]# tar zxvf openresty-1.17.8.2.tar.gz [root@waf ~]# cd openresty-1.17.8.2 [root@waf openresty-1.17.8.2]# ./configure --prefix=/usr/local/openresty \ --sbin-path=/usr/local/openresty/nginx/sbin/nginx \ --conf-path=/usr/local/openresty/nginx/conf/nginx.conf \ --pid-path=/usr/local/openresty/nginx/run/nginx.pid \ --error-log-path=/usr/local/openresty/nginx/logs/error.log \ --http-log-path=/usr/local/openresty/nginx/logs/access.log \ --user=nginx \ --group=nginx \ --with-pcre \ --with-stream \ --with-threads \ --with-file-aio \ --with-http_v2_module \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_gzip_static_module \ --with-http_stub_status_module
[root@waf openresty-1.17.8.2]# gmake
[root@waf openresty-1.17.8.2]# gmake install
step4:为Openresty添加环境变量
[root@waf ~]# vim /etc/profile.d/openresty.sh
export PATH=/usr/local/openresty/bin:$PATH
[root@waf ~]# source /etc/profile
Step5:下载WAF模块
[root@waf openresty-1.17.8.2]# git clone https://github.com/unixhot/waf.git
[root@waf openresty-1.17.8.2]# git clone https://github.com/openresty/lua-resty-core.git
[root@waf openresty-1.17.8.2]# cp -a ./waf/waf /usr/local/openresty/nginx/conf/
[root@waf openresty-1.17.8.2]# cp -a lua-resty-core /usr/local/openresty/nginx/conf/
Step6:Openresty引入WAF模块
[root@waf openresty-1.17.8.2]# vim /usr/local/openresty/nginx/conf/nginx.conf
在http下添加如下Lua路径
http {
lua_shared_dict limit 10m;
lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua;/usr/local/openresty/lua-resty-core/lib/?.lua;;";
init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
Step7:启动服务
[root@waf openresty-1.17.8.2]# openresty
[root@waf openresty-1.17.8.2]# openresty -s reload
posted on 2023-07-16 21:26 CyberSecurityBook 阅读(180) 评论(0) 编辑 收藏 举报