備注：

使用的是modsecurity 3.0 的版本，也是nginx 官方推薦使用的媚值，同時使用的是nginx 的dynamic module?

1. 環(huán)境準(zhǔn)備

https://github.com/SpiderLabs/ModSecurity

https://github.com/SpiderLabs/ModSecurity-nginx

https://nginx.org/download/nginx-1.13.8.tar.gz

2. ?編譯libmodsecurity

a.預(yù)備（編譯依賴）

yum install -y pcre pcre-devel openssl openssl-devel libtool libtool-ltdl-devel gcc gcc-c++ gcc-g77 autoconf automake

geoip geip-devel libcurl libcurl-devel yajl yajl-devel lmdb-devel ssdeep-devel lua-devel

備注：比較多沛申，實(shí)際安裝會有提示

b.編譯

git clone --depth 1 -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity

cd ModSecurity

git submodule init

git submodule update

./build.sh

./configure

make

make install

備注：fatal:No names found,cannot describe anything.提示這個錯誤可以不用管（官方說明）

c.modsecurity nginx dynamicmodule編譯

git clone --depth 1 https://github.com/SpiderLabs/ModSecurity-nginx.git

wget https://nginx.org/download/nginx-1.13.8.tar.gz

tar xvfnginx-1.13.8.tar.gz

cd nginx-1.13.8

./configure --add-dynamic-module=../ModSecurity-nginx

make modules

cp objs/ngx_http_modsecurity_module.so /usr/local/nginx/modules(此處為Nginx安裝位置,我的nginx也是源碼編譯)

d.nginx源碼編譯

參考上面的nginx下載

./configure

make

make install

3. 配置模塊加載

load_module modules/ngx_http_modsecurity_module.so;

備注：位置nginx main

4. 測試nginx 環(huán)境準(zhǔn)備

a.實(shí)際業(yè)務(wù)應(yīng)用

/usr/local/nginx/cong/nginx.conf

server{

listen localhost:8085;

location /{

default_type text/plain;

return 200 "Thank you for requesting ${request_uri}\n";

}

}

b.waf(modsecurity nginx出口酪耳，以及數(shù)據(jù)入口)nginx proxy

server{

listen 80;

location /{

proxy_pass http://localhost:8085;

proxy_set_header Host $host;

? ?? }

}

5. modsecurity 配置文件

a.官方模版

mkdir -p/usr/local/nginx/modsec

cd /usr/local/nginx/modsec

wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended

mv modsecurity.conf-recommended modsecurity.conf

啟用規(guī)引擎

SecRuleEngine On

b.創(chuàng)建主配置文件

main.conf

內(nèi)容如下：

Include /usr/local/nginx/modsec/modsecurity.conf

SecRule ARGS:testparam "@contains test" "id:1234,deny,log,status:403"

c.waf上面的nginx80配置)

modsecurity on;

modsecurity_rules_file? /usr/local/nginx/modsec/main.conf;

6. 加載配置

sbin/nginx-t

備注：如果不報錯說明沒有問題铡恕，報錯可以參考日志解決

7. 測試

實(shí)際上翰萨，上面的配置是如果請求參考testparam包含test就提示403

測試結(jié)果：

curl -i http://localhost/foo?testparam=dalongtest

HTTP/1.1403Forbidden

Server:nginx/1.13.8

Date:Sun,18Feb201810:45:43GMT

Content-Type:text/html

Content-Length:169

Connection:keep-alive

?

403Forbidden

403Forbidden

nginx/1.13.8

?

curl -i http://localhost/foo?testparam=dalong

HTTP/1.1200OK

Server:nginx/1.13.8

Date:Sun,18Feb201810:46:14GMT

Content-Type:text/plain

Content-Length:47

Connection:keep-alive

Thank you for requesting/foo?testparam=dalong

8. 擴(kuò)展

同時支持OWASP的crs

配置參考：

wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/ v3.0.2.tar.gz

tar -xzvf v3.0.2.tar.gz

sudo mv owasp-modsecurity-crs-3.0.2 /usr/local

cd /usr/local/owasp-modsecurity-crs-3.0.2

sudo cp crs-setup.conf.example crs-setup.conf

?# Include the recommended configuration Include /usr/local/nginx/modsec/modsecurity.conf

# OWASP CRS v3 rules

Include /usr/local/owasp-modsecurity-crs-3.0.2/crs-setup.confInclude /usr/local/owasp-modsecurity-crs-3.0.2/rules/*.conf

8. 參考資料

https://github.com/SpiderLabs/ModSecurity/tree/v3/master

https://github.com/SpiderLabs/ModSecurity

https://www.nginx.com/resources/library/modsecurity-3-nginx-quick-start-guide/