github
/
ngx_lua_waf
mirror of https://github.com/loveshell/ngx_lua_waf
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add

pull/63/head
ibuler 2016-09-24 18:36:27 +08:00
parent 3db5c378fa
commit 8d08639a5c
3 changed files with 71 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
.idea/workspace.xml
View File

@ -25,21 +25,21 @@
</component>
<component name="FileEditorManager">
<leaf>
<file leaf-file-name="core.lua" pinned="false" current-in-tab="false">
<file leaf-file-name="core.lua" pinned="false" current-in-tab="true">
<entry file="file://$PROJECT_DIR$/core.lua">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="0">
<caret line="0" column="0" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<state relative-caret-position="209">
<caret line="104" column="6" selection-start-line="104" selection-start-column="6" selection-end-line="104" selection-end-column="6" />
<folding />
</state>
</provider>
</entry>
</file>
<file leaf-file-name="config.lua" pinned="false" current-in-tab="true">
<file leaf-file-name="config.lua" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/config.lua">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="133">
<caret line="7" column="0" selection-start-line="7" selection-start-column="0" selection-end-line="7" selection-end-column="0" />
<state relative-caret-position="418">
<caret line="22" column="8" selection-start-line="22" selection-start-column="8" selection-end-line="22" selection-end-column="8" />
<folding />
</state>
</provider>
@ -48,8 +48,8 @@
<file leaf-file-name="iputils.lua" pinned="false" current-in-tab="false">
<entry file="file://$PROJECT_DIR$/iputils.lua">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="0">
<caret line="0" column="0" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<state relative-caret-position="285">
<caret line="184" column="13" selection-start-line="184" selection-start-column="13" selection-end-line="184" selection-end-column="13" />
<folding />
</state>
</provider>
@ -74,8 +74,8 @@
<option name="CHANGED_PATHS">
<list>
<option value="$PROJECT_DIR$/init.lua" />
<option value="$PROJECT_DIR$/core.lua" />
<option value="$PROJECT_DIR$/config.lua" />
<option value="$PROJECT_DIR$/core.lua" />
</list>
</option>
</component>
@ -222,26 +222,26 @@
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/core.lua">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="0">
<caret line="0" column="0" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/iputils.lua">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="0">
<caret line="0" column="0" selection-start-line="0" selection-start-column="0" selection-end-line="0" selection-end-column="0" />
<state relative-caret-position="285">
<caret line="184" column="13" selection-start-line="184" selection-start-column="13" selection-end-line="184" selection-end-column="13" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/config.lua">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="133">
<caret line="7" column="0" selection-start-line="7" selection-start-column="0" selection-end-line="7" selection-end-column="0" />
<state relative-caret-position="418">
<caret line="22" column="8" selection-start-line="22" selection-start-column="8" selection-end-line="22" selection-end-column="8" />
<folding />
</state>
</provider>
</entry>
<entry file="file://$PROJECT_DIR$/core.lua">
<provider selected="true" editor-type-id="text-editor">
<state relative-caret-position="209">
<caret line="104" column="6" selection-start-line="104" selection-start-column="6" selection-end-line="104" selection-end-column="6" />
<folding />
</state>
</provider>

6
config.lua
View File

@ -18,9 +18,9 @@ _M.defaults = {
cc_deny_seconds = 600,
cc_deny_code = 404,
log_path = "/tmp/nginx_waf.log",
ip_check= true,
ip_white_list = nil,
ip_black_list = nil,
ip_white_list = {},
ip_black_list = {},
ip_black_code = 403,
}
return _M

48
core.lua
View File

@ -12,6 +12,7 @@ log_inited = {}
local get_headers = ngx.req.get_headers
local config = require "config"
local iputils = require "iputils"
local mt = {__index=_M }
local function get_client_ip()
@ -94,9 +95,54 @@ function _M.log(self, msg)
self.fd:flush()
end
function _M.in_white_ip_list(self)
local ip = get_client_ip()
local is_white_token = ip.."white"
local is_white, _ = limit:get(is_white_token)
if is_white then
return true
end
if next(white_ip_list) ~= nil then
local white_ip_list = self.config.white_ip_list
for _, wip in paris(white_ip_list) do
if ip == wip or iputils.ip_in_cidrs(ip, wip) then
return true
end
end
end
return false
end
function _M.in_black_ip_list(self)
local limit = ngx.shared.limit
local ip = get_client_ip()
local is_block_token = ip.."block"
local is_block, _ = limit:get(is_block_token)
if is_block then
ngx.exit(self.config.ip_black_code)
return true
end
if next(white_ip_list) ~= nil then
local black_ip_list = self.config.white_ip_list
for _, bip in paris(black_ip_list) do
if ip == bip or iputils.ip_in_cidrs(ip, bip) then
limit:set(is_block_token, true, 3600)
ngx.exit(self.config.ip_black_code)
return true
end
end
end
return false
end
function _M.run(self)
ngx.log(ngx.WARN, 'Start running waf')
if self.config.cc_deny and self:deny_cc() then
if self:in_black_ip_list() then
elseif self:in_white_ip_list() then
elseif self.config.cc_deny and self:deny_cc() then
end
end