- \n
- \n
- OS : CentOS7.9<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Kernel: 3.10.0-1160.49.1.el7.x86_64<\/ul>\n<\/li>\n<\/ul>\n
- \n
- ModSecruity\uff1a v3.0.6-11-g76ce673<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Nginx: 1.18.0<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Tomcat: 7.0.76-16.el7_9<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- webgoat\uff1a 7.0.1<\/ul>\n
2. \u5b89\u88c5WebGoat<\/h2>\n
\u5728\u5b89\u88c5WebGoat\u4e4b\u524d\uff0c\u8bf7\u7981\u7528SELinux\u5e76\u6dfb\u52a0firewalld\u7684\u7aef\u53e3\u8bb8\u53ef\u8bbe\u7f6e\u3002\u7136\u540e\u91cd\u65b0\u542f\u52a8\u64cd\u4f5c\u7cfb\u7edf\u3002\u5982\u679c\u60a8\u5728\u751f\u4ea7\u73af\u5883\u4e2d\u4f7f\u7528\uff0c\u8bf7\u786e\u4fdd\u542f\u7528SELinux\uff01<\/p>\n
yum -y<\/span> update\r\nsed<\/span> -i<\/span> 's\/SELINUX=enforcing\/SELINUX=disabled\/g'<\/span> \/etc\/selinux\/config\r\nfirewall-cmd --add-port<\/span>=<\/span>80\/tcp --permanent<\/span>\r\nfirewall-cmd --add-port<\/span>=<\/span>8080\/tcp --permanent<\/span>\r\nfirewall-cmd --reload<\/span>\r\nshutdown -r<\/span> now\r\n<\/code><\/pre>\n\u6211\u9700\u8981\u5b89\u88c5\u5f00\u53d1\u7528\u7684\u8f6f\u4ef6\u5305\u3002<\/p>\n
yum groupinstall 'Development Tools'<\/span> -y<\/span>\r\nyum -y<\/span> install <\/span>vim wget git policycoreutils-python libtool epel-release.noarch\r\n<\/code><\/pre>\n\u6211\u5011\u8981\u5b89\u88ddTomcat\u3002<\/p>\n
yum -y<\/span> install <\/span>tomcat\r\n<\/code><\/pre>\n\u4e0b\u8f7dwebgoat-container\uff0c\u5e76\u5c06\u5176\u79fb\u52a8\u5230webapps\u76ee\u5f55\u4e0b\u3002<\/p>\n
wget https:\/\/github.com\/WebGoat\/WebGoat\/releases\/download\/7.0.1\/webgoat-container-7.0.1.war\r\nmv <\/span>webgoat-container-7.0.1.war \/usr\/share\/tomcat\/webapps\/webgoat.war\r\nsystemctl start tomcat\r\n<\/code><\/pre>\n![\"image.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d157b37434c4406bfe8d7\/13-0.png\" "\\"\\"")
<\/div>\n3. \u5b89\u88c5ModSecurity<\/h2>\n
\u5b89\u88c5ModSecurity\u6240\u9700\u7684\u8f6f\u4ef6\u5305\u3002<\/p>\n
yum -y<\/span> install <\/span>gcc-c++ flex bison yajl yajl-devel curl-devel curl GeoIP-devel doxygen zlib-devel pcre-devel lmdb lmdb-devel libxml2 libxml2-devel ssdeep ssdeep-devel lua lua-devel openssl openssl-devel\r\n<\/code><\/pre>\n\u4eceGithub\u4e0b\u8f7dModSecurity\u7684\u6e90\u4ee3\u7801\u5e76\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n
cd<\/span> \/opt\/\r\ngit clone https:\/\/github.com\/SpiderLabs\/ModSecurity\r\ncd <\/span>ModSecurity\r\ngit checkout -b<\/span> v3\/master origin\/v3\/master\r\nsh build.sh\r\ngit submodule init\r\ngit submodule update\r\n.