{"id":249,"date":"2026-01-23T09:12:33","date_gmt":"2026-01-23T09:12:33","guid":{"rendered":"https:\/\/blog.gpst.net.cn:4008\/?p=249"},"modified":"2026-01-28T06:24:14","modified_gmt":"2026-01-28T06:24:14","slug":"nginx%e8%bf%90%e7%bb%b4-%e5%ae%89%e8%a3%85waf%e9%98%b2%e7%81%ab%e5%a2%99","status":"publish","type":"post","link":"https:\/\/opshub.com.cn\/?p=249","title":{"rendered":"nginx\u8fd0\u7ef4\u2014\u2014\u5b89\u88c5WAF\u9632\u706b\u5899"},"content":{"rendered":"\n<p>1.\u5b89\u88c5modsecurity<\/p>\n\n\n\n<p>\u4e2d\u6587 \u793e\u533a\uff1a<\/p>\n\n\n\n<p><a href=\"http:\/\/www.modsecurity.cn\/\">http:\/\/www.modsecurity.cn\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ModSecurity\u529f\u80fd\u4ecb\u7ecd<\/h2>\n\n\n\n<p>SQL Injection (SQLi)\uff1a\u963b\u6b62SQL\u6ce8\u5165<\/p>\n\n\n\n<p>Cross Site Scripting (XSS)\uff1a\u963b\u6b62\u8de8\u7ad9\u811a\u672c\u653b\u51fb<\/p>\n\n\n\n<p>Local File Inclusion (LFI)\uff1a\u963b\u6b62\u5229\u7528\u672c\u5730\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb<\/p>\n\n\n\n<p>Remote File Inclusione(RFI)\uff1a\u963b\u6b62\u5229\u7528\u8fdc\u7a0b\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb<\/p>\n\n\n\n<p>Remote Code Execution (RCE)\uff1a\u963b\u6b62\u5229\u7528\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb<\/p>\n\n\n\n<p>PHP Code Injectiod\uff1a\u963b\u6b62PHP\u4ee3\u7801\u6ce8\u5165<\/p>\n\n\n\n<p>HTTP Protocol Violations\uff1a\u963b\u6b62\u8fdd\u53cdHTTP\u534f\u8bae\u7684\u6076\u610f\u8bbf\u95ee<\/p>\n\n\n\n<p>HTTPoxy\uff1a\u963b\u6b62\u5229\u7528\u8fdc\u7a0b\u4ee3\u7406\u611f\u67d3\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb<\/p>\n\n\n\n<p>Sshllshock\uff1a\u963b\u6b62\u5229\u7528Shellshock\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb<\/p>\n\n\n\n<p>Session Fixation\uff1a\u963b\u6b62\u5229\u7528Session\u4f1a\u8bddID\u4e0d\u53d8\u7684\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb<\/p>\n\n\n\n<p>Scanner Detection\uff1a\u963b\u6b62\u9ed1\u5ba2\u626b\u63cf\u7f51\u7ad9<\/p>\n\n\n\n<p>Metadata\/Error Leakages\uff1a\u963b\u6b62\u6e90\u4ee3\u7801\/\u9519\u8bef\u4fe1\u606f\u6cc4\u9732<\/p>\n\n\n\n<p>Project Honey Pot Blacklist\uff1a\u871c\u7f50\u9879\u76ee\u9ed1\u540d\u5355<\/p>\n\n\n\n<p>GeoIP Country Blocking\uff1a\u6839\u636e\u5224\u65adIP\u5730\u5740\u5f52\u5c5e\u5730\u6765\u8fdb\u884cIP\u963b\u65ad<\/p>\n\n\n\n<p>\u4e0b\u8f7d\u5730\u5740\uff1a<a href=\"https:\/\/github.com\/owasp-modsecurity\/ModSecurity\/releases\/download\/v3.0.12\/modsecurity-v3.0.12.tar.gz\">https:\/\/github.com\/owasp-modsecurity\/ModSecurity\/releases\/download\/v3.0.12\/modsecurity-v3.0.12.tar.gz<\/a><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-get install libtool\ncd modsecurity-v3.0.12\n.\/build.sh\n.\/configure\nmake -j 6 &amp;&amp; make install<\/code><\/pre>\n\n\n\n<p>2.