X-WAF is an easy-to-use Cloud WAF, using a reverse proxy intervene in the way between the Web server and the visitors do not like the modSecurity and Naxsin nginx as a module, you need to compile and install
X-WAF use OpenResty as a reverse proxy software, and with the OpenResty of Lua as a script written in defense and operational tools
So, in fact X-WAF is a run on the Lua script OpenResty, and with the multi-platform applicability OpenResty (nginx), you can run a variety of operating systems
The process of deploying X-WAF process time is to install OpenResty, Lua script is loaded, and then establish a virtual host, access the virtual host and send directly to the original php, tomcat or the nginx
If you are already on site nginx + php built, you need to configure the Web site to OpenResty (80 or 443), the original port in the nginx web hosting changed to other ports such as 8080, in order to prevent the user through original IP or domain name +8080 port access, and even the original nginx IP host configuration which can be directly modified to 127.0.0.1. And on OpenResty virtual host configuration will send access to the original nginx 127.0.0.1:8080 by proxy_pass
project address:
https://waf.xsec.io/
github:
https://github.com/xsec-lab/x-waf
Management background
https://github.com/xsec-lab/x-waf-admin
Key Features
- Support WEB defense against common attacks, such as sql injection, xss, crossing the path, blocking the scanner scans, etc.
- Defense held the CC attack
- waf reverse mode, the rear end of the protection server can be directly used within the network IP, without exposure to the public network
- Supports IP, URL, Referer, User-Agent, Get, Post, Cookies parametric defense strategy
- Installation, deployment and maintenance is very simple
- Waf supports online management rules
- Supports online management back-end servers
- Multiple configurations can automatically synchronize waf
- Cross-platform, supporting the deployment in linux, unix, mac and windows operating system
Installation process:
1, download and install OpenResty http://openresty.org/cn/, i.e., can be used to compile source code installed, you may be installed with yum, which is mounted by way of compiling the source code
yum -y install pcre pcre-devel
wget https://openresty.org/download/openresty-1.15.8.1.tar.gz
tar -zxvf openresty-1.15.8.1.tar.gz
cd openresty-1.15.8.1
./configure
gmake && gmake install
The openresty adding environment variables, so that you can only call openresty command, in fact, / usr / local / openresty / bin / openresty is pointing to / usr / local / openresty / nginx / sbin / nginx is a link, but we put the environment variable to point openresty, and in order to distinguish the system existing nginx
export PATH=/usr/local/openresty/bin:$PATH
2, modify the original nginx server virtual host IP and port, but also to modify (or delete) nginx default virtual host IP and port, otherwise start openresty time is because of the 80 or 443 port is in use and can not be started.
3, start openresty
- Start
openresty
- stop
openresty -s STOP
- restart
openresty -s reload
- test openresty ( nginx ) is configured correctly
openresty -t
Because the default openresty launch customer is nginx, if the system does not require the user to create a new or existing systems using nginx server users can, for example lnmp of nginx default user is www. Otherwise, start openresty will complain
nginx: [emerg] getpwnam("nginx") failed in /usr/local/openresty/nginx/conf/nginx.conf
This time you need to create a new user nginx, or modify nginx.conf inside the configuration file of user nginx start
4, x-waf download configuration files and rules package
Switch to openresty profile directory
cd / usr / local / openresty / nginx / conf /
Download x-waf configuration and rule files
git clone https://github.com/xsec-lab/x-waf
download an x-waf folder, inside nginx_conf / nginx.conf configuration file is a good lua and x-waf rules template file directory, can be copied to / usr / local / openresty / Nginx / the conf / nginx.conf openresty overwrites the original profile
cp / usr / local / openresty / nginx / conf / x- waf / nginx_conf /nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
Create a virtual host configuration file directory
mkdir -p / usr / local / openresty / nginx / conf / vhosts
Modify the configuration file
{_M = local
- opening the WAF
config_waf_enable = "ON",
- log directory
config_log_dir = "/ Data / WAF /",
- rule Setting
