一、下载安装文件

1. 下载程序

cd /opt
wget https://github.com/LuaJIT/LuaJIT/archive/refs/tags/v2.0.5.tar.gz -O luajit-v2.0.5.tar.gz
wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.4.tar.gz -O ngx_devel_kit-0.3.4.tar.gz
wget https://github.com/openresty/lua-nginx-module/archive/v0.10.9rc7.tar.gz -O lua-nginx-module-0.10.9rc7.tar.gz
wget http://nginx.org/download/nginx-1.19.3.tar.gz -O nginx-1.19.3.tar.gz

2. 逐项解压

tar -xzvf luajit-v2.0.5.tar.gz
tar -xzvf ngx_devel_kit-0.3.4.tar.gz
tar -xzvf lua-nginx-module-0.10.9rc7.tar.gz
tar -xzvf nginx-1.19.3.tar.gz

二、安装

1. 安装lua环境

cd /opt/LuaJIT-2.0.5/
make && make install
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.0
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

2. 安装nginx，需要包含nginx lua模块

cd /opt/nginx-1.19.3
./configure --prefix=/usr/local/nginx \
--add-module=/opt/ngx_devel_kit-0.3.4 \
--add-module=/opt/lua-nginx-module-0.10.9rc7
make && make install

三、配置lua防火墙

1. 下载lua防火墙代码

cd /usr/local/nginx/conf
git clone https://github.com/loveshell/ngx_lua_waf.git

2. 加载lua防火墙配置，vi /usr/local/nginx/conf/nginx.conf，http中加入以下红色部分配置

http {
 # 其它配置
 ...

 lua_package_path "/usr/local/nginx/conf/ngx_lua_waf/?.lua";
 lua_shared_dict limit 10m;
 init_by_lua_file  /usr/local/nginx/conf/ngx_lua_waf/init.lua; 
 access_by_lua_file /usr/local/nginx/conf/ngx_lua_waf/waf.lua;
}

3. 修改防火墙配置RulePath值，vi /usr/local/nginx/conf/ngx_lua_waf/config.lua

# 默认值是`/usr/local/nginx/conf/waf/wafconf/`  /waf 改为 /ngx_lua_waf
RulePath = "/usr/local/nginx/conf/ngx_lua_waf/wafconf/" 

4. 启动nginx

/usr/local/nginx/sbin/nginx

四、测试

1. 测试url中的关键字，出现拦截页面表示配置成功， 拦截参数在/usr/local/nginx/conf/ngx_lua_waf/wafconf/url文件

2. 测试post关键字

阅读原文：原文链接