\u7f16\u8bd1nginx\u65f6\u6dfb\u52a0&nbsp; ModSecurity-nginx\u6a21\u5757<\/p>\n\n\n\n<p>\u4e0b\u8f7d\u5730\u5740\uff1a<a href=\"https:\/\/github.com\/owasp-modsecurity\/ModSecurity-nginx\/releases\/download\/v1.0.3\/modsecurity-nginx-v1.0.3.tar.gz\">https:\/\/github.com\/owasp-modsecurity\/ModSecurity-nginx\/releases\/download\/v1.0.3\/modsecurity-nginx-v1.0.3.tar.gz<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/nginx.org\/download\/nginx-1.24.0.tar.gz\">https:\/\/nginx.org\/download\/nginx-1.24.0.tar.gz<\/a><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd nginx-1.24.0\n.\/configure --prefix=\/opt\/nginx --with-http_ssl_module --with-openssl=\/root\/openssl-3.0.13 --with-http_mp4_module --with-http_flv_module --add-module=\/root\/modsecurity-nginx-v1.0.3\nmake -j 6 &amp;&amp; make install<\/code><\/pre>\n\n\n\n<p>3.\u914d\u7f6eModSecurity\u5b89\u5168\u89c4\u5219<\/p>\n\n\n\n<p>\u89c4\u5219\u96c6\u4e0b\u8f7d\u5730\u5740\uff1a<a href=\"https:\/\/github.com\/coreruleset\/coreruleset\/archive\/refs\/tags\/v4.0.0.tar.gz\">https:\/\/github.com\/coreruleset\/coreruleset\/archive\/refs\/tags\/v4.0.0.tar.gz<\/a><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir -p \/etc\/nginx\/modsec\ncp \/root\/modsecurity-v3.0.12\/modsecurity.conf-recommended \/etc\/nginx\/modsec\/modsecurity.conf\ncp \/root\/modsecurity-v3.0.12\/unicode.mapping \/etc\/nginx\/modsec\/\ncp coreruleset-4.0.0\/crs-setup.conf.example \/etc\/nginx\/modsec\/crs-setup.conf\ncp -r coreruleset-4.0.0\/rules \/etc\/nginx\/modsec\/\ncd \/etc\/nginx\/modsec\/rules\/\nmv REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf\nmv RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf<\/code><\/pre>\n\n\n\n<p>4.\u7f16\u8f91nginx.conf<\/p>\n\n\n\n<p>\u5728http\u6216server\u8282\u70b9\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff08\u5728http\u8282\u70b9\u6dfb\u52a0\u8868\u793a\u5168\u5c40\u914d\u7f6e\uff0c\u5728server\u8282\u70b9\u6dfb\u52a0\u8868\u793a\u4e3a\u6307\u5b9a\u7f51\u7ad9\u914d\u7f6e\uff09\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>server {\n    listen 8123 ssl;\n    server_name bbs.apollo-sun.online;\n    ssl_certificate config.d\/ssl\/bbs.apollo-sun.online.cer;\n    ssl_certificate_key config.d\/ssl\/bbs.apollo-sun.online.key;\n    ssl_session_cache    shared:SSL:1m;\n    ssl_session_timeout  5m;\n    ssl_ciphers  HIGH:!aNULL:!MD5;\n    ssl_prefer_server_ciphers  on;\n    <mark style=\"color:#f20a0a\" class=\"has-inline-color\">ModSecurityEnabled on; \/\/\u8001\u7248\u672cnginx\u914d\u7f6e\u4f8b\u59821.16\n    ModSecurityConfig \/etc\/nginx\/modsec\/modsecurity.conf;<\/mark>\n    <mark style=\"color:#1608f4\" class=\"has-inline-color\">modsecurity on; \/\/\u65b0\u7248\u672cnginx\u914d\u7f6e\u4f8b\u59821.24\n    modsecurity_rules_file \/etc\/nginx\/modsec\/modsecurity.conf;<\/mark>\n\n\n\n\n    location \/ {\n        root  \/data\/database\/webroot\/bbs;\n        index index.html index.php;\n    }\n\n\n\n\n    location ~ \\.php$ {\n        root  \/data\/database\/webroot\/bbs;\n        fastcgi_pass   127.0.0.1:9000;\n        fastcgi_index  index.php;\n        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;\n        include        fastcgi_params;\n    }\n\n\n\n\n    location \/video\/ {\n        alias \/data\/database\/video\/;\n        mp4;\n        mp4_max_buffer_size   5m;\n    }\n}<\/code><\/pre>\n\n\n\n<p>5.