升级nginx1.13.9并使用ngx_lua_waf防火墙

想使用ngx_lua_waf防火墙,发现lnmp一键包里并没有编译lua模块

ngx_lua_waf项目地址:https://github.com/loveshell/ngx_lua_waf

重新编译nginx顺便升级

下载源码:

mkdir -p ~/install/nginx_update

cd ~/install/nginx_update

wget http://nginx.org/download/nginx-1.13.9.tar.gz

wget https://github.com/simplresty/ngx_devel_kit/archive/v0.3.0.tar.gz

wget https://github.com/openresty/lua-nginx-module/archive/v0.10.11.tar.gz

wget http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz

编译安装LuaJIT-2.1

tar zxf LuaJIT-2.1.0-beta3.tar.gz

cd LuaJIT-2.1.0-beta3

make

make install

export LUAJIT_LIB=/usr/local/lib

export LUAJIT_INC=/usr/local/include/luajit-2.1

在  ~/.bash_profile 下添加几行:

export LUAJIT_LIB=/usr/local/lib

export LUAJIT_INC=/usr/local/include/luajit-2.1

 

解压nginx-lua模块

cd ..

cp v0.10.11.tar.gz /usr/local/src

cp v0.3.0.tar.gz /usr/local/src

cd /usr/local/src

tar zxf v0.10.11.tar.gz

tar zxf v0.3.0.tar.gz

编译nginx

 cd ~/install/nginx_update

tar zxf nginx-1.13.9.tar.gz

cd nginx-1.13.9
./configure --user=www --group=www --prefix=/usr/local/nginx --with-ld-opt="-Wl,-rpath,$LUAJIT_LIB" --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --add-module=/usr/local/src/lua-nginx-module-0.10.11/ --add-module=/usr/local/src/ngx_devel_kit-0.3.0/
make //千万别手贱make install 覆盖安装了

升级nginx。。。

mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak //备份旧版本nginx程序

cp objs/nginx /usr/local/nginx/sbin/nginx

nginx -v //检查是否升级成功

安装ngx_lua_waf防火墙

cd /usr/local/nginx/conf

wget https://github.com/loveshell/ngx_lua_waf/archive/v0.7.2.tar.gz

tar zxf v0.7.2.tar.gz

rm -f v0.7.2.tar.gz

mv ngx_lua_waf-0.7.2 waf

在nginx.conf的http段添加:

	lua_package_path "/usr/local/nginx/conf/waf/?.lua";
        lua_shared_dict limit 10m;
        init_by_lua_file  /usr/local/nginx/conf/waf/init.lua; 
	access_by_lua_file /usr/local/nginx/conf/waf/waf.lua;

重启nginx使防火墙生效

service nginx restart

然后就可以访问http://你的网站/XXX.php?id=../etc/passwd

如果出现这个就证明成功了

默认是不开启防cc的,需要的话得去config.lua里设置

发表评论

电子邮件地址不会被公开。 必填项已用*标注