Naxsi+nginx前段保护

Naxsi是Nginx的一个第三方的插件 用于保护Nginx前段防护 是一个轻量级的防火墙 比较好用

官网即下载地址

https://github.com/nbs-system/naxsi/releases

参考网址

https://www.123admin.com/how-to-setup-and-configure-naxsi-for-nginx-on-centos/

解压

tar zxvf  naxsi-0.56rc1.tar.gz

把naxsi重新编译到nginx里面

./configure --prefix=/usr/local/nginx --add-module=/root/nginx-1.13.9/naxsi-0.56rc1/naxsi_src  --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_image_filter_module --with-http_slice_module --with-mail --with-threads --with-file-aio --with-stream --with-mail_ssl_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-pcre  --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module  && make

覆盖旧的配置文件

cp objs/nginx /usr/local/nginx/sbin/nginx

在nginx配置里写三个文件

1 是naxsi的规则配置文件

2 是naxsi的白名单配置文件

3 是naxsi的错误日志文件

（1） 在conf里配置一个naxsi的规则配置文件

vi mysite.rules

#LearningMode; #Enables learning mode

SecRulesEnabled;

#SecRulesDisabled;

DeniedUrl "/RequestDenied";

## check rules

CheckRule "$SQL >= 8" BLOCK;

CheckRule "$RFI >= 8" BLOCK;

CheckRule "$TRAVERSAL >= 4" BLOCK;

CheckRule "$EVADE >= 4" BLOCK;

CheckRule "$XSS >= 8" BLOCK;

（2）设置naxsi的白名单

vi naxsi_BasicRule.conf

BasicRule wl:0 "mz:$ARGS_VAR:id";
BasicRule wl:0 "mz:$ARGS_VAR:script";

（3）在nginx的logs里编辑一个foo.log错误文件，保存就好什么也不用写

在nginx.conf配置文件里

在http的server字段里增加一段话

        location /RequestDenied {
        return 403;
        }

        location / {

            root   html;

            index  index.html index.htm;

            include /usr/local/nginx/conf/mysite.rules;#读取配置规则

            error_log /usr/local/nginx/logs/foo.log;#错误日志位置
            include naxsi_BasicRule.conf;#设置白名单

         }

检查配置文件

 /usr/local/nginx/sbin/nginx -t

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

/usr/local/nginx/sbin/nginx -s reload

模仿攻击，看错误日志，中显示NAXSI_FMT说明配置成功

访问返回页面 403

日志foo.log显示 NAXSI_FMT说明拦截成功

设置白名单

 在conf里加一个文件配置规则

vi naxsi_BasicRule.conf

BasicRule wl:0 "mz:$ARGS_VAR:script";
BasicRule wl:0 "mz:$ARGS_VAR:id";
BasicRule wl:1000 "mz:$ARGS_VAR:foo|$URL:/bar";

在nginx.conf文件里也加入

location / {
root html;
index index.html index.htm;
include /usr/local/nginx/conf/mysite.rules;#读取配置规则
error_log /usr/local/nginx/logs/foo.log;#错误日志位置
include naxsi_BasicRule.conf;#设置白名单
}

检查配置文件重启nginx

访问出现404说明没有被拦截，日志也没有返回

白名单配置成功

nginx.conf的配置文件

worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
include /usr/local/nginx/conf/naxsi_core.rules;
default_type application/octet-stream;

server {
listen 443 ssl;
server_name www.fengxiao.xyz;#绑定证书的域名
ssl_certificate 1_www.fengxiao.xyz_bundle.crt;#证书
ssl_certificate_key 2_www.fengxiao.xyz.key;#秘钥
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;#ssl这个协议配置
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
include /usr/local/nginx/conf/mysite.rules;#读取配置规则
error_log /usr/local/nginx/logs/foo.log;#错误日志位置
include /usr/local/nginx/conf/naxsi_BasicRule.conf;#设置白名单
}
#跳转的403
location /RequestDenied {
return 403;
}

}

}

WAF的Naxsi配置成功

点一杯星巴克