apache安装modsecurity组件防火墙

先安装好apache:https://www.osyum.com/article/show/379/

安装git

yum install git -y

接下来安装modsecurity，可以到https://www.modsecurity.org/download.html,下载最新版本

cd /root
wget https://www.modsecurity.org/tarball/2.9.3/modsecurity-2.9.3.tar.gz
tar zxvf modsecurity-2.9.3.tar.gz
cd modsecurity-2.9.3
./configure --with-apxs=/usr/local/apache/bin/apxs --with-apr=/usr/local/apr --with-apu=/usr/local/apr-util/bin --with-pcre=/usr/local/pcre
make&&make install

复制配置文件

cp /root/modsecurity-2.9.3/modsecurity.conf-recommended /usr/local/apache/etc/modsecurity.conf

将unicode.mapping复制到modsecurity.conf同一目录下。

cp /root/modsecurity-2.9.3/unicode.mapping /usr/local/apache/etc

查看有无安装好插件

find /usr/local/apache/modules -name mod_security2.so

显示

/usr/local/apache/modules/mod_security2.so

安装成功,添加权限

chmod +wx  /usr/local/apache/modules/mod_security2.so

在配置文件上添加组件支持

vi /usr/local/apache/etc/httpd.conf

在大约162行加入

LoadModule unique_id_module modules/mod_unique_id.so

LoadModule security2_module modules/mod_security2.so

#mod_security配置

        Include /usr/local/apache/etc/modsecurity.conf

安装规则

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cp -R owasp-modsecurity-crs/rules /usr/local/apache/etc
cp owasp-modsecurity-crs/crs-setup.conf.example /usr/local/apache/etc/crs-setup.conf

编辑Modsecurity.conf并在下面加入include crs-setup.conf和include rules/*.conf

vi /usr/local/apache/etc/modsecurity.conf

把SecRuleEngine DetectionOnly改为SecRuleEngine On

SecRuleEngine On

然后在最后面加入以下代码

#Load OWASP Config
Include /usr/local/apache/etc/crs-setup.conf
#Load all other Rules
Include /usr/local/apache/etc/rules/*.conf

重启apache

/usr/local/apache/bin/apachectl restart

测试

http://192.168.0.5/?a=alert(bb)

出现

Forbidden

You don't have permission to access this resource.

证明成功

查看日志

more /var/log/modsec_audit.log

xss规则