\u7f16\u8f91modsecurity.conf<\/p>\n\n\n\n<p>SecRuleEngine DetectionOnly\u6539\u4e3aSecRuleEngine On<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SecRuleEngine On<\/code><\/pre>\n\n\n\n<p>\u540c\u65f6\u5728\u6587\u4ef6\u672b\u5c3e\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Include \/etc\/nginx\/modsec\/crs-setup.conf\nInclude \/etc\/nginx\/modsec\/rules\/*.conf<\/code><\/pre>\n\n\n\n<p>\u8bb0\u5f55\u5ba1\u8ba1\u65e5\u5fd7\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Log everything we know about a transaction.\n#SecAuditLogParts ABIJDEFHZ\nSecAuditLogParts ABCDEFHZ<\/code><\/pre>\n\n\n\n<p>6.\u89c4\u5219\u6d4b\u8bd5\uff1a<\/p>\n\n\n\n<p># A test rule<\/p>\n\n\n\n<p>SecRule ARGS:testparam &#8220;@contains test&#8221; &#8220;id:1234,deny,log,status:403&#8221;<\/p>\n\n\n\n<p>curl -D &#8211; &#8220;<a href=\"https:\/\/bbs.apollo-sun.online:8123\/foo?testparam=thisisatestofmodsecurity\">https:\/\/bbs.apollo-sun.online:8123\/foo?testparam=thisisatestofmodsecurity<\/a>&#8220;<\/p>\n\n\n\n<p>HTTP\/1.1 403 Forbidden<\/p>\n\n\n\n<p>Server: nginx\/1.24.0<\/p>\n\n\n\n<p>Date: Wed, 06 Mar 2024 07:52:25 GMT<\/p>\n\n\n\n<p>Content-Type: text\/html<\/p>\n\n\n\n<p>Content-Length: 153<\/p>\n\n\n\n<p>Connection: keep-alive<\/p>\n\n\n\n<p>&lt;html&gt;<\/p>\n\n\n\n<p>&lt;head&gt;&lt;title&gt;403 Forbidden&lt;\/title&gt;&lt;\/head&gt;<\/p>\n\n\n\n<p>&lt;body&gt;<\/p>\n\n\n\n<p>&lt;center&gt;&lt;h1&gt;403 Forbidden&lt;\/h1&gt;&lt;\/center&gt;<\/p>\n\n\n\n<p>&lt;hr&gt;&lt;center&gt;nginx\/1.24.0&lt;\/center&gt;<\/p>\n\n\n\n<p>&lt;\/body&gt;<\/p>\n\n\n\n<p>&lt;\/html&gt;<\/p>\n\n\n\n<p>\/var\/log\/modsec_audit.log:<\/p>\n\n\n\n<p>&#8212;882F3amP&#8212;A&#8211;<\/p>\n\n\n\n<p>[06\/Mar\/2024:15:52:25 +0800] 170971154554.044799 192.168.23.1 44880 192.168.23.4 8123<\/p>\n\n\n\n<p>&#8212;882F3amP&#8212;B&#8211;<\/p>\n\n\n\n<p>GET \/foo?testparam=thisisatestofmodsecurity HTTP\/1.1<\/p>\n\n\n\n<p>Host: bbs.apollo-sun.online:8123<\/p>\n\n\n\n<p>User-Agent: curl\/7.88.1<\/p>\n\n\n\n<p>Accept: *\/*<\/p>\n\n\n\n<p>&#8212;882F3amP&#8212;D&#8211;<\/p>\n\n\n\n<p>&#8212;882F3amP&#8212;F&#8211;<\/p>\n\n\n\n<p>HTTP\/1.1 403<\/p>\n\n\n\n<p>&#8212;882F3amP&#8212;H&#8211;<\/p>\n\n\n\n<p>ModSecurity: Access denied with code 403 (phase 1). Matched &#8220;Operator `Contains&#8217; with parameter `test&#8217; against variable `ARGS:testparam&#8217; (Value: `thisisatestofmodsecurity&#8217; ) [file &#8220;\/etc\/nginx\/modsec\/modsecurity.conf&#8221;] [line &#8220;276&#8221;] [id &#8220;1234&#8221;] [rev &#8220;&#8221;] [msg &#8220;&#8221;] [data &#8220;&#8221;] [severity &#8220;0&#8221;] [ver &#8220;&#8221;] [maturity &#8220;0&#8221;] [accuracy &#8220;0&#8221;] [hostname &#8220;192.168.23.4&#8221;] [uri &#8220;\/foo&#8221;] [unique_id &#8220;170971154554.044799&#8221;] [ref &#8220;o7,4v19,24&#8221;]<\/p>\n\n\n\n<p>&#8212;882F3amP&#8212;Z&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.