caddy安装waf插件防火墙防注入xss等功能

caddy WAF地址:https://github.com/BraveRoy/caddy-waf

下例网站配置文件目录为/home/caddy/etc/

linux下安装方法,需要安装go语言

centos7安装go:https://www.osyum.com/article/show/446/

需要xcaddy,可以到git去下载最新版本，这时最新版本为v0.1.6,我是在x86上应用的，所以应该下载linux_amd64版本。

mkdir -p xcaddy
cd xcaddy
wget https://github.com/caddyserver/xcaddy/releases/download/v0.1.6/xcaddy_0.1.6_linux_amd64.tar.gz
tar zxvf xcaddy_0.1.6_linux_amd64.tar.gz
./xcaddy build --with github.com/BraveRoy/caddy-waf

等编译安装完成后得到caddy文件

这里把caddy文件复制到/usr/bin/

mv /usr/bin/caddy /usr/bin/caddyold
mv caddy /usr/bin/

接下来下载配置文件一样去git下载

wget https://codeload.github.com/BraveRoy/caddy-waf/zip/master
unzip master
mv caddy-waf-master/rule /home/caddy/etc
chown caddy:caddy -R /home/caddy/etc

接下来修改网站配置文件

在大括号中加入以下waf配置文件

    route {
        waf {
            args_rule /home/caddy/etc/rule/args.rule
            user_agent /home/caddy/etc/rule/user_agent.rule
            post_rule /home/caddy/etc/rule/post.rule
            ip_allow_rule /home/caddy/etc/rule/ip_allow.rule
            ip_block_rule /home/caddy/etc/rule/ip_block.rule
            rate_limit_bucket 10
            rate_limit_rate 10
        }
    }

测试

https://www.osyum.com/tz.php?a=alert(bb)

将会显示:Intercept illegal requests

成功