\/configure --with-lmdb<\/span> --with-yajl<\/span>\r\nmake\r\nmake install<\/span>\r\n<\/code><\/pre>\n\n\u30aa\u30d7\u30b7\u30e7\u30f3\u8aac\u660e–with-yajlJSON\u30e9\u30a4\u30d6\u30e9\u30ea\u3067\u3042\u308bYAIL\u3092\u6709\u52b9\u306b\u3059\u308b\u3002ModSecrutiy\u3067\u306f\u76e3\u67fbLOG\u3092JSON\u5f62\u5f0f\u3067\u4fdd\u5b58\u3059\u308b\u5834\u5408\u5fc5\u9808\u3068\u306a\u308b\u30b3\u30f3\u30d1\u30a4\u30eb\u30aa\u30d7\u30b7\u30e7\u30f3-with-geoipGEOIP\u3092\u6709\u52b9\u306b\u3059\u308b\uff08ModSecrutiy v2\uff09–withmaxmindGEOIP\u3092\u6709\u52b9\u306b\u3059\u308b\uff08ModSecrutiy v3\uff09–withssdeepFuzzy Hashing\u306b\u3088\u308b\u30de\u30eb\u30a6\u30a7\u30a2\u691c\u51fa\u3092\u6709\u52b9\u306b\u3059\u308b–with-lmdbModSecurity\u306ecollection\u4fdd\u5b58\u2f64\u3068\u3057\u3066LMDB\u3092\u6709\u52b9\u306b\u3059\u308b–with-lualua\u3092\u6709\u52b9\u306b\u3059\u308b\u3002\u5916\u90e8\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u2f8f\u3059\u308b\u969b\u3001Lua\u3067\u66f8\u304b\u308c\u305f\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u2f8f\u3059\u308b\u4e8b\u3092\u63a8\u5968\u3055\u308c\u3066\u3044\u308b–with-libxmlXML\u3092\u89e3\u6790\u30fb\u64cd\u4f5c\u3059\u308b\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u6709\u52b9\u306b\u3059\u308b–with-pcrePerl 5 \u4e92\u63db\u306e\u6b63\u898f\u8868\u73fe\u3092C\u2f94\u8a9e\u3067\u5b9f\u88c5\u3057\u305f\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u6709\u52b9\u306b\u3059\u308b<\/div>\n<\/div>\n4. \u5b89\u88c5Nginx<\/h2>\n
\u521b\u5efa\u4e00\u4e2a\u7528\u4e8eNginx\u7684\u7528\u6237\u3002<\/p>\n
groupadd -g<\/span> 1001 nginx\r\nuseradd -u<\/span> 1001 -g<\/span> 1001 -d<\/span> \/var\/lib\/nginx -s<\/span> \/sbin\/nologin -c<\/span> \"Nginx Web Server\"<\/span> nginx\r\n<\/code><\/pre>\n\u6211\u5c06\u5b89\u88c5Nginx\u3002<\/p>\n
cd<\/span> ..\/\r\ngit clone --depth<\/span> 1 https:\/\/github.com\/SpiderLabs\/ModSecurity-nginx.git\r\nwget http:\/\/nginx.org\/download\/nginx-1.18.0.tar.gz\r\ntar <\/span>zxvf nginx-1.18.0.tar.gz\r\ncd <\/span>nginx-1.18.0\r\n.\/configure --prefix<\/span>=<\/span>\/etc\/nginx \\<\/span>\r\n--sbin-path<\/span>=<\/span>\/usr\/sbin\/nginx \\<\/span>\r\n--modules-path<\/span>=<\/span>\/usr\/lib64\/nginx\/module \\<\/span>\r\n--conf-path<\/span>=<\/span>\/etc\/nginx\/nginx.conf \\<\/span>\r\n--error-log-path<\/span>=<\/span>\/var\/log\/nginx\/error.log \\<\/span>\r\n--http-log-path<\/span>=<\/span>\/var\/log\/nginx\/access.log \\<\/span>\r\n--pid-path<\/span>=<\/span>\/var\/run\/nginx.pid \\<\/span>\r\n--lock-path<\/span>=<\/span>\/run\/lock\/subsys\/nginx \\<\/span>\r\n--user<\/span>=<\/span>nginx \\<\/span>\r\n--group<\/span>=<\/span>nginx \\<\/span>\r\n--with-http_addition_module<\/span> \\<\/span>\r\n--with-http_auth_request_module<\/span> \\<\/span>\r\n--with-http_realip_module<\/span> \\<\/span>\r\n--with-http_secure_link_module<\/span> \\<\/span>\r\n--with-http_slice_module<\/span> \\<\/span>\r\n--with-http_stub_status_module<\/span> \\<\/span>\r\n--with-http_sub_module<\/span> \\<\/span>\r\n--with-http_ssl_module<\/span> \\<\/span>\r\n--with-http_v2_module<\/span> \\<\/span>\r\n--with-http_gunzip_module<\/span> \\<\/span>\r\n--with-http_gzip_static_module<\/span> \\<\/span>\r\n--with-threads<\/span> \\<\/span>\r\n--add-dynamic-module<\/span>=<\/span>..\/ModSecurity-nginx \\<\/span>\r\n--with-pcre<\/span> \\<\/span>\r\n--with-pcre-jit<\/span>\r\n\r\nmake \r\nmake install<\/span>\r\n<\/code><\/pre>\n5. \u521b\u5efaNginx\u542f\u52a8\u524d\u7684Config\u6587\u4ef6\u3002<\/h2>\n
