jxwaf(锦衣盾)是一款基于openresty(nginx+lua)开发的下一代web应用防火墙,独创的业务逻辑防护引擎和机器学习引擎可以有效对业务安全风险进行防护,解决传统WAF无法对业务安全进行防护的痛点。内置的语义分析引擎配合机器学习引擎可以避免传统WAF规则叠加太多导致速度变慢的问题,同时增强检测精准性(低误报、低漏报)。
jxwaf(锦衣盾)由jxwaf与jxwaf管理中心组成:
将代码下载到/tmp目录,运行install_waf.sh文件,jxwaf将安装在/opt/jxwaf目录,具体如下:
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#start
resolver 114.114.114.114;
init_by_lua_file /opt/jxwaf/lualib/resty/jxwaf/init.lua;
init_worker_by_lua_file /opt/jxwaf/lualib/resty/jxwaf/init_worker.lua;
rewrite_by_lua_file /opt/jxwaf/lualib/resty/jxwaf/rewrite.lua;
access_by_lua_file /opt/jxwaf/lualib/resty/jxwaf/access.lua;
header_filter_by_lua_file /opt/jxwaf/lualib/resty/jxwaf/header_filter.lua;
log_by_lua_file /opt/jxwaf/lualib/resty/jxwaf/log.lua;
lua_code_cache on;
#end
upstream http://1.1.1.1 {
server 1.1.1.1;
}
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
proxy_pass http://1.1.1.1;
}
}
}
注意:api_key需修改为你自己账号的”WAF_API_KEY”
参考文档
https://github.com/jx-sec/jxwaf