今天,我为 nginx 安装了 mod_security。我将以下 block 添加到 /etc/nginx/nginx
中:
server {
listen 80;
server_name localhost;
location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
}
}
重新启动Nginx后,出现以下错误:
nginx: [emerg] unknown directive "ModSecurityEnabled" in /etc/nginx/conf.d/nginx.conf:6
nginx: configuration file /etc/nginx/nginx.conf test failed
nginx -V
的输出:
nginx version: nginx/1.4.7
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables'
出了什么问题?
最佳答案
根据官方文档:
The extensibility model of the nginx server does not include dynamically loaded modules, thus ModSecurity must be compiled with the source code of the main server. Since nginx is available on multiple Unix-based platforms (and also on Windows), for now the recommended way of obtaining ModSecurity for nginx is compilation in the designated environment.
来源:https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX
你不能只在 nginx.conf 中添加一些行来让它工作。
如果您希望获得更有效的帮助,同时参与使 Stack Overflow 变得更好,您可能还需要考虑以下事项:
- 在寻求帮助之前先阅读文档(我花了 3 分钟才弄清楚它的工作原理)。
- 为您的问题选择一个更明确的标题。
- 尝试自动更正内容以使其更易于阅读。
祝你好运!
关于nginx - 在 nginx 上安装 modsecurity,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23239885/