nginx lua module Taobao developed nginx third-party module, which can embed the lua language into nginx configuration, so that the use of lua greatly enhances the ability of nginx. nginx is known for its high concurrency, lua scripts are light, and the combination of the two is perfect.
GitHub address: https://github.com/loveshell/ngx_lua_waf
###用途:
- Prevent web attacks such as SQL injection, local inclusion, partial overflow, fuzzing testing, xss, SSRF, etc
- Prevent file leakage such as SVN/backup
- Prevent attacks from stress testing tools like ApacheBench
- Block common scanning hacking tools, scanners
- Block unusual network requests
- Block the PHP execution permission of the image attachment directory
- Prevent webshell uploads
System version, command lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.4.1708 (Core)
Release: 7.4.1708
Codename: Core
LuaJIT version
LuaJIT-2.0.5 is the latest stable version
nginx version (will fail to install, more on that later)
nginx 1.4.4 version
First, create the installation directory /alidata/server/lj2 with the following command:
Install the Lua environment
--Check if the installation is successful
--Create soft links
Original order:
Since we have lua installed under /alidata/server/lj2, execute the following command,Do not execute the above command, execute the following command:
If you do not create a symlink, the following exception may occur: error while loading shared libraries: libluajit-5.1.so.2: cannot open shared object file: No such file or directory
Download ngx_devel_kit and unzip it
Project Homepage: https://github.com/simplresty/ngx_devel_kit
Download ngx_lua and unzip it
Recompile and install nginx
Back up the previous ngxin file first
I have installed nginx before, executing the command nginx -V as follows:
nginx version: nginx/1.4.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/alidata/server/nginx --with-http_stub_status_module --without-http-cache --with-http_ssl_module --with-http_gzip_static_ module
Two module catalogues
/root/pack/lua-nginx-module-0.10.13
/root/pack/ngx_devel_kit-0.2.19
Download and execute in the nginx directory
--add environment variable to tell nginx where to find luajit
If you don't add it, nginx will report the following error when compiling:
./configure: error: ngx_http_lua_module requires the Lua library. If an error is reported, please execute the above two sentences!
compile
Error: #error at least nginx 1.6.0 is required but found an older version
nginx version is too low, the minimum requirement is 1.6.0, so upgrade nginx version,When upgrading the nginx version, you can actually install the lua-nginx-module and ngx_devel_kit module into the new version, which will not be detailed here, just run the following command with the new version,
Download ngx_lua_waf and unzip it
Modify the nginx configuration file to change the path according to the actual situation
Add it in the http section of nginx.conf
Once added,I restarted nginx and got a 500 errorFinally, it was found that the reason was that the config.lua file was to be modified in two places:
RulePath and logdir to modify according to your own situation!
Test
https://www.itsvse.com/forum.php?id=../etc/passwd
|
Posted on 4/27/2018 1:29:43 PM
|
|
|
|
Posted on 5/6/2018 2:18:47 PM