From 3af41ccbfdfb634483423d768fdb0e48b4f65b9e Mon Sep 17 00:00:00 2001 From: loveshell <82163261@qq.com> Date: Tue, 26 Mar 2013 17:59:06 +0800 Subject: [PATCH] Create init.lua --- init.lua | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 init.lua diff --git a/init.lua b/init.lua new file mode 100644 index 0000000..d9d39dd --- /dev/null +++ b/init.lua @@ -0,0 +1,108 @@ +--syslog函数和本地日志记录函数 +local bit = require "bit" +local ffi = require "ffi" +local C = ffi.C +local bor = bit.bor +ffi.cdef[[ +int write(int fd, const char *buf, int nbyte); +int open(const char *path, int access, int mode); +int close(int fd); +]] + +local O_RDWR = 0X0002; +local O_CREAT = 0x0040; +local O_APPEND = 0x0400; +local S_IRUSR = 0x0100; +local S_IWUSR = 0x0080; +function write(logfile,msg) + local logger_fd = C.open(logfile, bor(O_RDWR, O_CREAT, O_APPEND), bor(S_IRUSR,S_IWUSR)); + local c = msg; + C.write(logger_fd, c, #c); + C.close(logger_fd) +end +function syslog(msg) + ngx.header.content_type = "text/html" + kern = 0 + user = 1 + mail = 2 + daemon = 3 + auth = 4 + syslog = 5 + lpr = 6 + news = 7 + uucp = 8 + cron = 9 + authpriv = 10 + ftp = 11 + local0 = 16 + local1 = 17 + local2 = 18 + local3 = 19 + local4 = 20 + local5 = 21 + local6 = 22 + local7 = 23 + + emerg = 0 + alert = 1 + crit = 2 + err = 3 + warning = 4 + notice = 5 + info = 6 + debug = 7 + + +local sock = ngx.socket.udp() +local ok, err = sock:setpeername('127.0.0.1', 514) +--上面的ip和端口就是syslog server的ip和端口地址,可自行修改 +if not ok then + ngx.say("failed to connect to syslog server: ", err) + return +end +level=info +facility=daemon +sign=level+facility*8 +ok, err = sock:send('<'..sign..'>'..msg) +sock:close() +end +function log(method,url,data) + if data then + if ngx.var.http_user_agent then + -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n") + write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n") + else + -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n") + write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n") + end + else + if ngx.var.http_user_agent then + -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n") + write("/data/logs/hack/"..ngx.var.server_name.."_sec.log",ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n") + else + -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n") + write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n") + end + end +--file:close() +end +--------------------------------------响应函数-------------------------------------------------------------------------------- +function check() + ngx.header.content_type = "text/html" + ngx.print("just a joke hehe~ !!") + ngx.exit(200) +end +------------------------------------规则读取函数------------------------------------------------------------------- +function read_rule(var) + file = io.open("./wafconf/"..var,"r") + t = {} + for line in file:lines() do + table.insert(t,line) + end + return(table.concat(t,"|")) +end +regex=read_rule('global') +get=read_rule('get') +post=read_rule('post') +agent=read_rule('user-agent') +whitelist=read_rule('whitelist')