You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ngx_lua_waf/waf.lua

112 lines
3.8 KiB

12 years ago
function syslog(msg)
ngx.header.content_type = "text/html"
kern = 0
user = 1
mail = 2
daemon = 3
auth = 4
syslog = 5
lpr = 6
news = 7
uucp = 8
cron = 9
authpriv = 10
ftp = 11
local0 = 16
local1 = 17
local2 = 18
local3 = 19
local4 = 20
local5 = 21
local6 = 22
local7 = 23
emerg = 0
alert = 1
crit = 2
err = 3
warning = 4
notice = 5
info = 6
debug = 7
local sock = ngx.socket.udp()
local ok, err = sock:setpeername('127.0.0.1', 514)
if not ok then
ngx.say("failed to connect to syslog server: ", err)
return
end
level=info
facility=daemon
sign=level+facility*8
ok, err = sock:send('<'..sign..'>'..msg)
sock:close()
end
12 years ago
function log(method,url,data)
12 years ago
12 years ago
file=assert(io.open("/data/logs/hack/"..ngx.var.server_name.."_sec.log","a"))
if data then
if ngx.var.http_user_agent then
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n")
12 years ago
syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n")
12 years ago
else
12 years ago
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n")
syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n")
12 years ago
end
else
if ngx.var.http_user_agent then
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n")
12 years ago
syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n")
12 years ago
else
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n")
12 years ago
syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n")
12 years ago
end
end
file:close()
end
function check()
ngx.header.content_type = "text/html"
ngx.print("just a joke hehe~ !!")
ngx.exit(200)
end
function read_rule(var)
12 years ago
file = io.open("/usr/local/nginx/conf/wafconf/"..var,"r")
12 years ago
t = {}
for line in file:lines() do
table.insert(t,line)
end
return(table.concat(t,"|"))
end
12 years ago
regex=read_rule('global')
12 years ago
get=read_rule('get')
post=read_rule('post')
agent=read_rule('user-agent')
whitelist=read_rule('whitelist')
if ngx.re.match(ngx.var.request_uri,whitelist,"i") then
return
elseif ngx.req.get_body_data() and ngx.re.match(ngx.req.get_body_data(),[[^(?!Content-Disposition: form-data;(.*)filename="(.*).(php|jsp|phtml)").*$]],"i") then
return
else
if ngx.re.match(ngx.unescape_uri(ngx.var.request_uri),regex.."|"..get,"isjo") then
log('GET',ngx.unescape_uri(ngx.var.request_uri))
check()
elseif ngx.req.get_body_data() and ngx.re.match(ngx.unescape_uri(ngx.req.get_body_data()),regex,"isjo")then
log('POST',ngx.unescape_uri(ngx.var.request_uri),ngx.unescape_uri(ngx.req.get_body_data()))
check()
-- elseif ngx.req.get_headers()["Cookie"] and ngx.re.match(ngx.unescape_uri(ngx.req.get_headers()["Cookie"]),regex,"isjo")then
-- log('COOKIE',ngx.unescape_uri(ngx.var.request_uri),ngx.unescape_uri(ngx.req.get_headers()["Cookie"]))
-- check()
elseif ngx.var.http_user_agent and ngx.re.match(ngx.var.http_user_agent,regex.."|"..agent,"isjo") then
log('USER-AGENT',ngx.unescape_uri(ngx.var.request_uri))
check()
elseif ngx.req.get_headers()['Acunetix-Aspect'] then
ngx.exit(400)
elseif ngx.req.get_headers()['X-Scan-Memo'] then
ngx.exit(400)
12 years ago
else
return
end
end