nginx lua模块淘宝开发的nginx第三方模块,它能将lua言语嵌入到nginx装备中,然后运用lua就极大增强了nginx的才能.nginx以高并发而闻名,lua脚本简便,两者的调配可谓完美.

用处： 避免sql注入，本地包括，部分溢出，fuzzing测验，xss,SSRF等web进犯

避免svn/备份之类文件走漏

避免ApacheBench之类压力测验东西的进犯

屏蔽常见的扫描黑客东西，扫描器

屏蔽反常的网络恳求

屏蔽图片附件类目录php履行权限

避免webshell上传

体系:centos 6.4_x64

需求的软件:LuaJIT-2.0.3.tar.gz

tengine-2.1.0.tar.gz （nginx）

ngx_devel_kit-master.zip (ngx_devel_kit)

lua-nginx-module-master.zip (nginx_lua模块)

ngx_lua_waf-master.zip (waf战略 web运用防火墙)

yum -y install gcc gcc-c++ ncurses-devel libxml2-devel openssl-devel curl-devel libjpeg-devel libpng-devel autoconf pcre-devel libtool-libs freetype-devel gd zlib-devel zip unzip wget crontabs iptables file bison cmake patch mlocate flex diffutils automake make readline-devel glibc-devel glibc-static glib2-devel bzip2-devel gettext-devel libcap-devel logrotate ntp libmcrypt-devel GeoIP*

装置LuaJIT 2.0

tar zxf LuaJIT-2.0.0.tar.gz

cd LuaJIT-2.0.0

make && make install

再来设置环境变量(这是给后边nginx编译的时分运用的):

vi /etc/profile

export LUAJIT_LIB=/usr/local/lib

export LUAJIT_INC=/usr/local/include/luajit-2.0

export LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH

source /etc/profile

装置nginx

tar zxvf tengine-2.1.0.tar.gz

cd tengine-2.1.0

./configure --user=www --group=www --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-pcre=/root/lnmp/pcre-8.20 --with-google_perftools_module --with-http_realip_module --with-poll_module --with-select_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_slice_module --with-http_mp4_module --with-http_gzip_static_module --with-http_concat_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_sysguard_module --with-http_browser_module=shared --with-http_user_agent_module=shared --with-http_upstream_ip_hash_module=shared --with-http_upstream_least_conn_module=shared --with-http_upstream_session_sticky_module=shared --with-http_addition_module=shared --with-http_xslt_module=shared --with-http_image_filter_module=shared --with-http_sub_module=shared --with-http_flv_module=shared --with-http_slice_module=shared --with-http_mp4_module=shared --with-http_concat_module=shared --with-http_random_index_module=shared --with-http_secure_link_module=shared --with-http_sysguard_module=shared --with-http_charset_filter_module=shared --with-http_userid_filter_module=shared --with-http_footer_filter_module=shared --with-http_trim_filter_module=shared --with-http_access_module=shared --with-http_autoindex_module=shared --with-http_map_module=shared --with-http_split_clients_module=shared --with-http_referer_module=shared --with-http_uwsgi_module=shared --with-http_scgi_module=shared --with-http_memcached_module=shared --with-http_limit_conn_module=shared --with-http_limit_req_module=shared --with-http_empty_gif_module=shared

make && make install

ln -s /usr/local/lib/libluajit-5.1.so.2 /lib64/libluajit-5.1.so.2

然后创立下面文件夹

mkdir -p /data/logs/{client_body,hack}

chown -R www:www /data

chmod -R 755 /data

解压ngx lua waf-master.zip

unzip ngx_lua_waf-master.zip

mv ngx_lua_waf-master/* /usr/local/webserver/nginx/conf/

vi /usr/local/webserver/nginx/conf/config.lua

RulePath = waf的途径--规矩寄存目录

logdir = 日志记载地址--log存储目录，该目录需求用户自己新建，切需求nginx用户的可写权限

attacklog = "off" --是否敞开进犯信息记载，需求装备logdir

UrlDeny="on" --是否阻拦url拜访

Redirect="on" --是否阻拦后重定向

CookieMatch = "on" --是否阻拦cookie进犯

postMatch = "on" --是否阻拦post进犯

whiteModule = "on" --是否敞开URL白名单

[1] [2]  黑客接单网