https://verymoe.vercel.app/tags/%E9%98%B2%E7%81%AB%E5%A2%99/Recent content in 防火墙 on ShiroHugo -- gohugo.ioen-usSun, 06 Oct 2019 00:00:00 +0800https://verymoe.vercel.app/posts/bt-panel-nginx-lua-waf-firewall/Sun, 06 Oct 2019 00:00:00 +0800https://verymoe.vercel.app/posts/bt-panel-nginx-lua-waf-firewall/<blockquote class="alert alert-note"> <div class="alert-header"> <span class="alert-icon">📝</span> <span class="alert-title"><br></span> </div> <div class="alert-body"> <p>此文章恢复自过去的博客站点，仅作纪念保留。<br> 原文发布于 2019-10-06<br> 原始地址：<a class="link" href="https://www.milorette.vip/archives/63.html" target="_blank" rel="noopener" >https://www.milorette.vip/archives/63.html</a><br> Web Archive：<a class="link" href="https://web.archive.org/web/20191016024707/https://www.milorette.vip/archives/63.html" target="_blank" rel="noopener" >https://web.archive.org/web/20191016024707/https://www.milorette.vip/archives/63.html</a></p> </div> </blockquote> <blockquote class="alert alert-warning"> <div class="alert-header"> <span class="alert-icon">⚠️</span> <span class="alert-title">Warning</span> </div> <div class="alert-body"> <p>本教程暂时仅适用于使用Nginx的宝塔服务器</p> </div> </blockquote> <p>宝塔面板其实自带Nginx防火墙的但是很多人都没有启用,因为这个功能默认是关闭的并且需要手动修改配置来启用,那么既然不花钱就能够提高自己网站的安全性那么谁不愿意开启呢？</p> <p>防火墙有什么用？</p> <ol> <li> <p>可以有效拦截部分非法参数</p> </li> <li> <p>可以智能封禁非法访问（需修改防火墙规则）</p> </li> <li> <p>等你探索~~~</p> </li> </ol> <p>防火墙启用效果如图:</p> <p><img alt="宝塔lua_waf防火墙" class="gallery-image" data-flex-basis="395px" data-flex-grow="164" height="455" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px" src="https://assets.moedev.cn/blog/photo/images/2019/H51ad8758167c4830aad45ed71e9a1de9b.png!webp" width="750"></p> <p>下面是启用宝塔防火墙的教程</p> <ol> <li>进入你的宝塔后台,进入Nginx管理</li> </ol> <p><img alt="宝塔后台" class="gallery-image" data-flex-basis="512px" data-flex-grow="213" height="900" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px" src="https://assets.moedev.cn/blog/photo/images/2019/Hfae5514f97e24fbc8d160f224734d14di.png!webp" srcset="https://verymoe.vercel.app/Hfae5514f97e24fbc8d160f224734d14di_7901773725198502884_hu_901168c82898f3a2.webp 800w, https://verymoe.vercel.app/Hfae5514f97e24fbc8d160f224734d14di_7901773725198502884_hu_8841bf0395c1d231.webp 1600w, https://assets.moedev.cn/blog/photo/images/2019/Hfae5514f97e24fbc8d160f224734d14di.png!webp 1920w" width="1920"></p> <p>在软件中选择Nginx管理</p> <p><img alt="宝塔的nginx服务" class="gallery-image" data-flex-basis="312px" data-flex-grow="130" height="629" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px" src="https://assets.moedev.cn/blog/photo/images/2019/H505fae90ba9547cea1565356e0687747D.png!webp" srcset="https://verymoe.vercel.app/H505fae90ba9547cea1565356e0687747D_9926446001195407619_hu_5d64024acddfcddb.webp 800w, https://assets.moedev.cn/blog/photo/images/2019/H505fae90ba9547cea1565356e0687747D.png!webp 820w" width="820"></p> <ol start="2"> <li>在Nginx管理中找到配置修改</li> </ol> <p><img alt="宝塔nginx配置修改" class="gallery-image" data-flex-basis="257px" data-flex-grow="107" height="747" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px" src="https://assets.moedev.cn/blog/photo/images/2019/Ha5d565ab78e94f5e8faaa90f57e02abd9.png!webp" srcset="https://verymoe.vercel.app/Ha5d565ab78e94f5e8faaa90f57e02abd9_15185965678308031990_hu_9e54266da3f274fd.webp 800w, https://assets.moedev.cn/blog/photo/images/2019/Ha5d565ab78e94f5e8faaa90f57e02abd9.png!webp 802w" width="802"></p> <p>在大概17行的位置找到#include luawaf.conf</p> <p><img alt="修改宝塔nginx配置" class="gallery-image" data-flex-basis="341px" data-flex-grow="142" height="443" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px" src="https://assets.moedev.cn/blog/photo/images/2019/Hca9908253e214dd09b455c7294a151b1t.png!webp" width="630"></p> <p>去掉符号#</p> <p><img alt="在配置中去掉#" class="gallery-image" data-flex-basis="340px" data-flex-grow="141" height="442" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px" src="https://assets.moedev.cn/blog/photo/images/2019/Hf5df22ed70c94a009791dc5bb78149b0i.png!webp" width="627"></p> <ol start="3"> <li>重启Nginx服务,享受你的防火墙之力吧!</li> </ol> <p><img alt="重启Nginx服务" class="gallery-image" data-flex-basis="257px" data-flex-grow="107" height="747" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px" src="https://assets.moedev.cn/blog/photo/images/2019/H18695005fc604632883c4c5fc959884bC.png!webp" srcset="https://verymoe.vercel.app/H18695005fc604632883c4c5fc959884bC_14954053224063697880_hu_ece544b3f6a73cb0.webp 800w, https://assets.moedev.cn/blog/photo/images/2019/H18695005fc604632883c4c5fc959884bC.png!webp 802w" width="802"></p> <blockquote class="alert alert-warning"> <div class="alert-header"> <span class="alert-icon">⚠️</span> <span class="alert-title">Warning</span> </div> <div class="alert-body"> <p>测试你的防火墙是否有效</p> </div> </blockquote> <p>在浏览器中打开http://你的网址/?id=../etc/passwd</p> <p>如果出现拦截页面,就证明防火墙成功开启了</p> <p>等等?这就完了?这么简单？(问号三连击)</p> <p>不,没有</p> <p>还有许多高阶功能等你探索</p> <p>比如前面提到的动态封禁非法访问(详细请见文章:<a class="link" href="https://www.mmuaa.com/post/85bcbf20569cacfc.html" target="_blank" rel="noopener" >宝塔面板Nginx的Lua-Waf防火墙终极改进 动态封禁IP</a>)</p> <p>萌新写篇文章试试水,有问题还请多多指教,大佬勿喷！谢谢</p>