github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

v4.4.2.0 

Changelog: https://haproxy-wi.org/changelog.py#4_4_2
pull/246/head
Pavel Loginov 4 years ago
parent
73b8d9d764
commit
dcd72a2719
1 changed files with 65 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 82
      app/sql.py

82
app/sql.py
Unescape View File

@ -481,13 +481,13 @@ def select_server_by_name(name):
def select_servers(**kwargs):
con, cur = get_cur()
sql = """select * from servers where enable = '1' ORDER BY groups """
if kwargs.get("server") is not None:
sql = """select * from servers where ip='%s' """ % kwargs.get("server")
if kwargs.get("full") is not None:
sql = """select * from servers ORDER BY hostname """
sql = """select * from servers ORDER BY hostname """
if kwargs.get("get_master_servers") is not None:
sql = """select id,hostname from servers where master = 0 and type_ip = 0 and enable = 1 ORDER BY groups """
sql = """select id,hostname from servers where master = 0 and type_ip = 0 and enable = 1 ORDER BY groups """
if kwargs.get("get_master_servers") is not None and kwargs.get('uuid') is not None:
sql = """ select servers.id, servers.hostname from servers
left join user as user on servers.groups = user.groups
@ -502,14 +502,14 @@ def select_servers(**kwargs):
sql = """select * from servers where hostname='%s' or id = '%s' or ip = '%s'""" % (kwargs.get("id_hostname"), kwargs.get("id_hostname"), kwargs.get("id_hostname"))
if kwargs.get("server") and kwargs.get("keep_alive"):
sql = """select active from servers where ip='%s' """ % kwargs.get("server")
try:
try:
cur.execute(sql)
except sqltool.Error as e:
funct.out_error(e)
else:
return cur.fetchall()
cur.close()
con.close()
cur.close()
con.close()
def write_user_uuid(login, user_uuid):
con, cur = get_cur()
@ -1274,10 +1274,7 @@ def insert_waf_rules(serv):
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Ignore static', 'modsecurity_crs_10_ignore_static.conf', 'This ruleset will skip all tests for media files, but will skip only the request body phase (phase 2) for text files. To skip the outbound stage for text files, add file 47 (skip_outbound_checks) to your configuration, in addition to this fileth/aws/login');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Brute force protection', 'modsecurity_crs_11_brute_force.conf', 'Anti-Automation Rule for specific Pages (Brute Force Protection) This is a rate-limiting rule set and does not directly correlate whether the authentication attempt was successful or not');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'DOS Protections', 'modsecurity_crs_11_dos_protection.conf', 'Enforce an existing IP address block and log only 1-time/minute. We do not want to get flooded by alerts during an attack or scan so we are only triggering an alert once/minute. You can adjust how often you want to receive status alerts by changing the expirevar setting below');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Proxy abuse', 'modsecurity_crs_11_proxy_abuse.conf', 'Rule set for detecting Open Proxy Abuse/Chaining');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Slow DOS protection', 'modsecurity_crs_11_slow_dos_protection.conf', 'Rule set for detecting Slow HTTP Denial of Service Attacks');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'XML enabler', 'modsecurity_crs_13_xml_enabler.conf', 'The rules in this file will trigger the XML parser upon an XML request');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Session hijacking', 'modsecurity_crs_16_session_hijacking.conf', 'This rule file will identify outbound Set-Cookie/Set-Cookie2 response headers and then initiate the proper ModSecurity session persistent collection (setsid). The rules in this file are required if you plan to run other checks such as Session Hijacking, Missing HTTPOnly flag, etc...');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Protocol violations', 'modsecurity_crs_20_protocol_violations.conf', 'Some protocol violations are common in application layer attacks. Validating HTTP requests eliminates a large number of application layer attacks. The purpose of this rules file is to enforce HTTP RFC requirements that state how the client is supposed to interact with the server. http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Protocol anomalies', 'modsecurity_crs_21_protocol_anomalies.conf', 'Some common HTTP usage patterns are indicative of attacks but may also be used by non-browsers for legitimate uses. Do not accept requests without common headers. All normal web browsers include Host, User-Agent and Accept headers. Implies either an attacker or a legitimate automation client');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Detect CC#', 'modsecurity_crs_25_cc_known.conf', 'Detect CC# in input, log transaction and sanitize');" % serv)
@ -1288,18 +1285,12 @@ def insert_waf_rules(serv):
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'SQL injection', 'modsecurity_crs_41_sql_injection_attacks.conf', 'SQL injection protection');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'XSS Protections', 'modsecurity_crs_41_xss_attacks.conf', 'XSS attacks protection');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Comment spam', 'modsecurity_crs_42_comment_spam.conf', 'Comment spam is an attack against blogs, guestbooks, wikis and other types of interactive web sites that accept and display hyperlinks submitted by visitors. The spammers automatically post specially crafted random comments which include links that point to the spammer\'s web site. The links artificially increas the site's search engine ranking and may make the site more noticable in search results.');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'CSP enforcement', 'modsecurity_crs_42_csp_enforcement.conf', 'The purpose of these settings is to send CSP response headers to Mozilla FireFox users so that you can