CentOS6_Nginx反向代理+Nginx版网站安全狗
Nginx代理服务器的信息:[root@localhost ~]# cat /etc/redhat-release
[color=Purple]CentOS release 6.9 (Final)[/color]
[root@localhost ~]#
[root@localhost ~]# uname -r
[color=Purple]2.6.32-696.el6.x86_64[/color]
[root@localhost ~]# ifconfig eth0 |grep "inet addr" |awk '{print $2}' |awk -F: '{print $2}'
[color=Purple]192.168.168.130[/color]
Nginx和Nginx版网站安全狗的安装可参考:[url=http://blog.zhuohua.store/viewthread.php?tid=302&extra=page%3D1]Oracle Linux6安装服务器安全狗、Nginx版网站安全狗[/url]
查看Nginx的版本:
[root@localhost ~]# nginx -v
[color=DarkRed]safedog-nginx-waf version/2.4
developed by www.safedog.cn[/color]
nginx version: nginx/[color=Purple]1.10.2[/color]
Nginx的默认站点使用反向代理:
修改Nginx的主配置文件:
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
插入以下代码:
proxy_pass http://192.168.168.154:80;
如下图:
[attach]17051[/attach]
注释:把对本机TCP 80端口的访问反向代理到另外一台服务器(192.168.168.154)的TCP 80端口。
重启Nginx服务:
[root@localhost ~]# service nginx restart
防火墙需要开启TCP 80端口:
[root@localhost ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu Jul 5 04:46:40 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:680]
[color=Purple]-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT [/color]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Jul 5 04:46:40 2018
重启iptables服务:
[root@localhost ~]# service iptables restart
[color=Purple]iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则:[确定]
iptables:正在卸载模块:[确定]
iptables:应用防火墙规则:[确定][/color]
反向代理成功:(远程客户端只访问Nginx代理服务器的TCP 80端口)
http://192.168.168.130/
[attach]17052[/attach]
############
############
测试Nginx版网站安全狗的漏洞防护功能:(要设置为 [color=Blue]记录并拦截 [/color])
相关的配置文件:
[root@localhost ~]# cd /etc/safedog/nginx/conf/
[root@localhost conf]# cat WPCDefSql.conf
[SqlAttack]
ChkFullUrl=1
ChkSqlAttackStatus=1
ChkUrlLenStatus=1
Count=0
MaxUrlLen=2048
NeedSendInterceptPage=[color=DarkRed]1[/color] [color=DarkOrchid]#记录并拦截;默认是0,记录不拦截[/color]
NeedSendInterceptPageSQLAttack=0
SendAlert=1
UpdateUrl=http://www.safedog.cn/upload/configFile/sqlRule.dat
WhitePathCount=0
注释:可以直接在配置文件中修改,自动生效的。
客户端远程测试:
http://192.168.168.130/[color=Blue]?order%20by[/color]
[attach]17053[/attach]
结论:
[size=4]Nginx做了反向代理后,Nginx版网站安全狗可以保护被反向代理的后台服务器。[/size]
相关文章:
[url=http://blog.zhuohua.store/viewthread.php?tid=63&page=1&extra=#pid64]CentOS6_Nginx反向代理+负载均衡(轮询)[/url]
[url=http://blog.zhuohua.store/viewthread.php?tid=297&page=1&extra=#pid300]CentOS6_Nginx反向代理+Nginx版网站安全狗+Tomcat+JDK+SSL[/url]
[url=http://blog.zhuohua.store/viewthread.php?tid=303&page=1&extra=#pid306]CentOS6_Nginx基于域名的虚拟主机+反向代理+两个Tomcat[/url]
页:
[1]