wget http://Nginx.org/download/Nginx-1.6.3.tar.gz wget http://Nginx.org/download/Nginx-1.8.1.tar.gz wget http://zlib.net/zlib-1.2.8.tar.gz wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.gz wget http://www.openssl.org/source/openssl-fips-2.0.12.tar.gz tar -zxvf Nginx-1.6.3.tar.gz tar -zxvf zlib-1.2.8.tar.gz tar -zxvf pcre-8.38.tar.gz tar -zxvf openssl-fips-2.0.12.tar.gz cd openssl-fips-2.0.10 ./config make sudo make install cd zlib-1.2.8 ./configure make sudo make install cd pcre-8.38 ./configure make sudo make install cd Nginx-1.6.3 ./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.12 make sudo make install cd /usr/local/Nginx/sbin sudo ./Nginx ---------------------------- 添加 naxsi模块 wget https://github.com/nbs-system/naxsi/archive/master.zip mv master.zip naxsi-master.zip unzip naxsi-master.zip 在安装好的Nginx/sbin/下执行 ./Nginx -V 命令，可以查看到Nginx的原有./configure 复制后并添加naxsi模块 添加：--add-module=../naxsi-master/naxsi_src ./configure --with-pcre=../pcre-8.38 --with-zlib=../zlib-1.2.8 --with-openssl=../openssl-fips-2.0.10 --add-module=../naxsi-master/naxsi_src make sudo make install cp ~/naxsi-master/naxsi_config/naxsi_core.rules /usr/local/Nginx/conf/ cd /usr/local/Nginx/conf vim mysite.rules 内容如下： #------------------------ #LearningMode; #Enables learning mode SecrulesEnabled; #Secrulesdisabled; DeniedUrl "/RequestDenied"; ## check rules CheckRule "$sql >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$EVADE >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; #--------------------------- vim Nginx.conf 在http部分加入如下配置 include /usr/local/Nginx/conf/naxsi_core.rules; 在 server的 location / { #在这里面增加： include /usr/local/Nginx/conf/mysite.rules; } #增加： location /RequestDenied { return 403; } 主要参考资料: http://blog.cnwyhx.com/centos-Nginx-naxsi-install/