github
/
ngx_lua_waf
mirror of https://github.com/loveshell/ngx_lua_waf
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

change

pull/63/head
ibuler 2016-06-18 14:56:30 +08:00
parent d919acf558
commit db6eda926b
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.lua
View File

@ -10,7 +10,7 @@ post_check = false
black_file_ext = {"php", "jsp"} black_file_ext = {"php", "jsp"}
attack_log = false attack_log = false
attach_log_dir = "/usr/local/nginx/logs/hack/" attach_log_dir = "/data/logs/waf/"
redirect = false redirect = false
redirect_url = "http://www.baidu.com" redirect_url = "http://www.baidu.com"

12
init.lua
View File

@ -1,4 +1,3 @@
-- require 'config'
local match = string.match local match = string.match
local ngx_match = ngx.re.match local ngx_match = ngx.re.match
local unescape = ngx.unescape_uri local unescape = ngx.unescape_uri
@ -199,13 +198,20 @@ function denyCC(cc_rate, cc_deny_seconds)
local block, _ = limit:get(ip) local block, _ = limit:get(ip)
if block then if block then
ngx.exit(405) if debug then
ngx.say('Deny by waf.')
return false
elseif cc_redirect then
ngx.redirect(cc_redirect_url)
else
ngx.exit(404)
end
end end
if req then if req then
if req > cc_count then if req > cc_count then
limit:set(ip, 1, cc_deny_seconds) limit:set(ip, 1, cc_deny_seconds)
ngx.exit(405) ngx.exit(404)
return false return false
else else
limit:incr(token, 1) limit:incr(token, 1)