无法正常编译

[hexgu]

强烈建议提供的信息

• 如何触发错误。 静态模块make

• ngx_waf 的版本/分支。 master

• nginx -V 命令的输出内容。 engine version: Tengine/2.3.3 nginx version: nginx/1.18.0 built by gcc 8.3.0 (Debian 8.3.0-6) built with OpenSSL 1.1.1k 25 Mar 2021 TLS SNI support enabled configure arguments: --user=www --group=www --prefix=/www/server/nginx --add-module=/www/server/nginx/src/ngx_devel_kit --add-module=/www/server/nginx/src/lua_nginx_module --add-module=/www/server/ngx_brotli --add-module=/www/server/nginx/src/ngx_cache_purge --add-module=/www/server/nginx/src/nginx-sticky-module --with-openssl=/www/server/nginx/src/openssl --with-pcre=pcre-8.43 --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-ipv6 --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-ld-opt=-ljemalloc --with-http_dav_module --add-module=/www/server/nginx/src/nginx-dav-ext-module

• 出错时 shell 的输出内容。 root@VM-4-13-debian:/usr/local/src/nginx-1.18.0# make make -f objs/Makefile make[1]: Entering directory '/usr/local/src/nginx-1.18.0' cd pcre-8.43 \ && if [ -f Makefile ]; then make distclean; fi \ && CC="cc" CFLAGS="-O2 -fomit-frame-pointer -pipe " \ ./configure --disable-shared /bin/sh: line 0: cd: pcre-8.43: No such file or directory make[1]: [objs/Makefile:2475: pcre-8.43/Makefile] Error 1 make[1]: Leaving directory '/usr/local/src/nginx-1.18.0' make: [Makefile:8: build] Error 2

• 操作系统，包括名称和版本。 Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10

[ADD-SP]

--with-pcre=pcre-8.43
/bin/sh: line 0: cd: pcre-8.43: No such file or directory

请确保路径 ./pcre-8.43 存在，从当前的信息来看不属于本模块的问题。

[hexgu]

您好

pcre 问题我依旧无法解决，所以我选择了编译动态模块，但是我仍然无法正常编译

root@VM-4-13-debian:/usr/local/src/nginx-1.18.0# make modules make -f objs/Makefile modules make[1]: Entering directory '/usr/local/src/nginx-1.18.0' cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/src/ngx_waf/inc -I /usr/local/src/uthash/include -I objs -I src/http -I src/http/modules \ -o objs/addon/src/ngx_http_waf_module_core.o \ /usr/local/src/ngx_waf/src/ngx_http_waf_module_core.c cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/src/ngx_waf/inc -I /usr/local/src/uthash/include -I objs -I src/http -I src/http/modules \ -o objs/addon/src/libinjection_html5.o \ /usr/local/src/ngx_waf/inc/libinjection/src/libinjection_html5.c cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/src/ngx_waf/inc -I /usr/local/src/uthash/include -I objs -I src/http -I src/http/modules \ -o objs/addon/src/libinjection_sqli.o \ /usr/local/src/ngx_waf/inc/libinjection/src/libinjection_sqli.c cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/src/ngx_waf/inc -I /usr/local/src/uthash/include -I objs -I src/http -I src/http/modules \ -o objs/addon/src/libinjection_xss.o \ /usr/local/src/ngx_waf/inc/libinjection/src/libinjection_xss.c cc -c -fPIC -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/src/ngx_waf/inc -I /usr/local/src/uthash/include -I objs -I src/http -I src/http/modules \ -o objs/ngx_http_waf_module_modules.o \ objs/ngx_http_waf_module_modules.c cc -o objs/ngx_http_waf_module.so \ objs/addon/src/ngx_http_waf_module_core.o \ objs/addon/src/libinjection_html5.o \ objs/addon/src/libinjection_sqli.o \ objs/addon/src/libinjection_xss.o \ objs/ngx_http_waf_module_modules.o \ -l sodium \ -shared make[1]: Leaving directory '/usr/local/src/nginx-1.18.0'

[ADD-SP]

从给出的信息来看动态模块是编译成功的。PCRE 库的路径是否正确，权限是否正确？我使用 nginx-1.19.10 和 pcre-8.43 加上本模块，按照静态模块的编译方式一切正常。

[hexgu]

您好

PCRE 库的路径我手动下载了一份源码然后在

./configure ARG --add-module=/usr/local/src/ngx_waf后手动指定了--with-pcre=/opt/pcre-8.43PCRE 库的路径

目前可以静态模块编译了

此外我刚刚编译好的动态模块并没有办法在 nginx 的配置文件顶部添加load_module "/usr/local/nginx/modules/ngx_http_waf_module.so";

提示

nginx: [emerg] module "/www/server/nginx/src/modules/ngx_http_waf_module.so" is not binary compatible in /www/server/nginx/conf/nginx.conf:1
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed

[hexgu]

静态模块在替换 nginx 的二进制文件后修改 nginx.conf 过程中报错

nginx: [emerg] "waf" directive is not allowed here in /www/server/nginx/conf/nginx.conf:73
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed

[ADD-SP]

静态模块在替换 nginx 的二进制文件后修改 nginx.conf 过程中报错

nginx: [emerg] "waf" directive is not allowed here in /www/server/nginx/conf/nginx.conf:73
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed

本模块的相关配置写错位置了吧，必须写到 server 块里。

[hexgu]

server
    {
        listen 888;
        server_name phpmyadmin;
        index index.html index.htm index.php;
        root  /www/server/phpmyadmin;
            location ~ /tmp/ {
                return 403;
        waf on;
        waf_rule_path /usr/local/src/ngx_waf/assets/rules/;
        waf_mode STD;
        waf_cc_deny rate=1000r/m duration=60m;
        waf_cache capacity=50;
            }

[ADD-SP]

server
    {
        listen 888;
        server_name phpmyadmin;
        index index.html index.htm index.php;
        root  /www/server/phpmyadmin;
            location ~ /tmp/ {
                return 403;
        waf on;
        waf_rule_path /usr/local/src/ngx_waf/assets/rules/;
        waf_mode STD;
        waf_cc_deny rate=1000r/m duration=60m;
        waf_cache capacity=50;
            }

不支持写到 location 里。

[hexgu]

明白了，问题已经解决，感谢