想使用ngx_lua_waf防火墙,发现lnmp一键包里并没有编译lua模块
ngx_lua_waf项目地址:https://github.com/loveshell/ngx_lua_waf
重新编译nginx顺便升级
下载源码:
mkdir -p ~/install/nginx_update
cd ~/install/nginx_update
wget http://nginx.org/download/nginx-1.13.9.tar.gz
wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.0.tar.gz
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz
wget http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz编译安装LuaJIT-2.1
tar zxf LuaJIT-2.1.0-beta3.tar.gz
cd LuaJIT-2.1.0-beta3
make
make install
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.1
在 ~/.bash_profile 下添加几行:
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.1
解压nginx-lua模块
cd ..
cp v0.10.11.tar.gz /usr/local/src
cp v0.3.0.tar.gz /usr/local/src
cd /usr/local/src
tar zxf v0.10.11.tar.gz
tar zxf v0.3.0.tar.gz编译nginx
cd ~/install/nginx_update
tar zxf nginx-1.13.9.tar.gz
cd nginx-1.13.9
./configure --user=www --group=www --prefix=/usr/local/nginx --with-ld-opt="-Wl,-rpath,$LUAJIT_LIB" --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --add-module=/usr/local/src/lua-nginx-module-0.10.11/ --add-module=/usr/local/src/ngx_devel_kit-0.3.0/
make //千万别手贱make install 覆盖安装了升级nginx。。。
mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak //备份旧版本nginx程序 cp objs/nginx /usr/local/nginx/sbin/nginx nginx -v //检查是否升级成功
安装ngx_lua_waf防火墙
cd /usr/local/nginx/conf
wget https://github.com/loveshell/ngx_lua_waf/archive/v0.7.2.tar.gz
tar zxf v0.7.2.tar.gz
rm -f v0.7.2.tar.gz
mv ngx_lua_waf-0.7.2 waf在nginx.conf的http段添加:
lua_package_path "/usr/local/nginx/conf/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file /usr/local/nginx/conf/waf/init.lua;
access_by_lua_file /usr/local/nginx/conf/waf/waf.lua;重启nginx使防火墙生效
service nginx restart然后就可以访问http://你的网站/XXX.php?id=../etc/passwd
如果出现这个就证明成功了
默认是不开启防cc的,需要的话得去config.lua里设置