Merge b32ae8f728 into 314a2f62ec
virusdefender
commit
4beac468fc
|
|
@ -5,6 +5,7 @@ UrlDeny="on"
|
|||
Redirect="on"
|
||||
CookieMatch="on"
|
||||
postMatch="on"
|
||||
WhiteServerName="on"
|
||||
whiteModule="on"
|
||||
black_fileExt={"php","jsp"}
|
||||
ipWhitelist={"127.0.0.1"}
|
||||
|
|
|
|||
32
init.lua
32
init.lua
|
|
@ -10,10 +10,13 @@ UrlDeny = optionIsOn(UrlDeny)
|
|||
PostCheck = optionIsOn(postMatch)
|
||||
CookieCheck = optionIsOn(cookieMatch)
|
||||
WhiteCheck = optionIsOn(whiteModule)
|
||||
WhiteServerName = optionIsOn(WhiteServerName)
|
||||
PathInfoFix = optionIsOn(PathInfoFix)
|
||||
attacklog = optionIsOn(attacklog)
|
||||
CCDeny = optionIsOn(CCDeny)
|
||||
Redirect=optionIsOn(Redirect)
|
||||
|
||||
|
||||
function getClientIp()
|
||||
IP = ngx.var.remote_addr
|
||||
if IP == nil then
|
||||
|
|
@ -61,9 +64,14 @@ urlrules=read_rule('url')
|
|||
argsrules=read_rule('args')
|
||||
uarules=read_rule('user-agent')
|
||||
wturlrules=read_rule('whiteurl')
|
||||
white_servername_list = read_rule('white_servername')
|
||||
postrules=read_rule('post')
|
||||
ckrules=read_rule('cookie')
|
||||
|
||||
function debug(info)
|
||||
write("/var/log/nginx/waf/debug.log", info)
|
||||
end
|
||||
|
||||
|
||||
function say_html()
|
||||
if Redirect then
|
||||
|
|
@ -86,6 +94,30 @@ function whiteurl()
|
|||
end
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
|
||||
function white_servername()
|
||||
debug("white servername")
|
||||
if 1==1 then
|
||||
host = ngx.req.get_headers()["Host"]
|
||||
if host == nil then
|
||||
debug("nil host")
|
||||
return false;
|
||||
end
|
||||
debug(host)
|
||||
if white_servername_list ~= nil then
|
||||
for _, rule in pairs(white_servername_list) do
|
||||
if ngxmatch(host, rule, "isjo") then
|
||||
return true
|
||||
end
|
||||
end
|
||||
end
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
function fileExtCheck(ext)
|
||||
local items = Set(black_fileExt)
|
||||
ext=string.lower(ext)
|
||||
|
|
|
|||
1
waf.lua
1
waf.lua
|
|
@ -9,6 +9,7 @@ elseif ngx.var.http_Acunetix_Aspect then
|
|||
elseif ngx.var.http_X_Scan_Memo then
|
||||
ngx.exit(444)
|
||||
elseif whiteurl() then
|
||||
elseif white_servername() then
|
||||
elseif ua() then
|
||||
elseif url() then
|
||||
elseif args() then
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
\.(svn|htaccess|bash_history)
|
||||
\.(svn|git|htaccess|bash_history)
|
||||
\.(bak|inc|old|mdb|sql|backup|java|class)$
|
||||
(vhost|bbs|host|wwwroot|www|site|root|hytop|flashfxp).*\.rar
|
||||
(phpmyadmin|jmx-console|jmxinvokerservlet)
|
||||
|
|
|
|||
Loading…
Reference in New Issue