\u5b89\u88c5modsecurity \u4e2d\u6587 \u793e\u533a\uff1a http:\/\/www.modsecurity.cn\/ ModSecurity\u529f\u80fd\u4ecb\u7ecd SQL Injection (SQLi)\uff1a\u963b\u6b62SQL\u6ce8\u5165 Cross Site Scripting (XSS)\uff1a\u963b\u6b62\u8de8\u7ad9\u811a\u672c\u653b\u51fb Local File Inclusion (LFI)\uff1a\u963b\u6b62\u5229\u7528\u672c\u5730\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb Remote File Inclusione(RFI)\uff1a\u963b\u6b62\u5229\u7528\u8fdc\u7a0b\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb Remote Code Execution (RCE)\uff1a\u963b\u6b62\u5229\u7528\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb PHP Code Injectiod\uff1a\u963b\u6b62PHP\u4ee3\u7801\u6ce8\u5165 HTTP Protocol Violations\uff1a\u963b\u6b62\u8fdd\u53cdHTTP\u534f\u8bae\u7684\u6076\u610f\u8bbf\u95ee HTTPoxy\uff1a\u963b\u6b62\u5229\u7528\u8fdc\u7a0b\u4ee3\u7406\u611f\u67d3\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb Sshllshock\uff1a\u963b\u6b62\u5229\u7528Shellshock\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb Session Fixation\uff1a\u963b\u6b62\u5229\u7528Session\u4f1a\u8bddID\u4e0d\u53d8\u7684\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb Scanner Detection\uff1a\u963b\u6b62\u9ed1\u5ba2\u626b\u63cf\u7f51\u7ad9 Metadata\/Error Leakages\uff1a\u963b\u6b62\u6e90\u4ee3\u7801\/\u9519\u8bef\u4fe1\u606f\u6cc4\u9732 Project Honey Pot Blacklist\uff1a\u871c\u7f50\u9879\u76ee\u9ed1\u540d\u5355 GeoIP Country Blocking\uff1a\u6839\u636e\u5224\u65adIP\u5730\u5740\u5f52\u5c5e\u5730\u6765\u8fdb\u884cIP\u963b\u65ad \u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/github.com\/owasp-modsecurity\/ModSecurity\/releases\/download\/v3.0.12\/modsecurity-v3.0.12.tar.gz 2.\u7f16\u8bd1nginx\u65f6\u6dfb\u52a0&nbsp; ModSecurity-nginx\u6a21\u5757 \u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/github.com\/owasp-modsecurity\/ModSecurity-nginx\/releases\/download\/v1.0.3\/modsecurity-nginx-v1.0.3.tar.gz https:\/\/nginx.org\/download\/nginx-1.24.0.tar.gz 3.\u914d\u7f6eModSecurity\u5b89\u5168\u89c4\u5219 \u89c4\u5219\u96c6\u4e0b\u8f7d\u5730\u5740\uff1ahttps:\/\/github.com\/coreruleset\/coreruleset\/archive\/refs\/tags\/v4.0.0.tar.gz 4.\u7f16\u8f91nginx.conf \u5728http\u6216server\u8282\u70b9\u4e2d\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\uff08\u5728http\u8282\u70b9\u6dfb\u52a0\u8868\u793a\u5168\u5c40\u914d\u7f6e\uff0c\u5728server\u8282\u70b9\u6dfb\u52a0\u8868\u793a\u4e3a\u6307\u5b9a\u7f51\u7ad9\u914d\u7f6e\uff09\uff1a 5.\u7f16\u8f91modsecurity.conf SecRuleEngine [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-249","post","type-post","status-publish","format-standard","hentry","category-9"],"_links":{"self":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=249"}],"version-history":[{"count":2,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/249\/revisions"}],"predecessor-version":[{"id":640,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/249\/revisions\/640"}],"wp:attachment":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}