1. 準備檔案:
源碼包: nginx1.6, modsecurity2.8, apr-1.5.1, apr-util-1.5.3, apr-iconv1.2.1, httpd-2.2.-12, libxml2.7.2
規則檔案: owasp-modsecurity-crs-master.zip: http://sourceforge.net/projects/mod-security/files/
2. 安裝:
編譯安裝apr依賴庫:
解壓apr,apr-util,apr-iconv, libxml,依次執行./configure, make, make install;
安裝apache:
configure --prefix=/usr/local/apache2 --enable-so --enable-mods-shared=all
make
make install
編譯standalone module:
configure --enable-standalone-module
make
make install
編譯nginx:
configure --add-module=../mod_security/nginx/modsecurity
make
make install
執行nginx,如果提示找不到apr***.so.0庫,就将/usr/local/apr/lib/下的相應檔案拷貝到/usr/lib(64位的拷貝到/usr/lib64)下,運作成功後進行規則檔案配置.
将modsecurity目錄下的modsecurity.conf-recommended,unicode.mapping拷貝到nginx/conf下,重命名為modsecurity.conf,将owasp-modsecurity-crs-master下的modsecurity_crs_10_setup.conf.example拷貝到nginx/conf下,重命名位modsecurity_crs_10_setup.conf
打開nginx.conf,在location / {} 裡面加入:
ModSecurityEnable on;
ModSecurityConfig modsecurity.conf;
proxy_pass http://xxxx:xx;
proxy_read_timeout 180s;
打開modsecurity.conf, 在最上面引入規則檔案路徑:
Include /path/modsecurity-crs/modsecurity_crs_10_config.conf Include /path/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf Include /path/modsecurity-crs/base_rules/modsecurity_crs_41_xss_attacks.conf
将SecRuleEngine設定位On
重新開機nginx, 在url後面加?and 1=1 測試,傳回403,并在/var/log/modsec_audit.log産生攻擊日志表示安裝成功,規則檔案可以根據自己需要引入base_rules裡的規則檔案;
![修改or隐藏nginx版本号[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)