mkdir<\/span> \/etc\/nginx\/conf.d\r\nmkdir<\/span> \/etc\/nginx\/modules\r\nmkdir<\/span> \/etc\/nginx\/modsecurity\r\ncp <\/span>objs\/ngx_http_modsecurity_module.so \/etc\/nginx\/modules\r\ncp<\/span> ..\/ModSecurity\/modsecurity.conf-recommended \/etc\/nginx\/modsecurity\/modsecurity.conf\r\ncp<\/span> ..\/ModSecurity\/unicode.mapping \/etc\/nginx\/modsecurity\/\r\n<\/code><\/pre>\n6. \u5b89\u88c5CoreRuleSet(CRS)<\/h2>\n
\u4e0b\u4e00\u6b65\u662f\u4e0b\u8f7dWAF\u7684CRS\u7b7e\u540d\uff0c\u5e76\u5c06\u5176\u590d\u5236\u5230\/etc\/nginx\/modsecurity\u76ee\u5f55\u4e0b\u3002<\/p>\n
cd<\/span> ..\r\ngit clone https:\/\/github.com\/SpiderLabs\/owasp-modsecurity-crs.git\r\nmv <\/span>owasp-modsecurity-crs\/crs-setup.conf.example .\/owasp-modsecurity-crs\/crs-setup.conf \r\ncp<\/span> -pr<\/span> owasp-modsecurity-crs \/etc\/nginx\/modsecurity\/\r\n<\/code><\/pre>\n\u521b\u5efa\u4e00\u4e2a\u4f9bNginx\u52a0\u8f7d\u7684ModSecurity\u7684conf\u6587\u4ef6\u3002<\/p>\n
vim \/etc\/nginx\/modsecurity\/modsec_includes.conf\r\ninclude modsecurity.conf\r\ninclude \/etc\/nginx\/modsecurity\/owasp-modsecurity-crs\/crs-setup.conf\r\ninclude \/etc\/nginx\/modsecurity\/owasp-modsecurity-crs\/rules\/*<\/span>.conf\r\n:wq\r\n<\/code><\/pre>\n7. \u4fee\u6539Nginx\u914d\u7f6e\u6587\u4ef6<\/h2>\n
vim \/etc\/nginx\/nginx.conf\r\nload_module modules\/ngx_http_modsecurity_module.so;<\/span> #\u30d5\u30a1\u30a4\u30eb\u306e\u4e00\u756a\u4e0a\u306b\u8ffd\u8a18<\/span>\r\nlocation \/ {<\/span>\r\nroot html;<\/span>\r\nindex index.html index.htm;<\/span>\r\nmodsecurity on;<\/span> #modsecurity\u6709\u52b9\u5316<\/span>\r\nmodsecurity_rules_file \/etc\/nginx\/modsecurity\/modsec_includes.conf;<\/span> #Config\u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a<\/span>\r\nproxy_pass http:\/\/localhost:8080\/;<\/span> #tomcat\u3078\u306e\u30d7\u30ed\u30ad\u30b7\u8a2d\u5b9a<\/span>\r\n:wq\r\n<\/code><\/pre>\n8. \u5236\u4f5cNginx\u542f\u52a8\u811a\u672c<\/h2>\n
vim \/usr\/lib\/systemd\/system\/nginx.service\r\n[<\/span>Unit]\r\nDescription<\/span>=<\/span>nginx - high performance web server\r\nDocumentation<\/span>=<\/span>http:\/\/nginx.org\/en\/docs\/\r\nAfter<\/span>=<\/span>network.target remote-fs.target nss-lookup.target\r\n[<\/span>Service]\r\nType<\/span>=<\/span>forking\r\nPIDFile<\/span>=<\/span>\/var\/run\/nginx.pid\r\nExecStartPre<\/span>=<\/span>\/usr\/sbin\/nginx -t<\/span> -c<\/span> \/etc\/nginx\/nginx.conf\r\nExecStart<\/span>=<\/span>\/usr\/sbin\/nginx -c<\/span> \/etc\/nginx\/nginx.conf\r\nExecReload<\/span>=<\/span>\/bin\/kill -s<\/span> HUP $MAINPID<\/span>\r\nExecStop<\/span>=<\/span>\/bin\/kill -s<\/span> QUIT $MAINPID<\/span>\r\nPrivateTmp<\/span>=<\/span>true<\/span>\r\n[<\/span>Install]\r\nWantedBy<\/span>=<\/span>multi-user.target\r\n:wq\r\n<\/code><\/pre>\n9. \u6743\u9650\u53d8\u66f4\u548cNginx\u542f\u52a8 h\u00e9 Nginx<\/h2>\n
