给OpenResty增加Waf防火墙功能
准备资源:
Linux服务器
OpenResty
进入到openresty安装目录,默认安装目录为:/usr/local/openresty
建立目标目录
mkdir -p /usr/local/openresty/nginx/conf/waf
建立源目录
mkdir -p /root/source
克隆项目
cd /root/source 境外服务器: git clone https://github.com/unixhot/waf 国内服务器: git clone https://ghproxy.com/https://github.com/unixhot/waf
拷贝目录到指定文件夹
cp -r /root/source/waf/waf /usr/local/openresty/nginx/conf/
建立软连接
ln -s /usr/local/openresty/lualib/resty/ /usr/local/openresty/nginx/conf/waf/resty
配置nginx文件
vim /usr/local/openresty/nginx/conf/nginx.conf 增加一下配置 # 在http{}中增加,注意路径,同时WAF日志默认存放在/tmp/日期_waf.log lua_shared_dict limit 50m; lua_package_path "/usr/local/openresty/nginx/conf/waf/?.lua"; init_by_lua_file "/usr/local/openresty/nginx/conf/waf/init.lua"; access_by_lua_file "/usr/local/openresty/nginx/conf/waf/access.lua";
检查nginx配置文件是否有错误
/usr/local/openresty/nginx/sbin/nginx -t
热重载Nginx服务
/usr/local/openresty/nginx/sbin/nginx -s reload