ModSecurity模块的安装与规则配置
简介
ModSecurity是一个开源的、跨平台的Web应用防火墙(WAF),被称为WAF界的“瑞士军刀”。它可以通过检查Web服务接收到的数据,以及发送出去的数据来对网站进行安全防护。
功能介绍
- SQL Injection (SQLi):阻止SQL注入
- Cross Site Scripting (XSS):阻止跨站脚本攻击
- Local File Inclusion (LFI):阻止利用本地文件包含漏洞进行攻击
- Remote File Inclusione(RFI):阻止利用远程文件包含漏洞进行攻击
- Remote Code Execution (RCE):阻止利用远程命令执行漏洞进行攻击
- PHP Code Injectiod:阻止PHP代码注入
- HTTP Protocol Violations:阻止违反HTTP协议的恶意访问
- HTTPoxy:阻止利用远程代理感染漏洞进行攻击
- Sshllshock:阻止利用Shellshock漏洞进行攻击
- Session Fixation:阻止利用Session会话ID不变的漏洞进行攻击
- Scanner Detection:阻止黑客扫描网站
- Metadata/Error Leakages:阻止源代码/错误信息泄露
- Project Honey Pot Blacklist:蜜罐项目黑名单
- GeoIP Country Blocking:根据判断IP地址归属地来进行IP阻断
安装ModSecurity
安装依赖工具
1 | [root@RockyLinux9 ~]# dnf install -y unzip wget epel-release |
安装ModSecurity
1 |
|
配置模块ModSecurity-nginx
停止nginx服务
1
2[root@RockyLinux9 modsecurity]# systemctl stop nginx
[root@RockyLinux9 modsecurity]# ps -ef|grep nginx下载ModSecurity-nginx
1
2
3
4[root@RockyLinux9 ~]# cd /usr/local/
[root@RockyLinux9 local]# wget https://github.com/owasp-modsecurity/ModSecurity-nginx/releases/download/v1.0.3/modsecurity-nginx-v1.0.3.tar.gz
[root@RockyLinux9 local]# tar xf modsecurity-nginx-v1.0.3.tar.gz
[root@RockyLinux9 local]# mv modsecurity-nginx-v1.0.3 modsecurity-nginx查看依赖并重新编译nginx
1
2
3
4
5[root@RockyLinux9 modsecurity]# cd /root/nginx-1.26.0
[root@RockyLinux9 nginx-1.26.0]# nginx -V
# 添加--add-module=ModSecurity-nginx的路径
[root@RockyLinux9 nginx-1.26.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/usr/local/modsecurity-nginx
[root@RockyLinux9 nginx-1.26.0]# make && make instal启动nginx
1
[root@RockyLinux9 nginx-1.26.0]# systemctl start nginx
-
-
1 | [root@RockyLinux9 ~]# cd /usr/local/[root@RockyLinux9 local]# wget https://github.com/owasp-modsecurity/ModSecurity-nginx/releases/download/v1.0.3/modsecurity-nginx-v1.0.3.tar.gz[root@RockyLinux9 local]# tar xf modsecurity-nginx-v1.0.3.tar.gz[root@RockyLinux9 local]# mv modsecurity-nginx-v1.0.3 modsecurity-nginx |
-
-
-
-
1 | [root@RockyLinux9 modsecurity]# cd /root/nginx-1.26.0[root@RockyLinux9 nginx-1.26.0]# nginx -V# 添加--add-module=ModSecurity-nginx的路径[root@RockyLinux9 nginx-1.26.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/usr/local/modsecurity-nginx[root@RockyLinux9 nginx-1.26.0]# make && make instal |
启动nginx
1 | [root@RockyLinux9 nginx-1.26.0]# systemctl start nginx |
-
-
-
-
1 | [root@RockyLinux9 ~]# cd /usr/local/[root@RockyLinux9 local]# wget https://github.com/owasp-modsecurity/ModSecurity/releases/download/v3.0.12/modsecurity-v3.0.12.tar.gz[root@RockyLinux9 local]# tar xf modsecurity-v3.0.12.tar.gz[root@RockyLinux9 local]# mv modsecurity-v3.0.12 modsecurity[root@RockyLinux9 local]# cd modsecurity[root@RockyLinux9 modsecurity]# ./configure[root@RockyLinux9 modsecurity]# make && make install |