vim \/etc\/nginx\/modsecurity\/owasp-modsecurity-crs\/rules\/local-001.conf\r\nSecRuleRemoveById 920350 #ip\u3067\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3082WAF\u30eb\u30fc\u30eb\u3067\u691c\u77e5\u3055\u308c\u306a\u3044\u3088\u3046\u9664\u5916\u3057\u3066\u304a\u304f<\/span>\r\n:wq\r\nsed<\/span> -i<\/span> 's\/SecDefaultAction \"phase:1,log,auditlog,pass\"\/#SecDefaultAction \"phase:1,log,auditlog,pass\"\/g'<\/span> \/etc\/nginx\/modsecurity\/owasp-modsecurity-crs\/crs-setup.conf \r\nsed<\/span> -i<\/span> 's\/SecDefaultAction \"phase:2,log,auditlog,pass\"\/#SecDefaultAction \"phase:2,log,auditlog,pass\"\/g'<\/span> \/etc\/nginx\/modsecurity\/owasp-modsecurity-crs\/crs-setup.conf \r\nsed<\/span> -i<\/span> 's\/# SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"\/SecDefaultAction \"phase:1,log,auditlog,deny,status:403\"\/g'<\/span> \/etc\/nginx\/modsecurity\/owasp-modsecurity-crs\/crs-setup.conf \r\nsed<\/span> -i<\/span> 's\/# SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"\/SecDefaultAction \"phase:2,log,auditlog,deny,status:403\"\/g'<\/span> \/etc\/nginx\/modsecurity\/owasp-modsecurity-crs\/crs-setup.conf \r\ncd<\/span> \/etc\r\nchown<\/span> -R<\/span> nginx:nginx nginx\r\nnginx -t<\/span> \r\n# nginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok<\/span>\r\n# nginx: configuration file \/etc\/nginx\/nginx.conf test is successful <\/span>\r\nsystemctl start nginx \r\nchown <\/span>root:nginx \/var\/log\/modsec_audit.log \r\nsystemctl restart nginx \r\n<\/code><\/pre>\n10. \u8fdb\u884c\u64cd\u4f5c\u786e\u8ba4<\/h2>\n
![\"image.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d157b37434c4406bfe8d7\/39-0.png\" "\\"\\"")
<\/div>\n![\"image.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d157b37434c4406bfe8d7\/40-0.png\" "\\"\\"")
<\/div>\n\u5982\u679c\u8981\u5c06ModSecurity\u7684\u9ed8\u8ba4\u6a21\u5f0f\u66f4\u6539\u4e3a\u963b\u6b62\u6a21\u5f0f\uff0c\u8bf7\u5c06\/etc\/nginx\/modsecurity\/modsecurity.conf\u6587\u4ef6\u4e2d\u7684SecRuleEngine\u4eceDetectionOnly\u66f4\u6539\u4e3aOn\u3002<\/p>\n
\u7531\u4e8eWebGoat\u662f\u4e3a\u4e86\u5b66\u4e60\u548c\u5b9e\u8df5Web\u5e94\u7528\u7a0b\u5e8f\u7684\u5f31\u70b9\u800c\u521b\u5efa\u7684\uff0c\u6240\u4ee5\u6211\u60f3\u5728\u53e6\u4e00\u7bc7\u6587\u7ae0\u4e2d\u5199\u4e00\u4e0b\u5b83\u5728ModSecurity\u4e0b\u7684\u9632\u62a4\u60c5\u51b5\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u73b0\u5728\u611f\u89c9\u6709\u70b9\u665a\u4e86\uff0c\u4f46\u8fd9\u662f\u5173\u4e8eWebApplicationFireWall\uff08ModSecurity\uff09\u7684\u6587\u7ae0\u3002\u6211\u4eec […]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-33054","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528modsecurity\u548cnginx\u6784\u5efawaf\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF\" \/>\n<meta