Linux下Nginx+modsecurity安装手册

1. 准备文件:

源码包: nginx1.6, modsecurity2.8, apr-1.5.1, apr-util-1.5.3, apr-iconv1.2.1, httpd-2.2.-12, libxml2.7.2

规则文件: owasp-modsecurity-crs-master.zip: http://sourceforge.net/projects/mod-security/files/

2. 安装:

编译安装apr依赖库:

解压apr,apr-util,apr-iconv, libxml,依次执行./configure, make, make install;

安装apache:

configure --prefix=/usr/local/apache2 --enable-so --enable-mods-shared=all
make
make install

编译standalone module:

configure --enable-standalone-module

make 

make install

编译nginx:

configure --add-module=../mod_security/nginx/modsecurity

make 

make install

执行nginx,如果提示找不到apr***.so.0库,就将/usr/local/apr/lib/下的相应文件拷贝到/usr/lib(64位的拷贝到/usr/lib64)下,运行成功后进行规则文件配置.

将modsecurity目录下的modsecurity.conf-recommended,unicode.mapping拷贝到nginx/conf下,重命名为modsecurity.conf,将owasp-modsecurity-crs-master下的modsecurity_crs_10_setup.conf.example拷贝到nginx/conf下,重命名位modsecurity_crs_10_setup.conf

打开nginx.conf,在location / {} 里面加入:

ModSecurityEnable on;

ModSecurityConfig modsecurity.conf;

proxy_pass http://xxxx:xx;

proxy_read_timeout 180s;

打开modsecurity.conf, 在最上面引入规则文件路径:

Include /path/modsecurity-crs/modsecurity_crs_10_config.conf

Include /path/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf

Include /path/modsecurity-crs/base_rules/modsecurity_crs_41_xss_attacks.conf

将SecRuleEngine设置位On

重启nginx, 在url后面加?and 1=1 测试,返回403,并在/var/log/modsec_audit.log产生攻击日志表示安装成功,规则文件可以根据自己需要引入base_rules里的规则文件;