配置模块ModSecurity-nginx
停止nginx服务
1 | [root@RockyLinux9 modsecurity]# systemctl stop nginx[root@RockyLinux9 modsecurity]# ps -ef|grep nginx |
下载ModSecurity-nginx
1 | [root@RockyLinux9 ~]# cd /usr/local/[root@RockyLinux9 local]# wget https://github.com/owasp-modsecurity/ModSecurity-nginx/releases/download/v1.0.3/modsecurity-nginx-v1.0.3.tar.gz[root@RockyLinux9 local]# tar xf modsecurity-nginx-v1.0.3.tar.gz[root@RockyLinux9 local]# mv modsecurity-nginx-v1.0.3 modsecurity-nginx |
查看依赖并重新编译nginx
1 | [root@RockyLinux9 modsecurity]# cd /root/nginx-1.26.0[root@RockyLinux9 nginx-1.26.0]# nginx -V# 添加--add-module=ModSecurity-nginx的路径[root@RockyLinux9 nginx-1.26.0]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/usr/local/modsecurity-nginx[root@RockyLinux9 nginx-1.26.0]# make && make instal |
启动nginx
1 | [root@RockyLinux9 nginx-1.26.0]# systemctl start nginx |
模拟XSS攻击
- 模拟测试未启动ModSecurity时的访问效果
- URL:
http://linuxjsz.com/?param="<script>alert(1);</script>
- URL:
创建相关配置文件夹
1
2
3
4
5
6
7
8
9
10[root@RockyLinux9 nginx-1.26.0]# cd /usr/local
[root@RockyLinux9 local]# mkdir /usr/local/nginx/conf/modsecurity
# 下载规则文件
[root@RockyLinux9 local]# wget http://www.modsecurity.cn/download/corerule/owasp-modsecurity-crs-3.3-dev.zip
[root@RockyLinux9 local]# unzip owasp-modsecurity-crs-3.3-dev.zip
# 拷贝相关文件
[root@RockyLinux9 local]# cp -r /usr/local/owasp-modsecurity-crs-3.3-dev/rules/ /usr/local/nginx/conf/modsecurity/
[root@RockyLinux9 local]# cp /usr/local/owasp-modsecurity-crs-3.3-dev/crs-setup.conf.example /usr/local/nginx/conf/modsecurity/crs-setup.conf
[root@RockyLinux9 local]# cp /usr/local/modsecurity/modsecurity.conf-recommended /usr/local/nginx/conf/modsecurity/modsecurity.conf
[root@RockyLinux9 local]# cp /usr/local/modsecurity/unicode.mapping /usr/local/nginx/conf/modsecurity/修改nginx
在http或server段中添加如下内容(http段添加表示全局配置,server段添加表示执行对应网站地址配置)
1
2
3
4
5
6
7[root@RockyLinux9 local]# vim /usr/local/nginx/conf/nginx.conf
http {
...
modsecurity on;
modsecurity_rules_file /usr/local/nginx/conf/modsecurity/modsecurity.conf;
...
}
修改modsecurity.conf
1
2
3
4
5
6
7
8[root@RockyLinux9 local]# vim /usr/local/nginx/conf/modsecurity/modsecurity.conf
# 修改参数
7 #SecRuleEngine DetectionOnly
8 SecRuleEngine On
9
# 添加如下内容,加载相关规则及配置
10 Include /usr/local/nginx/conf/modsecurity/crs-setup.conf
11 Include /usr/local/nginx/conf/modsecurity/rules/*.conf重载nginx
1
[root@RockyLinux9 local]# nginx -s reload
查看浏览器,刷新,发现被拦截了
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 凉月の博客!
评论