Nginx+Lua’s secure waf firewall
Take a look at what others have written: https://github.com/loveshell/ngx_lua_waf
First install git: yum -y install git
Execute under /opt/download: git clone https://github.com/loveshell/ngx_lua_waf.git< /p>
If you can’t clone here, download it manually Then upload it to the server
Clone it down Move all the files under ngx_lua_waf to /etc/nginx/waf
Modify the Two paths
The file under wafconf is the interception rule for each location, which can be added and modified according to the actual situation
Integrate this lua script: add it to nginx.conf The following four lines of configuration
lua_package_path “/etc/nginx/waf/?.lua”;
lua_shared_dict limit 10m;
init_by_lua_file /etc/nginx/waf/init.lua;
access_by_lua_file /etc/nginx/waf/waf.lua;
p>
Check the syntax , And reload
nginx -tc /etc/nginx/nginx.conf
nginx -s reload -c /etc/nginx/nginx.conf
Visit the previous SQL injection page, and inject SQL again, it is still successful. This is because there is no configuration in the firewall rules. This rule
< p>Add a new rule: \sor\s+
Restart nginx
Injected SQL again and was blocked
< p>Normal users can log in
/p>
CCDeny of waf firewall: used to control the frequency of single IP access
Restart nginx< /p>
Try to visit a matched one first URL, see if you can access it, if you can’t access it, see where it is mismatched
Run a concurrent session, and then visit the url, it will return 503, that is, it has been controlled by CCDeny
< img alt="Share a picture" src="/wp-content/uploads/images/opensource/nginx/1626813731841.png" >