enforce how dynamic content is used. CSP usage helps to prevent XSS attacks against your users.');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'CSRF Protections', 'modsecurity_crs_43_csrf_protection.conf', 'You must have also activated the session hijacking conf file as it initiates the Session Collection and creates the CSRF token');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Trojans Protections', 'modsecurity_crs_45_trojans.conf ', 'The trojan access detection rules detects access to known Trojans already installed on a server. Uploading of Trojans is part of the Anti-Virus rules and uses external Anti Virus program when uploading files. Detection of Trojans access is especially important in a hosting environment where the actual Trojan upload may be done through valid methods and not through hacking');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Joomla Protections', 'modsecurity_crs_46_slr_et_joomla_attacks.conf', 'Use this if you have Joomla CMS');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'RFI Protections', 'modsecurity_crs_46_slr_et_lfi_attacks.conf', 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. The perpetrator’s goal is to exploit the referencing function in an application to upload malware (e.g., backdoor shells) from a remote URL located within a different domain');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'phpBB Protections', 'modsecurity_crs_46_slr_et_phpbb_attacks.conf', 'Use this if you have phpBB forum');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'RFI Protections 2', 'modsecurity_crs_46_slr_et_rfi_attacks.conf', 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference external scripts. The perpetrator’s goal is to exploit the referencing function in an application to upload malware (e.g., backdoor shells) from a remote URL located within a different domain');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'SQLi Protections', ' modsecurity_crs_46_slr_et_sqli_attacks.conf', 'SQLi injection attacks protection');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Wordpress Protections', 'modsecurity_crs_46_slr_et_wordpress_attacks.conf', 'Use this if you have Wordpess CMS');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'SQLi Protections', 'modsecurity_crs_46_slr_et_sqli_attacks.conf', 'SQLi injection attacks protection');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'XSS Protections 2', 'modsecurity_crs_46_slr_et_xss_attacks.conf', 'XSS attacks protection');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Common exceptions', 'modsecurity_crs_47_common_exceptions.conf', 'This file is used as an exception mechanism to remove common false positives that may be encountered');" % serv)
sql.append("INSERT INTO waf_rules (serv, rule_name, rule_file, `desc`) values('%s', 'Hader tagging', 'modsecurity_crs_49_header_tagging.conf', 'This file will add Request Header Tagging which allows ModSecurity to communicate any event/rule matches it finds with the downstream application server. The concept is similar to that of Anti-SPAM apps for Email (such as SpamAssassin). The idea is that if the WAF is in a DetectionOnly mode, it can still share data with the destination app server and then the app server may choose to inspect the new WAF request headers and factor in this data into a possible blocking decision. This concept is tremendously useful in a distributed architecture and/or when there are Fraud Detection Systems at the app server layer that can correlate the WAF data into the overall Fraud Score. This is also useful in Hosting Environments where the decision to block may not be as clear');" % serv)
for i in sql:
try:
cur.execute(i)
@ -1327,6 +1318,33 @@ def select_waf_rules(serv):
con.close()
def select_waf_rule_by_id(id):
con, cur = get_cur()
sql = """ select rule_file from waf_rules where id = '%s' """ % id
try:
cur.execute(sql)
except sqltool.Error as e:
funct.out_error(e)
else:
for rule_file in cur.fetchall():
return rule_file[0]
cur.close()
con.close()
def update_enable_waf_rules(id, serv, en):
con, cur = get_cur()
sql = """ update waf_rules set `en` = '%s' where id = '%s' and serv = '%s' """ % (en, id, serv)
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
funct.out_error(e)
con.rollback()
cur.close()
con.close()
def delete_waf_server(id):
con, cur = get_cur()
sql = """ delete from waf where server_id = '%s' """ % id
@ -1982,7 +2000,7 @@ def update_smon(id, ip, port, body, telegram, group, desc, en):
def select_en_service():
con, cur = get_cur()
sql = """ select ip, port, telegram_channel_id, id from smon where en = 1"""
sql = """ select ip, port, telegram_channel_id, id, user_group from smon where en = 1"""
try:
cur.execute(sql)
except sqltool.Error as e:
@ -2147,6 +2165,36 @@ def smon_list(user_group):
return cur.fetchall()
def insert_alerts(user_group, message):
con, cur = get_cur()
if mysql_enable == '1':
sql = """ insert into alerts (user_group, message, date) values('%s', '%s', now()) """ % (user_group, message)
else:
sql = """ insert into alerts (user_group, message, date) values('%s', '%s', datetime('now', 'localtime')) """ % (user_group, message)
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
funct.out_error(e)
con.rollback()
cur.close()
con.close()
def select_alerts(user_group):
con, cur = get_cur()
if mysql_enable == '1':
sql = """ select message, `date` from alerts where user_group = '%s' and `date` <= (now()+ INTERVAL 10 second) """ % (user_group)
else:
sql = """ select message, `date` from alerts where user_group = '%s' and `date` >= datetime('now', '-20 second', 'localtime') and `date` <= datetime('now', 'localtime') ; """ % (user_group)
try:
cur.execute(sql)
except sqltool.Error as e:
print("An error occurred:", e)
else:
return cur.fetchall()
form = funct.form
error_mess = 'error: All fields must be completed'

Write Preview
Loading…
Cancel
Save