# nginx -V

configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=../openssl-1.0.2l --with-pcre=../pcre-8.40 --with-pcre-jit --with-ld-opt=-ljemalloc

# wget http://nginx.org/download/nginx-1.12.1.tar.gz
# wget https://github.com/nbs-system/naxsi/archive/0.55.3.tar.gz
# tar xvzf nginx-1.12.1.tar.gz 
# tar xvzf naxsi-0.55.3.tar.gz
# cd nginx-1.12.1/

./configure --prefix=/usr/local/nginx --user=www --group=www --add-module=../naxsi-0.55.3/naxsi_src/ --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=../openssl-1.0.2l --with-pcre=../pcre-8.40 --with-pcre-jit --with-ld-opt=-ljemalloc
make //不要 make install，不然就真的覆蓋了

# cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
# cp ./objs/nginx /usr/local/nginx/sbin/

# nginx -V

http {
 include naxsi_core.rules;  #導入 naxsi 核心規(guī)則
 ...
}
server 部分配置
在 nginx.conf 的 server 部分配置：

location / {
   #開啟 naxsi
   SecRulesEnabled;
   #開啟學習模式
   LearningMode;
   #定義阻止請求的位置
   DeniedUrl "/50x.html"; 
   #CheckRules, 確定 naxsi 何時采取行動
   CheckRule "$SQL >= 8" BLOCK;
   CheckRule "$RFI >= 8" BLOCK;
   CheckRule "$TRAVERSAL >= 4" BLOCK;
   CheckRule "$EVADE >= 4" BLOCK;
   CheckRule "$XSS >= 8" BLOCK;
   #naxsi 日志文件
   error_log /.../foo.log;
   ...
  }
  error_page   500 502 503 504  /50x.html;
  #This is where the blocked requests are going
  location = /50x.html {
  return 418; #I'm a teapot \o/
  }

/nginx/sbin/nginx -t
nginx: the configuration file /nginx/conf/nginx.conf syntax is ok
nginx: configuration file /nginx/conf/nginx.conf test is successful　

service nginx reload