由yum安装nginx / nginx-module-security / libmodsecurity。
成立于:/usr/lib64/nginx/modules/ngx_http_modsecurity_module.so
nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
load_module /usr/lib64/nginx/modules/ngx_http_modsecurity_module.so;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/services/*.conf;
}
试试VHOST:
location / {
ModSecurityEnabled on;
ModSecurityConfig /etc/nginx/modsec_includes.conf;
...
service nginx restart,error,systemctl status nginx.service:
nginx: [emerg] unknown directive "ModSecurityEnabled" in {location path}
有什么问题,如何解决?
如果您通过yum的this repo安装了该模块,它会指示您在哪里可以找到文档,例如:
----------------------------------------------------------------------
The security dynamic module for nginx has been installed.
To enable this module, add the following to /etc/nginx/nginx.conf
and reload nginx:
load_module modules/ngx_http_modsecurity_module.so;
Please refer to the module documentation for further details:
https://github.com/SpiderLabs/ModSecurity-nginx
----------------------------------------------------------------------
如果您遵循此link,您将了解到新的Modsecurity模块与v2相比具有不同的配置指令。
所以:
server {
modsecurity on;
location / {
root /var/www/html;
modsecurity_rules_file /etc/my_modsecurity_rules.conf;
}
}