OpenWAF configures Https to access local resources
introduce
OpenWAF (Web Application Firewall) is an open source web application firewall used to protect web applications from various network attacks. It monitors and filters traffic to web applications by integrating with web servers to identify and block potential attacks and malicious behaviors.
OpenWAF has a robust set of security features designed to provide comprehensive protection, including the following:
-
Attack protection : OpenWAF can detect and block common web attacks such as cross-site scripting (XSS), SQL injection, command injection, cross-site request forgery (CSRF), and path traversal. It analyzes incoming and outgoing data to prevent attacks by identifying malicious requests and specific attack patterns.
-
Access control : OpenWAF can filter and control traffic according to configured rules, allowing legitimate requests to pass and blocking potential malicious requests. You can set up IP whitelists and blacklists to restrict specific access sources or block known malicious IP addresses.
-
Session protection : With OpenWAF, you can protect the session mechanism of your web application, preventing session hijacking and session fixation attacks. It verifies the legitimacy of sessions, detects anomalous activity, and blocks malicious session manipulation.
-
Hotspot protection : OpenWAF can protect hotspot resources in websites to prevent resource abuse and service unavailability caused by frequent requests. It can limit the access frequency of specific resources, and monitor and block abnormal access behaviors.
-
Logging and monitoring : OpenWAF provides logging and monitoring functions to record detailed information on each request, including access sources, requested URLs, attack attempts and blocked malicious behaviors, etc. By analyzing log data, potential security risks and abnormal behaviors can be discovered in time.
As an open source project, OpenWAF is flexible and customizable, and you can configure and expand it according to your needs. It is compatible with common web servers (such as Nginx and Apache), and provides a rich library of plug-ins and extensions to meet different security needs.
In general, OpenWAF is an important tool to protect the security of web applications, which can help you reduce potential attack threats and protect the security of user data. If you run a web application and are concerned about security, consider using OpenWAF to increase the protection capabilities of your application.
Hope this introduction gave you an initial understanding of OpenWAF. If you have further questions, I'm always here to help! Protect your web application from hackers!
Local resource nginx configuration
In addition to the configuration in the location and the server_name configuration, everything else is fixed
server {
listen 443 ssl;
server_name _;
ssl_certificate /opt/OpenWAF/conf/ssl/nginx.crt;
ssl_certificate_key /opt/OpenWAF/conf/ssl/nginx.key;
ssl_protocols TLSv1.1 TLSv1.2;
include /opt/OpenWAF/conf/twaf_server.conf; #添加 WAF 防护
ssl_certificate_by_lua_file /opt/OpenWAF/app/twaf_ssl_cert.lua; #动态指定 SSL 证书
location / {
root 目录;
index index.html;
}
}
Specify SSL certificate in access_rule
{
"twaf_access_rule": [
"rules": [
{
"ngx_ssl": true,
"ngx_ssl_cert": "opt/OpenWAF/conf/ssl/abc.crt", #证书所在目录
"ngx_ssl_key": "/opt/OpenWAF/conf/ssl/abc.key", #证书所在目录
"host": "域名",
"path": "/",
"port": 443,
...
}
]
}
}
The host should correspond to the server_name of nginx
restart nginx
Stop command: /usr/local/openresty/nginx/sbin/nginx -c /etc/ngx_openwaf.conf -s stop
Start command: /usr/local/openresty/nginx/sbin/nginx -c /etc/ngx_openwaf.conf