• Openresty+ngx_lua_waf安装

    环境:Centos6.5

    1.安装openresty 

    2.安装Luagit

    # cd /root/
# wget http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz
# tar -xvf LuaJIT-2.1.0-beta3.tar.gz
# cd LuaJIT-2.1.0-beta3/
# make && make install
# ln -sf luajit-2.1.0-beta3 /usr/local/bin/luajit

    3.Github下载ngx_lua_waf

    cd /root/
    git clone https://github.com/loveshell/ngx_lua_waf.git  git下载 | 去官网下载安装包后通过ftp工具上传后解压

    未安装git就先安装 yum install git

    4.配置ngx_lua_waf,修改openresty配置文件

    # vim /usr/local/openresty/nginx/conf/nginx.conf
...
user nobody;     # 取消注释,或者指定用户,如 user root;
...
http{            # 在http块下添加如下内
...

lua_package_path "/root/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file  /root/waf/init.lua;
access_by_lua_file /root/waf/waf.lua;

...

    5.新建waf的日志目录

    cd /usr/local/openresty/nginx/logs
    mkdir hack
    chown -R nobody:nobody  /usr/local/openresty/nginx/logs/hack/

    6.修改ngx_lua_waf配置

    # cd /root/waf/     # ngx_lua_waf目录
# vim config.lua
...
RulePath = "/root/waf/wafconf/"    # 规则文件路径
attacklog = "on"                                             # 启用日志
logdir = "/usr/local/openresty/nginx/logs/hack/"             # 日志目录
...

    7.启动openresty

    # /usr/local/openresty/bin/openresty               # 如果没有启动服务,则启动
# /usr/local/openresty/bin/openresty -s reload     # 如果已经启动,则重载配置
# /usr/local/openresty/bin/openresty -t            # 测试配置是否正常

    或者
    ./usr/local/openresty/nginx/sbin/nginx

    启动时我遇到的问题:

    1.错误原因是找不到lualib库和resty模块,默认到/usr/local/lib/ 去找lualib,然而在编译安装OpenResty时lualib库默认放到/usr/local/openresty/lualib

     具体操作:

    ln -s /usr/local/openresty/lualib /usr/local/lib/lua
ln -s /usr/local/openresty/lualib/resty /root/waf/
    ln -s /usr/local/openresty/lualib/resty /root/waf/resty

    2. 访问openresty首页时,总是404,查看nginx的error.log日志发现,没权限访问:

    2020/04/16 17:10:15 [error] 23775#0: *1 failed to load external Lua file "/root/waf/waf.lua": cannot open /root/waf/waf.lua: Permission denied

    修改nginx.conf文件中的 user nobody 为具体用户

    #user nobody;
    user root;

    继续访问首页:

    http://openresty的IP地址/?id=x.sql

     部署成功!!!
  • 相关阅读:
    字典序算法
    C语言中strcpy,strcmp,strlen,strcat函数原型
    堆和栈概念整理
    distribution counting—a sorting method from aocp
    矩阵访问测试
    一个很大的数组,如何高效的把零都移到前面
    poj1083
    AXD+HJTAG环境搭建总结
    软件断点和硬件断点的区别和数量限制
    Ubuntu下用as汇编器编写hello.S文件
  • 原文地址:https://www.cnblogs.com/wangfajun/p/12714391.html
Copyright © 2020-2023  润新知