• openwaf实战


    # 安装所需依赖
    yum install gcc gcc-c++ wget GeoIP-devel git swig make perl perl-ExtUtils-Embed readline-devel zlib-devel -y

    # 安装openwaf

    cd /opt
    git clone https://github.com/titansec/OpenWAF.git
    mv /opt/OpenWAF/lib/openresty/ngx_openwaf.conf /etc
    mv /opt/OpenWAF/lib/openresty/configure /usr/local/src/openresty-1.13.6.2/ # 这个configure文件要使用openwaf维护者的文件
    cp -RP /opt/OpenWAF/lib/openresty/* /usr/local/src/openresty-1.13.6.2/bundle/
    cd /opt/OpenWAF
    make install

    # 编译openresty
    cd /usr/local/src/openresty-1.13.6.2
    ./configure
    --prefix=/data/server/openresty-1.13
    --with-pcre-jit --with-ipv6
    --with-http_v2_module
    --with-stream
    --with-http_gunzip_module
    --with-http_ssl_module
    --with-threads --with-file-aio
    --with-http_stub_status_module
    --with-http_ssl_module
    --with-http_realip_module
    --with-http_sub_module
    --with-http_geoip_module
    --with-openssl=/usr/local/src/openssl-1.1.0g
    --with-pcre=/usr/local/src/pcre-8.42
    --with-zlib=/usr/local/src/zlib-1.2.11
    --with-http_gzip_static_module
    --with-http_stub_status_module
    --with-http_image_filter_module
    --with-http_auth_request_module
    --with-http_random_index_module
    gmake && gmake install

    # 接入Openwaf
    拥有自己的nginx配置,仅需以下两步即可体验OpenWAF防护

    nginx配置修改
    在 nginx 的 http 级别添加如下两行:
    include /opt/OpenWAF/conf/twaf_main.conf;
    include /opt/OpenWAF/conf/twaf_api.conf;
    要防护的 server 或 location 级别添加如下一行:
    include /opt/OpenWAF/conf/twaf_server.conf;
    OpenWAF接入规则修改
    修改/opt/OpenWAF/conf/twaf_access_rule.json文件
    将"state"值设为false即可

    说明:
    twaf_default_conf.json # 默认策略,不建议修改
    twaf_policy_conf.json # 用户可以自定义的策略文件,该文件里面的策略会合并到 twaf_default_conf.json中(前提是启用接入规则文件:twaf_access_rule.json)
    如果启用了接入规则文件:twaf_access_rule.json,twaf_policy_conf.json规则会合并到twaf_default_conf.json中,反之只有twaf_default_conf.json策略文件生效

    贴出本文测试的配置文件:

    # cat /etc/ngx_openwaf.conf
    ngx_openwaf.conf ngx_openwaf.conf.bak ngx_openwaf.conf.ori
    [root@nginx32-249 conf]# cat /etc/ngx_openwaf.conf
    worker_processes 4;
    error_log /data/logs/nginx/error.log;
    pid /data/logs/nginx/run/nginx.pid;
    # pcre_jit on;

    events {
    worker_connections 4096;
    use epoll;
    }


    http {
    include /opt/OpenWAF/conf/twaf_main.conf;
    include /opt/OpenWAF/conf/twaf_api.conf;
    port_in_redirect off;

    include /data/server/openresty-1.13/nginx/conf/mime.types;
    default_type application/octet-stream;
    ssi on;
    ssi_silent_errors on;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    log_format new_main 'yjall-test-------$server_addr####$remote_addr####$remote_user####[$time_local]####$request_time####$status####$bytes_sent####'
    '$request_method####$Scheme://$Host$request_uri####$http_cdn_src_ip####'
    '$upstream_http_content_type####$http_referer####"$http_user_agent"####"$http_cookie"####"$request_body"';

    access_log /data/logs/nginx/access.log new_main;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 64k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types text/plain application/x-javascript text/css application/xml text/javascript;
    gzip_vary on;
    fastcgi_intercept_errors on;
    proxy_intercept_errors on;

    sendfile on;
    #tcp_nopush on;

    keepalive_timeout 600;
    send_timeout 600;

    fastcgi_connect_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    client_header_timeout 600; #调大点
    client_body_timeout 600; #调大点
    client_max_body_size 500m; #主要是这个参数,限制了上传文件大大小
    client_body_buffer_size 256k;

    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;

    upstream site {
    server 10.10.35.190:8080;
    }


    server {
    listen 80;
    server_name test.com;

    location ~* ^/(.*)$ {
    rewrite ^/(.*)$ http://www.test.com/$1 permanent;
    }
    }


    server {
    listen 80;
    server_name www.test.com;
    include /opt/OpenWAF/conf/twaf_server.conf;

    location / {
    index index.jsp index.html;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header From www.test.com;
    proxy_cookie_path /yjall/ /;
    proxy_set_header Cookie $http_cookie;
    proxy_pass http://site;
    }

    location ~ /upload/ {
    root /data/yjwstatic/JYSWY_UPLOAD;
    }
    }

    server {
    listen 443 ssl;
    server_name www.test.com;
    include /opt/OpenWAF/conf/twaf_server.conf;

    ssl_certificate /opt/OpenWAF/conf/ssl/nginx.crt;
    ssl_certificate_key /opt/OpenWAF/conf/ssl/nginx.key;
    ssl_protocols SSLv2 SSLv3 TLSv1;
    # ssl_protocols TLSv1.1 TLSv1.2 TLSv2.0;

    location / {
    index index.jsp index.html;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header From www.test.com;
    proxy_cookie_path /yjall/ /;
    proxy_set_header Cookie $http_cookie;
    proxy_pass http://site;
    }

    location ~ /upload/ {
    root /data/yjwstatic/JYSWY_UPLOAD;
    }

    }
    }

    测试(一个注入攻击):

    http://www.test.com/?name=test AND 1=1

     返回结果:

    非法的访问

    您的访问已被识别为攻击并记录. 
    如有任何意见或建议,请及时与管理员联系 

    客户端地址: 192.168.51.242 
    访问的URL: http://www.test.com/ 
    触发的事件类型: attack.injection.sql.libinjection 
    UNIQUE_ID: gcNONWK6a1dkUYPzKAGLZTyPNexcGETXKn 

    规则文件目录:

    # ll /opt/OpenWAF/lib/twaf/inc/knowledge_db/twrules/
    total 36
    -rw-r--r-- 1 root root 15884 6月 6 16:24 rules.json
    -rw-r--r-- 1 root root 18758 6月 6 16:24 rules.lua

    这两个文件有openwaf的所有规则

  • 相关阅读:
    网络爬虫的基本原理(一)
    灵光一闪-软件应用
    sql语句变量定义和样例
    windows+linux环境部署搭建
    jdk1.6安装
    系统部署
    tomcat部署
    maven各种插件在总结
    maven项目tomcat部署问题
    两种数据源
  • 原文地址:https://www.cnblogs.com/ocean-boy/p/openwaf.html
Copyright © 2020-2023  润新知