dz站长神级组合:宝塔面板+长亭雷池waf享受比宝塔付费WAF更牛逼的防网站攻击dz论坛防DDOS防CC攻击宝塔+雷池waf共存解决方案
dz站长神级组合:宝塔面板+长亭雷池waf享受比宝塔付费WAF更牛逼的防网站攻击dz论坛防DDOS防CC攻击宝塔+雷池waf共存解决方案:
WAF 是什么
WAF 是什么
WAF 是 Web Application Firewall 的缩写,也被称为 Web 应用防火墙。区别于传统防火墙,WAF 工作在应用层,对基于 HTTP/HTTPS 协议的 Web 系统有着更好的防护效果,使其免于遭到黑客的攻击。
雷池是什么Slogan:不让黑客越雷池半步
雷池一款足够简单、足够好用、足够强的免费 WAF,由长亭科技耗时近 10 年倾情打造,中心检测才能由智能语义剖析算法驱动,作为反向代理接入,维护你的网站不受黑客攻击。
废话不多说,下面是实操:
已安装好的宝塔面板里面安装雷池共存教程:单机下部署:宝塔担任运维管理网站、长亭WAF担任防护外来攻击
修正默许端口
这里需求修正 nginx 默许监听端口 80(http)443(https)
找到/www/server/panel/vhost/nginx/0.default.conf文件修改如下:【改默认80监听端口为:8080端口,仅改端口,请勿全抄~】
- server
- {
- listen 8080;
- server_name _;
- index index.html;
- root /www/server/nginx/html;
- }
找到/www/server/panel/vhost/nginx/phpfpm_status.conf文件修正如下:【改默认80监听端口为:8080端口,仅改端口,请勿全抄~】
- server {
- listen 8080;
- server_name 127.0.0.1;
- allow 127.0.0.1;
- location /nginx_status {
- stub_status on;
- access_log off;
- }
- location /phpfpm_52_status {
- fastcgi_pass unix:/tmp/php-cgi-52.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_53_status {
- fastcgi_pass unix:/tmp/php-cgi-53.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_54_status {
- fastcgi_pass unix:/tmp/php-cgi-54.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_55_status {
- fastcgi_pass unix:/tmp/php-cgi-55.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_56_status {
- fastcgi_pass unix:/tmp/php-cgi-56.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_70_status {
- fastcgi_pass unix:/tmp/php-cgi-70.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_71_status {
- fastcgi_pass unix:/tmp/php-cgi-71.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_72_status {
- fastcgi_pass unix:/tmp/php-cgi-72.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_73_status {
- fastcgi_pass unix:/tmp/php-cgi-73.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_74_status {
- fastcgi_pass unix:/tmp/php-cgi-74.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_75_status {
- fastcgi_pass unix:/tmp/php-cgi-75.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_80_status {
- fastcgi_pass unix:/tmp/php-cgi-80.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_81_status {
- fastcgi_pass unix:/tmp/php-cgi-81.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- location /phpfpm_82_status {
- fastcgi_pass unix:/tmp/php-cgi-82.sock;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
- }
- }
更改完成后需求到nginx面板去重载配置以及重启操作!以防万一这两项操作必需都停止!
新建网站时,域名后边加除80的其他端口。比如修正成8080
网站开启ssl后需求修正端口除443的其他端口。比如修正成8443
装置长亭的雷池waf,官网提供了三种装置方式,这里我选择在线装置,运用命令:
- bash -c "$(curl -fsSLk https://waf-ce.chaitin.cn/release/latest/setup.sh)"
依据脚本提示装置,完成后是这样的
阅读器翻开后台管理页面 https://ip地址:9443。依据界面提示,运用 支持 TOTP 的认证软件或者小程序 扫描二维码,然后输入动态口令登录:
看到这个页面阐明 长亭waf 装置胜利啦。
配置防护网站
宝塔开启强制ssl,然后依照图中我的配置停止设置,上游就是https://127.0.0.1:8443