所有源代码都在 /opt/src

下载编译ModSecurity

sudo mkdir /opt/src


sudo mkdir /opt/mod


cd /opt/src


sudo wget https://github.com/SpiderLabs/ModSecurity/releases/download/v2.9.3/modsecurity-2.9.3.tar.gz


sudo apt-get install apache2-dev libxml2-dev openssl libssl-dev zlib1g-dev libpcre3 libpcre3-dev libxslt-dev libgd-dev  libgeoip-dev


cd modsecurity-2.9.3


./configure --enable-standalone-module --disable-mlogc --prefix=/opt/mod


sudo make


sudo make install

下载编译nginx

wget http://nginx.org/download/nginx-1.21.0.tar.gz


tar -zxvf nginx-1.21.0.tar.gz


cd nginx-1.21


./configure  --prefix=/opt/waf \
--without-select_module  \
--without-poll_module  \
--with-file-aio  \
--with-threads  \
--with-ipv6  \
--with-http_addition_module  \
--with-http_auth_request_module  \
--with-http_gunzip_module  \
--with-http_gzip_static_module  \
--with-http_realip_module  \
--with-http_secure_link_module  \
--with-http_slice_module  \
--with-http_ssl_module  \
--with-http_stub_status_module  \
--with-http_sub_module  \
--with-http_v2_module  \
--with-stream_ssl_module  \
--with-http_xslt_module=dynamic  \
--with-http_geoip_module=dynamic  \
--with-stream=dynamic   \
--with-stream_geoip_module=dynamic    \
--add-module=/opt/src/modsecurity-2.9.3/nginx/modsecurity/  \
--with-compat 


make


make install

为nginx添加modsecurity

mkdir -p /opt/waf/conf/modsecurity/


cp /opt/src/modsecurity-2.9.3/modsecurity.conf-recommended /opt/waf/conf/modsecurity/modsecurity.conf


cp /opt/src/modsecurity-2.9.3/unicode.mapping /opt/waf/conf/modsecurity/unicode.mapping


cp -p /opt/mod/lib/* /opt/waf/modules

下载规则文件压缩包,解压后复制crs-setup.conf.example/opt/waf/conf/modsecurity/下并重命名为crs-setup.conf

复制rules文件夹到/opt/waf/conf/modsecurity/下,
同时修改

REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
与RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example

两个文件的文件名,将".example"删除,
可将自己写的规则放置于此两个文件中;

编辑modsecurity.conf

SecRuleEngine DetectionOnly改为SecRuleEngine On

同时在文件末尾添加以下内容:

Include crs-setup.conf
Include rules/*.conf

编辑nginx.conf

在http或server节点中添加以下内容(在http节点添加表示全局配置,在server节点添加表示为指定网站配置):

ModSecurityEnabled on;  
ModSecurityConfig modsecurity/modsecurity.conf;
server_tokens off;

启动

/opt/waf/sbin/nginx