In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-07 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
1. Introduction to related concepts of WAF:
(1) introduction to WAF:
WAF:Web Appalication Firewall,Web application firewall is a product that works in the application layer and provides security protection for Web applications through a series of security policies for HTTP/HTTPS.
(2) WAF can achieve the following functions:
A, prevent SQL injection, local inclusion, partial overflow, Fuzzing testing, XSS and other Web Attack
B. Prevent files such as SVN/ backup from leaking
C. Prevent the pressure test tool Attack such as Apache Bench
D. Shielding common Hacker scanning tools
E. Block abnormal network requests
F. Block the PHP execution permission of the attachment directory of pictures.
G, prevent Webshell upload, etc.
2. Install dependent software packages:
# yum-y install gcc gcc-c++ make zlib zlib-devel openssl openssl-devel pcre pcre-devel perl-devel perl-ExtUtils-Embed gd-devel libxml2 libxml2-devel libxslt libxslt-devel GeoIP GeoIP-devel GeoIP-data git libuuid-devel libblkid-devel libudev-devel fuse-devel libedit-devel libatomic_ops-devel httpd-tools
3. Compile and install OpenResty:
# useradd-s / sbin/nologin-M nginx
# mkdir-pv / usr/local/openresty/nginx/logs/
# tar-xf openresty-1.15.8.2.tar.gz-C / usr/src
# cd / usr/src/openresty-1.15.8.2/
# / configure-- prefix=/usr/local/openresty-- user=nginx-- group=nginx-- with-threads-- with-file-aio-- with-http_iconv_module-- with-luajit-- with-http_v2_module-- with-http_realip_module-- with-http_addition_module-- with-http_xslt_module-- with-http_image_filter_module-- with-http_geoip_module-- with-http_sub_module-- with-http_dav_module -- with-http_flv_module-- with-http_mp4_module-- with-http_gunzip_module-- with-http_gzip_static_module-- with-http_auth_request_module-- with-http_random_index_module-- with-http_secure_link_module-- with-http_degradation_module-- with-http_slice_module-- with-http_stub_status_module-- with-http_perl_module-- with-mail-- with-mail_ Ssl_module-with-stream-with-stream_ssl_module-with-stream_realip_module-with-stream_geoip_module-with-stream_ssl_preread_module-with-pcre- with-pcre-jit-with-libatomic-http-log-path=/usr/local/openresty/nginx/logs/access.log
# gmake & & gmake install
4. Configure the environment variable and start OpenResty:
# vim / etc/profile.d/openresty.sh
Export PATH=/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin:$PATH
#. / etc/profile.d/openresty.sh
# nginx-v
# nginx
# ss-tunlp | grep-w: 80
5. Test the Lua environment:
# vim / tmp/hello.lua-- > print ("Hello Lua")
# lua / tmp/hello.lua
# lua
6. Test the OpenResty Lua module:
# cd / usr/local/openresty/nginx/conf
# cp nginx.conf {, .bak}
# vim nginx.conf. Add the following location to the server configuration section:
Location / lua {
Default_type text/html
Content_by_lua_block {
Ngx.say ("Hello Lua")
}
}
# nginx-t
# nginx-s reload
7. Create a directory to save * logs:
# mkdir-pv / usr/local/openresty/nginx/logs/hack
8. Download the decompression ngx_lua_waf module:
Ngx_lua_waf: Web application firewall based on lua-nginx-module, https://github.com/loveshell/ngx_lua_waf.
# tar-xf ngx_lua_waf-0.7.2.tar.gz-C / usr/local/openresty/nginx/conf
# cd / usr/local/openresty/nginx/conf
# mv ngx_lua_waf-0.7.2 waf
# chown-R nginx.nginx / usr/local/openresty
Remarks: main structure of waf directory
(1) config.lua: configuration file
(2) init.lua: rule function
(3) waf.lua: define the WAF detection sequence
(4) wafconf: save the directory of filtering rules. Each rule needs to be wrapped or used. | split
(5) wafconf/args: filter by GET parameter (enabled by default)
(6) wafconf/cookie: filter by Cookie
(7) wafconf/post: filter according to POST request (enabled by default)
(8) wafconf/url: filter according to GET request URL
(9) wafconf/user-agent: filter by User Agent
(10) wafconf/whiteurl: match the URL in the whitelist. If the match is reached, no filtering will be performed.
9. Modify the path of the waf rule directory in the config.lua configuration file:
# vim / usr/local/openresty/nginx/conf/waf/config.lua-- > RulePath= "/ usr/local/openresty/nginx/conf/waf/wafconf/"
Remarks: config.lua configuration file
Instruction
Meaning
RulePath= "/ usr/local/openresty/nginx/conf/waf/wafconf/"
Rule storage directory
Attacklog= "on"
Open the log
Logdir= "/ usr/local/openresty/nginx/logs/hack/"
Log log directory
UrlDeny= "on"
Block URL acc
Redirect= "on"
Redirect after interception
CookieMatch= "on"
Intercept Cookie Attack
PostMatch= "on"
Intercept Post Attack
WhiteModule= "on"
Open URL whitelist
Black_fileExt= {"php", "jsp"}
Types of file suffixes that are not allowed to upload
IpWhitelist= {"127.0.0.1"}
IP whitelist, separated by commas between multiple IP
IpBlocklist= {"1.0.0.1"}
IP blacklist, separated by commas between multiple IP
CCDeny= "on"
Enable intercepting CC Attack (you need to add the code lua_shared_dict limit 10m in the http configuration section of nginx.conf)
CCrate= "100AG60"
Sets the CC Attack frequency in seconds
By default, the same IP can only request the same address 100 times per minute.
10. Modify the nginx.conf configuration file:
# vim / usr/local/openresty/nginx/conf/nginx.conf, add the following code to the http configuration section:
Lua_package_path "/ usr/local/openresty/nginx/conf/waf/?.lua"
Lua_shared_dict limit 10m
Init_by_lua_file "/ usr/local/openresty/nginx/conf/waf/init.lua"
Access_by_lua_file "/ usr/local/openresty/nginx/conf/waf/waf.lua"
# nginx-t
# nginx-s reload
11. Test the WAF application firewall:
(1) simulated URL parameter detection: http://192.168.0.121/lua?id=../etc/shadow
(2) use the ab command to simulate CC Attack:# ab-n 10000-c 10000 http://192.168.0.121/lua
Remarks: ab command option
A,-n requests: total number of requests executed. Default is 1.
B,-c concurrency: number of requests executed concurrently at one time. Default is 1.
(3) View the log: # tail-3 / usr/local/openresty/nginx/logs/hack/localhost_2020-02-18_sec.log
192.168.0.121 [2020-02-18 00:47:49] "UA localhost/lua"-"ApacheBench/2.3" (HTTrack | harvest | audit | dirbuster | pangolin | nmap | sqln |-scan | hydra | Parser | BBBike | sqlmap | w3af | Nikto | fimap | havij | PycURL | zmeu | BabyKrokodil | netsparker | httperf bench | SF/) "
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.