
1.GET sqlע
2.POST sqlע
3.Cookie sqlע
4.XSSվ
5.web
6.վϢй¶
7.طǷhttp󷽷
8.webؾ⹦
9.ϴwebshellվ
10.webserver©
11.CGI©

صַhttp://www.safe3.com.cn/safe3waf-4.1.2.tar.gz

1װ裺
ϵͳҪLinux 2.6+ ںˣеLinuxϵͳΪCentOS 5.5
tar zxvf safe3waf-4.5.5.tar.gz
cd safe3waf-4.5.5
make install //Ĭϰװ/usr/local/safe3waf/Ŀ¼޸Makefileİװ·
 
2޸ļ
vi /usr/local/safe3waf/etc/safe3waf.conf
webserver 192.168.2.171 80 θĳҪվĵַӶöؾ

webserver 192.168.1.1 80 safe3.com.cn www.safe3.com.cn 
webserver 192.168.1.2 80 safe3.com.cn www.safe3.com.cn 
webserver 192.168.1.3 81 safe4.com.cn www.safe4.com.cn 
webserver 192.168.1.4 81 safe4.com.cn www.safe4.com.cn 
3Safe3wafעⱾ80˿ڲܱռã翪apacheռ80˿ӦøapacheΪ˿ڣ
ulimit -SHn 65535
/usr/local/safe3waf/bin/safe3waf.sh start
 
4ÿ
vi /etc/rc.local
 ĩβݣ
ulimit -SHn 65535
/usr/local/safe3waf/bin/safe3waf.sh start

5Żlinuxں˲
/usr/local/safe3waf/bin/optimiz_kernel.sh
 

ĬϺڿ͹־Ϊ/usr/local/safe3waf/log/attack.log
޸ļ/usr/local/safe3waf/etc/safe3waf.conf

ļ˵

webserver 220.181.111.147 80  # ˵webip˿
#webserver 127.0.0.1 8080
listen 0.0.0.0 80           # wafip˿
backendip 0.0.0.0           # ӵwebip
enable_sessions yes         # Ựٹ
enable_sec_method yes       # HTTP󷽷
enable_sec_cgi yes          # CGI
enable_sec_error yes        # ֹ500ʾ
enable_sec_getsql    yes    #GET sqlע
enable_sec_postsql   yes    #POST sqlע
enable_sec_cookiesql yes    #COOKIE sqlע
enable_sec_xss    no        #XSSվ
enable_sec_overflow  yes    #
enable_sec_upload  yes      #ϴwebshellվ
max_url_length 2048         #url
enable_dns_caching yes      # DNS
dns_expires 48              #DNSʱСʱ
whiteurl     |              #urlܣʾ|/admin/news_add.php,url|ֿ
attacklog   /usr/local/safe3waf/log/attack.log      # ڿ͹־
errorpage  /usr/local/safe3waf/etc/errorpage.html # ʾҳ
http://www.safe3.com.cn/

v4.1.2˵
1.ǿ
2.url

v4.0.2˵
1.ոַͿոѹ
2.webshell˹ǿ

v4.0.1˵
1.ǿsqlע
2.ļ©
3.ǿwebshell

v3.9.1˵
1.Զתurl
2.IISűִ©
3.svnhtaccessmdbbakϢй¶

v3.8.0˵
1.sqlע

v3.7.8˵
1.ڿͷ

v3.7.7˵
1.ڿͷ

v3.7.6˵
1.ǿڿͷ
2.postϴŷֿ


v3.7.5˵
1.ǿڿͷ
2.serverͷȱ\nbug
3.ǿϵͳݴȶ