2013-03-26 10:30:05 +00:00
|
|
|
if ngx.re.match(ngx.var.request_uri,whitelist,"isjo") then
|
2013-03-23 10:14:21 +00:00
|
|
|
return
|
2013-03-25 06:32:00 +00:00
|
|
|
elseif ngx.req.get_body_data() and ngx.re.match(ngx.req.get_body_data(),[[^(?!Content-Disposition: form-data;(.*)filename="(.*).(php|jsp|phtml|asp|aspx|cgi)").*$]],"isjo") then
|
2013-03-23 10:14:21 +00:00
|
|
|
return
|
|
|
|
else
|
2013-03-25 06:05:36 +00:00
|
|
|
if ngx.re.match(string.gsub(ngx.unescape_uri(ngx.var.request_uri),"%%",""),regex.."|"..get,"isjo") then
|
2013-03-23 10:14:21 +00:00
|
|
|
log('GET',ngx.unescape_uri(ngx.var.request_uri))
|
|
|
|
check()
|
2013-03-25 06:23:59 +00:00
|
|
|
elseif ngx.req.get_body_data() and ngx.re.match(string.gsub(ngx.unescape_uri(ngx.req.get_body_data()),"%%",""),regex,"isjo")then
|
2013-03-23 10:14:21 +00:00
|
|
|
log('POST',ngx.unescape_uri(ngx.var.request_uri),ngx.unescape_uri(ngx.req.get_body_data()))
|
|
|
|
check()
|
|
|
|
-- elseif ngx.req.get_headers()["Cookie"] and ngx.re.match(ngx.unescape_uri(ngx.req.get_headers()["Cookie"]),regex,"isjo")then
|
|
|
|
-- log('COOKIE',ngx.unescape_uri(ngx.var.request_uri),ngx.unescape_uri(ngx.req.get_headers()["Cookie"]))
|
|
|
|
-- check()
|
|
|
|
elseif ngx.var.http_user_agent and ngx.re.match(ngx.var.http_user_agent,regex.."|"..agent,"isjo") then
|
|
|
|
log('USER-AGENT',ngx.unescape_uri(ngx.var.request_uri))
|
|
|
|
check()
|
|
|
|
elseif ngx.req.get_headers()['Acunetix-Aspect'] then
|
|
|
|
ngx.exit(400)
|
2013-03-23 17:12:47 +00:00
|
|
|
elseif ngx.req.get_headers()['X-Scan-Memo'] then
|
|
|
|
ngx.exit(400)
|
2013-03-23 10:14:21 +00:00
|
|
|
else
|
|
|
|
return
|
|
|
|
end
|
|
|
|
end
|