property=\"og:description\" content=\"\u73b0\u5728\u611f\u89c9\u6709\u70b9\u665a\u4e86\uff0c\u4f46\u8fd9\u662f\u5173\u4e8eWebApplicationFireWall\uff08ModSecurity\uff09\u7684\u6587\u7ae0\u3002\u6211\u4eec […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528modsecurity\u548cnginx\u6784\u5efawaf\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-07T20:34:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-04T00:14:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d157b37434c4406bfe8d7\/13-0.png\" \/>\n<meta name=\"author\" content=\"\u9038, \u79d1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u9038, \u79d1\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/\",\"name\":\"\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-05-07T20:34:45+00:00\",\"dateModified\":\"2024-05-04T00:14:16+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487\",\"name\":\"\u9038, \u79d1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g\",\"caption\":\"\u9038, \u79d1\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keyi\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528modsecurity\u548cnginx\u6784\u5efawaf\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF","og_description":"\u73b0\u5728\u611f\u89c9\u6709\u70b9\u665a\u4e86\uff0c\u4f46\u8fd9\u662f\u5173\u4e8eWebApplicationFireWall\uff08ModSecurity\uff09\u7684\u6587\u7ae0\u3002\u6211\u4eec […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528modsecurity\u548cnginx\u6784\u5efawaf\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-05-07T20:34:45+00:00","article_modified_time":"2024-05-04T00:14:16+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d157b37434c4406bfe8d7\/13-0.png"}],"author":"\u9038, \u79d1","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u9038, \u79d1","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"3 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/","name":"\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-05-07T20:34:45+00:00","dateModified":"2024-05-04T00:14:16+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528ModSecurity\u548cNginx\u6784\u5efaWAF"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487","name":"\u9038, \u79d1","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g","caption":"\u9038, \u79d1"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keyi\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8modsecurity%e5%92%8cnginx%e6%9e%84%e5%bb%bawaf%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/33054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=33054"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/33054\/revisions"}],"predecessor-version":[{"id":97171,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/33054\/revisions\/97171"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=33054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=33054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=33054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n