1.OpenResty部署
安装依赖包 # yum install -y readline-devel pcre-devel openssl-devel gcc glibc gcc-c++ make # cd /usr/local/src 下载并编译安装openresty # wget "https://openresty.org/download/openresty-1.11.2.5.tar.gz" # tar zxf openresty-1.11.2.5.tar.gz # cd openresty-1.11.2.5 # ./configure --prefix=/usr/local/openresty-1.11.2.5 \ --with-luajit --with-http_stub_status_module \ --with-pcre --with-pcre-jit # gmake && gmake install # ln -s /usr/local/openresty-1.11.2.5 /usr/local/openresty 测试openresty安装 # vim /usr/local/openresty/nginx/conf/nginx.conf server { location /hello { default_type text/html; content_by_lua_block { ngx.say("HelloWorld") } } } [root@webs-ebt src]# /usr/local/openresty-1.11.2.5/nginx/sbin/nginx -t nginx: the configuration file /usr/local/openresty-1.11.2.5/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/openresty-1.11.2.5/nginx/conf/nginx.conf test is successful # /usr/local/openresty/nginx/sbin/nginx Hello World # curl http://118.190.201.11/hello HelloWorld
2.WAF部署
#git clone https://github.com/unixhot/waf.git #cp -a ./waf/waf /usr/local/openresty/nginx/conf/ 修改Nginx的配置文件,http模块加入以下配置。注意路径,同时WAF日志默认存放在/tmp/日期_waf.log #WAF lua_shared_dict limit 50m; lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua"; init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua"; access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua"; # /usr/local/openresty/nginx/sbin/nginx -t # /usr/local/openresty/nginx/sbin/nginx -s reload
如无特殊说明,文章均为本站原创,转载请注明出处
- 转载请注明来源:Web应用防护系统之WAF实践
- 本文永久链接地址:https://www.xionghaier.cn/archives/1090.html