config_rule_dir = "/ usr / local / openresty / Nginx / the conf / X-WAF / rules ",
- enable URL whitelist filtering
config_white_url_check =" ON ",
- enable IP white list filtering
config_white_ip_check =" ON ",
- enable IP blacklist
config_black_ip_check =" ON ",
- enable url filtering
config_url_check =" ON ",
- enable the url parameter filtering
config_url_args_check =" ON ",
- enabled browser user agent filter
config_user_agent_check =" on ",
- Enable cookie filter
= config_cookie_check "ON",
- CC enable attack detection
config_cc_check = "ON",
- CC attack detection threshold 10 times / 60 seconds
config_cc_rate = "10/60",
- enable / disable POST Filtering
config_post_check = "ON" ,
- after detecting the attacker attacks to the output, the default html text string, through config_output_html configuration, or set to url, then by config_waf_redirect_url arranged
config_waf_model = "html",
- IF config_waf_output, setting URL
config_waf_redirect_url = "HTTP: // xxx.com ",
config_expire_time = 600,
config_output_html = [[
<HTML>
<head>
<Meta charset =" UTF-. 8 ">
<title> illegal access </ title>
</ head>
<body>
<div>
<div class = "the Table">
<div>
<div class = "the Cell">
unauthorized access, your IP address is:% S
</ div>
<div class = "the Cell">
If you need help, please contact customer service
</ div >
</ div>
</ div>
</ div>
</ body>
</ HTML>
]],
}
5, management background to install, use the GO language management background, you can download the compiled version can be run directly
https://github.com/xsec-lab/x-waf-admin/releases/download/x-waf- admin0.1 / x-waf-admin0.1- linux-amd64.tar.gz
Extracting
tar -xzf x-waf-admin0.1- linux-amd64.tar.gz
Enter the directory
cd x-waf-admin
Edit the configuration file
vi conf / app.ini
Dev = RUN_MODE # development environment
; RUN_MODE = prod # production environments
[Server]
HTTP_PORT 5000 # = management background port
the API_KEY = xsec.io || secdevops.cn
NGINX_BIN = / usr / local / openresty / Nginx / sbin / Nginx # openresty specified executable file location
NGINX_VHOSTS = / usr / local / openresty / nginx / conf / vhosts / # virtual host configuration file specifies the location
API_SERVERS = 127.0.0.1, your own IP # IP address of the designated management background, add your own IP server can
[database]
the uSER = database user name
PASSWD = password database
HOST = 127.0.0.1:3306 # database address and port
nAME = waf # database name
[waf]
RULE_PATH = / usr / local / openresty / nginx / conf / x-waf / rules /
Background process has been started way management background, start automatically written to the MySQL database configuration table, if not configured MySQL, the database management background because users can not find inside and can not log
nohup ./server >> x-waf. 2 log> &. 1 &
tail -f X-waf.log view logs and to start operation to start
You can then access management background http: // ip: 5000 / login /, the default management background user is admin, password is [email protected], production environment that you want to modify the account password
6, by adding the site management background, the Index page, click New backend site
After adding click the Sync button, the configuration will be written to the openresty virtual host configuration file directory ( / usr / local / openresty / nginx / conf / vhosts )
We need to pay attention, it is the actual management background x-waf-admin / templates / proxy.tmpl file generation virtual host configuration file as a template, so if the resulting file does not meet the requirements, you can modify the template file
, or reference this template file itself in / usr / local / openresty / nginx / conf / vhosts create a virtual host configuration file directory
You may be prompted synchronization failure (in fact, the configuration file has been written, but not restart openresty) Click the Sync button, it is because through proxy.tmpl generated configuration file to log into the directory / var / log / nginx / inside, this Contents may not exist.
You can manually create the directory or modify directory
Note the special needs, if you manually modify the virtual host configuration file, do not use the sync button, and click the sync button will regenerate the configuration file proxy.tmpl
7, test whether the entry into force waf
http://ip/\?id\=1%20union%20select%201,2,3 #应该会显示“”欢迎在遵守白帽子道德准则的情况下进行安全测试“”等字样
8、检查原有网站能否正常访问
9、如果我们想修改waf的拦截提示信息,可以修改 /usr/local/openresty/nginx/conf/x-waf 文件里的 config_output_html 配置