添加block time
ibuler
parent
6a38f4fe2d
commit
de95c77575
|
|
@ -11,6 +11,7 @@ ipWhitelist={"127.0.0.1"}
|
||||||
ipBlocklist={"1.0.0.1"}
|
ipBlocklist={"1.0.0.1"}
|
||||||
CCDeny="off"
|
CCDeny="off"
|
||||||
CCrate="100/60"
|
CCrate="100/60"
|
||||||
|
DenySeconds="600"
|
||||||
html=[[
|
html=[[
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml"><head>
|
<html xmlns="http://www.w3.org/1999/xhtml"><head>
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
|
|
||||||
21
init.lua
21
init.lua
|
|
@ -14,6 +14,7 @@ PathInfoFix = optionIsOn(PathInfoFix)
|
||||||
attacklog = optionIsOn(attacklog)
|
attacklog = optionIsOn(attacklog)
|
||||||
CCDeny = optionIsOn(CCDeny)
|
CCDeny = optionIsOn(CCDeny)
|
||||||
Redirect=optionIsOn(Redirect)
|
Redirect=optionIsOn(Redirect)
|
||||||
|
|
||||||
function getClientIp()
|
function getClientIp()
|
||||||
IP = ngx.req.get_headers()["X-Real-IP"]
|
IP = ngx.req.get_headers()["X-Real-IP"]
|
||||||
if IP == nil then
|
if IP == nil then
|
||||||
|
|
@ -24,6 +25,7 @@ function getClientIp()
|
||||||
end
|
end
|
||||||
return IP
|
return IP
|
||||||
end
|
end
|
||||||
|
|
||||||
function write(logfile,msg)
|
function write(logfile,msg)
|
||||||
local fd = io.open(logfile,"ab")
|
local fd = io.open(logfile,"ab")
|
||||||
if fd == nil then return end
|
if fd == nil then return end
|
||||||
|
|
@ -31,6 +33,7 @@ function write(logfile,msg)
|
||||||
fd:flush()
|
fd:flush()
|
||||||
fd:close()
|
fd:close()
|
||||||
end
|
end
|
||||||
|
|
||||||
function log(method,url,data,ruletag)
|
function log(method,url,data,ruletag)
|
||||||
if attacklog then
|
if attacklog then
|
||||||
local realIp = getClientIp()
|
local realIp = getClientIp()
|
||||||
|
|
@ -46,7 +49,8 @@ function log(method,url,data,ruletag)
|
||||||
write(filename,line)
|
write(filename,line)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
------------------------------------规则读取函数-------------------------------------------------------------------
|
|
||||||
|
------------------------------------规则读取函数-----------------------------------------
|
||||||
function read_rule(var)
|
function read_rule(var)
|
||||||
file = io.open(rulepath..'/'..var,"r")
|
file = io.open(rulepath..'/'..var,"r")
|
||||||
if file==nil then
|
if file==nil then
|
||||||
|
|
@ -89,6 +93,7 @@ function whiteurl()
|
||||||
end
|
end
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
function fileExtCheck(ext)
|
function fileExtCheck(ext)
|
||||||
local items = Set(black_fileExt)
|
local items = Set(black_fileExt)
|
||||||
ext=string.lower(ext)
|
ext=string.lower(ext)
|
||||||
|
|
@ -102,11 +107,13 @@ function fileExtCheck(ext)
|
||||||
end
|
end
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
function Set (list)
|
function Set (list)
|
||||||
local set = {}
|
local set = {}
|
||||||
for _, l in ipairs(list) do set[l] = true end
|
for _, l in ipairs(list) do set[l] = true end
|
||||||
return set
|
return set
|
||||||
end
|
end
|
||||||
|
|
||||||
function args()
|
function args()
|
||||||
for _,rule in pairs(argsrules) do
|
for _,rule in pairs(argsrules) do
|
||||||
local args = ngx.req.get_uri_args()
|
local args = ngx.req.get_uri_args()
|
||||||
|
|
@ -155,6 +162,7 @@ function ua()
|
||||||
end
|
end
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
function body(data)
|
function body(data)
|
||||||
for _,rule in pairs(postrules) do
|
for _,rule in pairs(postrules) do
|
||||||
if rule ~="" and data~="" and ngxmatch(unescape(data),rule,"isjo") then
|
if rule ~="" and data~="" and ngxmatch(unescape(data),rule,"isjo") then
|
||||||
|
|
@ -165,6 +173,7 @@ function body(data)
|
||||||
end
|
end
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
function cookie()
|
function cookie()
|
||||||
local ck = ngx.var.http_cookie
|
local ck = ngx.var.http_cookie
|
||||||
if CookieCheck and ck then
|
if CookieCheck and ck then
|
||||||
|
|
@ -186,9 +195,17 @@ function denycc()
|
||||||
CCseconds=tonumber(string.match(CCrate,'/(.*)'))
|
CCseconds=tonumber(string.match(CCrate,'/(.*)'))
|
||||||
local token = getClientIp()..uri
|
local token = getClientIp()..uri
|
||||||
local limit = ngx.shared.limit
|
local limit = ngx.shared.limit
|
||||||
local req,_=limit:get(token)
|
local req,_ = limit:get(token)
|
||||||
|
local ip = getClientIp
|
||||||
|
local block,_ = limit:get(ip)
|
||||||
|
|
||||||
|
if block then
|
||||||
|
ngx.exit(503)
|
||||||
|
end
|
||||||
|
|
||||||
if req then
|
if req then
|
||||||
if req > CCcount then
|
if req > CCcount then
|
||||||
|
limit:set(ip,1,DenySeconds)
|
||||||
ngx.exit(503)
|
ngx.exit(503)
|
||||||
return true
|
return true
|
||||||
else
|
else
|
||||||
|
|
|
||||||
1
waf.lua
1
waf.lua
|
|
@ -1,6 +1,7 @@
|
||||||
local content_length=tonumber(ngx.req.get_headers()['content-length'])
|
local content_length=tonumber(ngx.req.get_headers()['content-length'])
|
||||||
local method=ngx.req.get_method()
|
local method=ngx.req.get_method()
|
||||||
local ngxmatch=ngx.re.match
|
local ngxmatch=ngx.re.match
|
||||||
|
|
||||||
if whiteip() then
|
if whiteip() then
|
||||||
elseif blockip() then
|
elseif blockip() then
|
||||||
elseif denycc() then
|
elseif denycc() then
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue