Nginx's Security Foundation (Nginx+waf+lua)

Thanks for the documentation provided by the great Gods online.

nginx WAF +lua Security Module , Web application firewall on Nginx

Required Software:

1, Luajit download website: http://luajit.org (current stable version: 2.0.4)
2, Ngx_devel_kit-0.2.19.tar
3, Lua-nginx-module-0.9.5rc2.tar
4, Master.zip
5, Nginx
Optimized Nginx Package
1, Libunwind
2, Gperftools

First, install the Luajit

TAR-ZXVF LuaJIT.tar.gz

Make

Make Install

Post-installation Lib,include directly in/usr/local/lib and/usr/local/include

Second, decompression Ngx_devel_kit, Lua-nginx-module

Third, set environment variables

Export Luajit_lib=/usr/local/lib
export luajit_inc=/usr/local/include/luajit-2.0
export ld_library_path=/usr/local/lib/: $LD _library_path

Iv. Installing Nginx (version 1.6.1, failed in 1.9.4)

4.1 Optimized Nginx

vim/usr/local/src/nginx-1.6.1/auto/cc/gcc

Note: #debug
#CFLAGS = "$CFLAGS-G"

Explanation: Close Nginx Debug module, reduce NGINX installation package size

4.2 Optimized Nginx

Explanation: Optimize nginx performance, improve memory allocation efficiency and speed a lot, reduce load. Need to install Libunwind and Gperftools

4.2. 1 Mounting Libunwind

Tar-xf/usr/local/src/libunwind.tar.gz

Cd/usr/local/src/libunwind
Cflags=-fpic./configure
Make Cflags=-fpic
Make Cflags=-fpic Install

4.2.2 Installation Gperftools

Tar-xf/usr/local/src/gperftools.tar.gz
Cd/usr/local/src/gperftools
Make && make install

Mkdir/tmp/tcmalloc//Create Tcmalloc thread to write to file
chmod 777/tmp/tcmalloc

echo "/usr/local/lib" >/etc/ld.so.conf.d/usr_local_lib.conf #使nginx. conf configuration google_perftools_profiles in effect

4.2.3 Installing Nginx

Cd/usr/local/src/nginx-1.6.1/

For example: Production environment: note ngx_devel_kit-0.2.19, LUA-NGINX-MODULE-0.9.5RC2 path must be correct
--prefix=/usr/local/nginx--user=nginx--group=nginx--with-http_stub_status_module--with-http_ssl_module-- With-file-aio--with-http_realip_module--add-module=/usr/local/nginx_upstream_check_module-master--with-http_ Stub_status_module--add-module=/usr/local/src/ngx_devel_kit-0.2.19--add-module=/usr/local/src/ Lua-nginx-module-0.9.5rc2--with-google_perftools_module
make && make install

4.2.4 Increase Ngx_lua_waf_master

Unzip-o/usr/local/src/ngx_lua_waf_master.zip
Mv/usr/local/src/ngx_lua_waf_master/usr/local/nginx/conf/waf

#创建文件夹存放waf日志, write permission is required
mkidr/home/nignx_waf_log/
chmod 777/home/nginx_waf_log/

Vim/usr/local/src/nginx/conf/waf/conf.lua
Rulepath = "/usr/local/nginx-help/conf/waf/wafconf/" #指定waf规则存放文件夹
logdir = "/home/nginx_waf_log" #指定waf日志存放地

Vim/usr/local/nginx/conf/nginx.conf
#在pid下添加, Support Gperftools Library
Google_perftools_profiles/tmp/tcmalloc/tcmalloc.;
#在http add
Lua_package_path "/usr/local/nginx/conf/waf/?" Lua ";
Lua_shared_dict limit 10m;
Init_by_lua_file/usr/local/nginx/conf/waf/init.lua;
Access_by_lua_file/usr/local/nginx/conf/waf/waf.lua;

and start the nginx.
Add the URL after the site sub-connection? id=. /etc/passwd; see if a firewall blocking page appears
Lsof-n | Greo Tcmalloc See if Gperftools is working

In a formal use, the WAF modules available on the www.wooyun.org, the rules are modified to suit your needs

The above describes the Nginx Security Foundation (Nginx+waf+lua), including the aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

