给OpenResty增加Waf防火墙功能

给OpenResty增加Waf防火墙功能

给OpenResty增加Waf防火墙功能

  • 准备资源:

    1. Linux服务器

    2. Waf防火墙:https://github.com/unixhot/waf

    3. OpenResty

  • 进入到openresty安装目录,默认安装目录为:/usr/local/openresty

  • 建立目标目录

    mkdir -p /usr/local/openresty/nginx/conf/waf
  • 建立源目录

    mkdir -p /root/source
  • 克隆项目

    cd /root/source
    境外服务器:
    git clone https://github.com/unixhot/waf
    国内服务器:
    git clone https://ghproxy.com/https://github.com/unixhot/waf
  • 拷贝目录到指定文件夹

    cp -r /root/source/waf/waf /usr/local/openresty/nginx/conf/
  • 建立软连接

    ln -s /usr/local/openresty/lualib/resty/ /usr/local/openresty/nginx/conf/waf/resty
  • 配置nginx文件

    vim /usr/local/openresty/nginx/conf/nginx.conf
    ​
    增加一下配置
    ​
    # 在http{}中增加,注意路径,同时WAF日志默认存放在/tmp/日期_waf.log
    ​
    lua_shared_dict limit 50m;
    lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua";
    init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua";
    access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
  • 检查nginx配置文件是否有错误

    /usr/local/openresty/nginx/sbin/nginx -t
  • 热重载Nginx服务

    /usr/local/openresty/nginx/sbin/nginx -s reload
Comment