ngx_lua_waf/waf.lua

local content_length=tonumber(ngx.req.get_headers()['content-length'])
local method=ngx.req.get_method()
local ngxmatch=ngx.re.match
if whiteip() then
elseif blockip() then
elseif denycc() then
elseif ngx.var.http_Acunetix_Aspect then
    ngx.exit(444)
elseif ngx.var.http_X_Scan_Memo then
    ngx.exit(444)
elseif whiteurl() then
elseif ua() then
elseif url() then
elseif args() then
elseif cookie() then
elseif PostCheck then
    if method=="POST" then   
            local boundary = get_boundary()
	    if boundary then
	    local len = string.len
            local sock, err = ngx.req.socket()
    	    if not sock then
					return
            end
	    ngx.req.init_body(128 * 1024)
            sock:settimeout(0)
	    local content_length = nil
    	    content_length=tonumber(ngx.req.get_headers()['content-length'])
    	    local chunk_size = 4096
            if content_length < chunk_size then
					chunk_size = content_length
	    end
            local size = 0
	    while size < content_length do
		local data, err, partial = sock:receive(chunk_size)
		data = data or partial
		if not data then
			return
		end
		ngx.req.append_body(data)
        	if body(data) then
	   	        return true
    	    	end
		size = size + len(data)
		local m = ngxmatch(data,[[Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"]],'ijo')
        	if m then
            		fileExtCheck(m[3])
            		filetranslate = true
        	else
            		if ngxmatch(data,"Content-Disposition:",'isjo') then
                		filetranslate = false
            		end
            		if filetranslate==false then
            			if body(data) then
                    			return true
                		end
            		end
        	end
		local less = content_length - size
		if less < chunk_size then
			chunk_size = less
		end
	 end
	 ngx.req.finish_body()
    else
			ngx.req.read_body()
			local args = ngx.req.get_post_args()
			if not args then
				return
			end
			for key, val in pairs(args) do
				if type(val) == "table" then
					data=table.concat(val, ", ")
				else
					data=val
				end
				if data and type(data) ~= "boolean" and body(data) then
                			return true
				end
			end
		end
    end
else
    return
end
Update waf.lua 2013-12-12 09:40:23 +00:00			`local content_length=tonumber(ngx.req.get_headers()['content-length'])`
add v0.2.1 2013-11-05 13:35:07 +00:00			`local method=ngx.req.get_method()`
add local var 2015-05-19 12:21:52 +00:00			`local ngxmatch=ngx.re.match`
add v0.2.1 2013-11-05 13:35:07 +00:00			`if whiteip() then`
fix blockip 2013-12-10 06:05:11 +00:00			`elseif blockip() then`
add v0.2.1 2013-11-05 13:35:07 +00:00			`elseif denycc() then`
			`elseif ngx.var.http_Acunetix_Aspect then`
			`ngx.exit(444)`
			`elseif ngx.var.http_X_Scan_Memo then`
			`ngx.exit(444)`
			`elseif whiteurl() then`
			`elseif ua() then`
			`elseif url() then`
			`elseif args() then`
			`elseif cookie() then`
			`elseif PostCheck then`
			`if method=="POST" then`
Update waf.lua 2013-12-12 09:40:23 +00:00			`local boundary = get_boundary()`
			`if boundary then`
			`local len = string.len`
			`local sock, err = ngx.req.socket()`
			`if not sock then`
			`return`
add v0.2.1 2013-11-05 13:35:07 +00:00			`end`
Update waf.lua 2013-12-12 09:40:23 +00:00			`ngx.req.init_body(128 * 1024)`
			`sock:settimeout(0)`
			`local content_length = nil`
			`content_length=tonumber(ngx.req.get_headers()['content-length'])`
			`local chunk_size = 4096`
			`if content_length < chunk_size then`
			`chunk_size = content_length`
			`end`
			`local size = 0`
			`while size < content_length do`
			`local data, err, partial = sock:receive(chunk_size)`
			`data = data or partial`
			`if not data then`
			`return`
			`end`
			`ngx.req.append_body(data)`
fix while boundary 2014-04-09 02:46:41 +00:00			`if body(data) then`
			`return true`
			`end`
Update waf.lua 2013-12-12 09:40:23 +00:00			`size = size + len(data)`
fix symbols 2015-08-24 07:22:41 +00:00			`local m = ngxmatch(data,[[Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"]],'ijo')`
增加post对上传文件的检测流程 2015-04-07 16:18:21 +00:00			`if m then`
			`fileExtCheck(m[3])`
			`filetranslate = true`
			`else`
统一下低版本支持的ngx.re.match 2015-05-14 04:07:14 +00:00			`if ngxmatch(data,"Content-Disposition:",'isjo') then`
增加post对上传文件的检测流程 2015-04-07 16:18:21 +00:00			`filetranslate = false`
			`end`
			`if filetranslate==false then`
			`if body(data) then`
			`return true`
			`end`
			`end`
			`end`
Update waf.lua 2013-12-12 09:40:23 +00:00			`local less = content_length - size`
			`if less < chunk_size then`
			`chunk_size = less`
			`end`
Update waf.lua 2014-04-10 13:45:39 +00:00			`end`
			`ngx.req.finish_body()`
Update waf.lua 2013-12-12 09:40:23 +00:00			`else`
add v0.2.1 2013-11-05 13:35:07 +00:00			`ngx.req.read_body()`
			`local args = ngx.req.get_post_args()`
			`if not args then`
			`return`
			`end`
			`for key, val in pairs(args) do`
fix data is ni 2015-06-23 14:52:33 +00:00			`if type(val) == "table" then`
add v0.2.1 2013-11-05 13:35:07 +00:00			`data=table.concat(val, ", ")`
			`else`
			`data=val`
			`end`
			`if data and type(data) ~= "boolean" and body(data) then`
fix data is ni 2015-06-23 14:52:33 +00:00			`return true`
add v0.2.1 2013-11-05 13:35:07 +00:00			`end`
			`end`
			`end`
init 2013-03-23 10:14:21 +00:00			`end`
add v0.2.1 2013-11-05 13:35:07 +00:00			`else`
			`return`
init 2013-03-23 10:14:21 +00:00			`end`