在调试naxsi的时候遇到很多的问题,最后在一老外blog发现了这个文章,写的不错,测试能过,目前正在测试其它功能,后期会写一些使用方法和案例

Install the redhat 5 repository package:
rpm -ivh –nosignature http://rpm.axivo.com/redhat/axivo-release-5-1.noarch.rpm

Install the redhat 6 repository package:
rpm -ivh –nosignature http://rpm.axivo.com/redhat/axivo-release-6-1.noarch.rpm

yum –disablerepo=* –enablerepo=axivo list available

Install Procedure
For rules or additional configuration settings, please use the Naxsi Wiki.

In this example, we will install Nginx with Naxsi 0.47 firewall module and user interface on CentOS 5 64bits.
This is a list of useful locations installed by Axivo Nginx package:

  • /etc/nginx – stores all global configuration files
  • /etc/nginx.d – stores all host configuration files
  • /var/lib/nginx – stores Nginx cache data
  • /var/log/nginx – stores Nginx logs

If you did not installed yet the Axivo repository, please follow the instructions listed on main page.

1) Install the rpm’s and their dependencies:

2) Enable the nginx and naxsi-ui services:

3) Create a new MySQL database and assign proper permissions to it:

4) Edit the /etc/nginx/naxsi-ui.conf configuration file and adjust the values inside:

Naxsi needs full permissions to create the initial MySQL data. The easiest way to get everything rolling is to use first your root MySQL user ID. Once the table schemas are generated, you can use the naxsiuser ID and password.

5) Edit the /etc/nginx/nginx.conf global configuration and include the /etc/nginx/naxsi_core.rules file:

Code:
http {
	include mime.types;
	...
	include /etc/nginx/naxsi_core.rules;
	include /etc/nginx.d/*.conf;
}

6) Edit the /etc/nginx.d/localhost.conf host configuration, then include the /etc/nginx/naxsi.rules file and proxied requests:

Code:
server {
	listen 192.168.1.8:80 default_server;
	server_name www.axivo.com;
	...
	location / {
		try_files $uri $uri/ /index.html;
		include naxsi.rules;
	}
	...
	location /RequestDenied {
		proxy_pass http://192.168.1.8:8080;
		internal;
	}
	...
}

7) Start the nginx and naxsi-ui daemons:

You are all set, enjoy the new layer of security on your site.



分享到: 更多

这篇日志的 QR 二维码为:

一月 18th, 2013

Posted In: linux系统

发表评论

电子邮件地址不会被公开。 必填项已用*标注

无觅相关文章插件,快速提升流量