增加user-agent白名单

README.md

@@ -111,6 +111,7 @@ nginx安装路径假设为:/usr/local/nginx/conf/
 		post是只在post请求过滤的规则		
 		whitelist是白名单，里面的url匹配到不做过滤		
         user-agent是对user-agent的过滤规则
+		white-user-agent是user-agent白名单,里面的user-agent匹配到不做过滤
 	
 
 	默认开启了get和post过滤，需要开启cookie过滤的，编辑waf.lua取消部分--注释即可

init.lua

@@ -60,6 +60,7 @@ end
 urlrules=read_rule('url')
 argsrules=read_rule('args')
 uarules=read_rule('user-agent')
+whiteuarules=read_rule('white-user-agent')
 wturlrules=read_rule('whiteurl')
 postrules=read_rule('post')
 ckrules=read_rule('cookie')
@@ -232,6 +233,18 @@ function whiteip()
         return false
 end
 
+function whiteua()
+    local ua = ngx.var.http_user_agent
+    if ua ~= nil then
+        for _,rule in pairs(whiteuarules) do
+            if rule ~="" and ngxmatch(ua,rule,"isjo") then
+                return true
+            end
+        end
+    end
+    return false
+end
+
 function blockip()
      if next(ipBlocklist) ~= nil then
          for _,ip in pairs(ipBlocklist) do

waf.lua

@@ -2,6 +2,7 @@ local content_length=tonumber(ngx.req.get_headers()['content-length'])
 local method=ngx.req.get_method()
 local ngxmatch=ngx.re.match
 if whiteip() then
+elseif whiteua() then
 elseif blockip() then
 elseif denycc() then
 elseif ngx.var.http_Acunetix_Aspect then

wafconf/white-user-agent

@@ -0,0 +1 @@
+(baidu)