《nginx的WAF和防ddos模块.doc》由会员分享,可在线阅读,更多相关《nginx的WAF和防ddos模块.doc(3页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、-作者xxxx-日期xxxxnginx的WAF和防ddos模块【精品文档】DDOS1、http limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s; /触发条件,所有访问ip 限制每秒10个请求 . server . location .php$ limit_req zone=one burst=5 nodelay; /执行的动作,通过zone名字对应 2、http limit_conn_zone $binary_remote_addr zone=addr:10m; /触发条件 . server . location /down
2、load/ limit_conn addr 1; / 限制同一时间内1个连接,超出的连接返回503 Nginx WAF安全modsecurityyum install zlib zlib-devel openssl openssl-devel pcre pcre-develyum install httpd-devel apr apr-util-devel apr-devel pcre pcre-devel libxml2 libxml2-develyum install automake libtool*yum install unzip gitcd modsecurity./configu
3、re -enable-standalone-module -disable-mlogcmakecd nginxmake & make installcp -R owasp-modsecurity-crs /etc/nginx/cp /etc/nginx/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example cp unicode.mapping /etc/nginxSecRuleEngine onInclude /etc/nginx/owasp-modsecurity-crs/Include /etc/nginx/owasp-mo
4、dsecurity-crs/Include /etc/nginx/owasp-modsecurity-crs/Include /etc/nginx/owasp-modsecurity-crs/Include /etc/nginx/owasp-modsecurity-crs/Include /etc/nginx/owasp-modsecurity-crs/Include /etc/nginx/owasp-modsecurity-crs/配置nginx.conf在location中加入:ModSecurityEnabled on; ModSecurityConfig modsecurity.conf;/usr/local/nginx/sbin/nginx如果出现80端口占用sudo fuser -k 80/tcp【精品文档】