实时警报通知:微信告警通知的重要性解析
870
2023-03-09
openresty实现WAF功能
本站部分文章、图片属于网络上可搜索到的公开信息,均用于学习和交流用途,不能代表睿象云的观点、立场或意见。我们接受网民的监督,如发现任何违法内容或侵犯了您的权益,请第一时间联系小编邮箱jiasou666@gmail.com 处理。
openresty实现WAF功能
1、系统基础信息
[root@tiejiang-src1 ~]# ifconfig eth0|grep 'inet addr'|awk -F ":" '{print $2}'|awk '{print $1}'192.168.83.129[root@tiejiang-src1 ~]# cat /etc/redhat-releaseCentOS release 6.5 (Final)[root@tiejiang-src1 ~]# uname -r2.6.32-431.el6.x86_64[root@-src1 ~]# ifconfig eth0|grep 'inet addr'|awk -F ":" '{print $2}'|awk '{print $1}'192.168.83.129[root@-src1 ~]# cat /etc/redhat-releaseCentOS release 6.5 (Final)[root@-src1 ~]# uname -r2.6.32-431.el6.x86_64
2、安装基础依赖包
[root@tiejiang-src1 ~]# yum install -y readline-devel pcre-devel openssl-devel
[root@-src1 ~]# yum install -y readline-devel pcre-devel openssl-devel
3、下载并编译安装openresty
4、测试openresty安装
[root@tiejiang-src1 ~]# vim /usr/local/openresty/nginx/conf/nginx.conf server { location /hello { default_type text/html; content_by_lua_block { ngx.say("HelloWorld") } } }[root@tiejiang-src1 ~]# /usr/local/openresty/nginx/sbin/nginx -t nginx: the configuration file /usr/local/openresty-1.9.3.2/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/openresty-1.9.3.2/nginx/conf/nginx.conf test is successful[root@tiejiang-src1 ~]# /usr/local/openresty/nginx/sbin/nginx[root@-src1 ~]# vim /usr/local/openresty/nginx/conf/nginx.conf server { location /hello { default_type text/html; content_by_lua_block { ngx.say("HelloWorld") } } }[root@-src1 ~]# /usr/local/openresty/nginx/sbin/nginx -t nginx: the configuration file /usr/local/openresty-1.9.3.2/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/openresty-1.9.3.2/nginx/conf/nginx.conf test is successful[root@-src1 ~]# /usr/local/openresty/nginx/sbin/nginx
5、WAF部署:在github上克隆下代码
7、根据日志记录位置,创建日志目录
二、启用waf并做测试
检测顺序:先检查白名单,通过即不检测;再检查黑名单,不通过即拒绝,检查UA,UA不通过即拒绝;检查cookie;URL检查;URL参数检查,post检查;
日志显示如下,记录了UA,匹配规则,URL,客户端类型,攻击的类型,请求的数据
[root@tiejiang-src1 ~]# tail -f /tmp/2018-07-30_waf.log {"user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/67.0.3396.99 Safari\/537.36","rule_tag":"\\.(bak|inc|old|mdb|sql|backup|java|class|tgz|gz|tar|zip)$","req_url":"\/eastmonet.sql","client_ip":"192.168.83.1","local_time":"2018-07-30 10:46:52","attack_method":"Deny_URL","req_data":"-","server_name":"localhost"}[root@-src1 ~]# tail -f /tmp/2018-07-30_waf.log {"user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/67.0.3396.99 Safari\/537.36","rule_tag":"\\.(bak|inc|old|mdb|sql|backup|java|class|tgz|gz|tar|zip)$","req_url":"\/eastmonet.sql","client_ip":"192.168.83.1","local_time":"2018-07-30 10:46:52","attack_method":"Deny_URL","req_data":"-","server_name":"localhost"}
2、使用ab压力测试工具模拟防CC攻击
[root@tiejiang-src2 ~]# ifconfig eth0|grep 'inet addr'|awk -F ":" '{print $2}'|awk '{print $1}'192.168.83.131[root@-src2 ~]# ifconfig eth0|grep 'inet addr'|awk -F ":" '{print $2}'|awk '{print $1}'192.168.83.131
将对方IP放入黑名单
[root@tiejiang-src1 ~]# echo 192.168.83.131 >> /usr/local/openresty/nginx/conf/waf/rule-config/blackip.rule[root@tiejiang-src1 ~]# /usr/local/openresty/nginx/sbin/nginx -s reload
[root@-src1 ~]# echo 192.168.83.131 >> /usr/local/openresty/nginx/conf/waf/rule-config/blackip.rule[root@-src1 ~]# /usr/local/openresty/nginx/sbin/nginx -s reload
将对方IP放入白名单
[root@tiejiang-src1 ~]# echo 192.168.83.131 >> /usr/local/openresty/nginx/conf/waf/rule-config/whiteip.rule[root@tiejiang-src1 ~]# /usr/local/openresty/nginx/sbin/nginx -s reload
[root@-src1 ~]# echo 192.168.83.131 >> /usr/local/openresty/nginx/conf/waf/rule-config/whiteip.rule[root@-src1 ~]# /usr/local/openresty/nginx/sbin/nginx -s reload
此时将不对此ip进行任何防护措施,所以sql注入时应该返回404
目录:
waf目录:/usr/local/openresty/nginx/conf/waflua配置文件:/usr/local/openresty/nginx/conf/waf/config.luaWaf的ip黑名单:/usr/local/openresty/nginx/conf/waf/rule-config/blackip.ruleWaf的ip白名单:/usr/local/openresty/nginx/conf/waf/rule-config/whiteip.ruleWaf的规则存放目录:/usr/local/openresty/nginx/conf/waf/rule-config
waf目录:/usr/local/openresty/nginx/conf/waflua配置文件:/usr/local/openresty/nginx/conf/waf/config.luaWaf的ip黑名单:/usr/local/openresty/nginx/conf/waf/rule-config/blackip.ruleWaf的ip白名单:/usr/local/openresty/nginx/conf/waf/rule-config/whiteip.ruleWaf的规则存放目录:/usr/local/openresty/nginx/conf/waf/rule-config
相关文章
发表评论
暂时没有评论,来抢沙发吧~