github
/
ngx_lua_waf
mirror of https://github.com/loveshell/ngx_lua_waf
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update

pull/63/head
ibuler 2016-06-17 16:37:17 +08:00
parent 2fb6dc226e
commit e679b8993d
4 changed files with 85 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
config.lua
View File

@ -1,46 +1,24 @@
RulePath = "/usr/local/nginx/conf/waf/wafconf/"
attacklog = "on"
logdir = "/usr/local/nginx/logs/hack/"
UrlDeny="on"
Redirect="on"
CookieMatch="on"
postMatch="on"
whiteModule="on"
black_fileExt={"php","jsp"}
ipWhitelist={"127.0.0.1"}
ipBlocklist={"1.0.0.1"}
CCDeny="off"
CCrate="100/60"
DenySeconds="600"
html=[[
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title></title>
<style>
p {
line-height:20px;
}
ul{ list-style-type:none;}
li{ list-style-type:none;}
</style>
</head>
debug = false
rule_path = "/usr/local/nginx/conf/waf/wafconf/"
url_check = false
url_write_check = false
args_check = false
ua_check = false
ua_write_check = false
cookie_check = false
post_check = false
<body style=" padding:0; margin:0; font:14px/1.5 Microsoft Yahei, 宋体,sans-serif; color:#555;">
black_file_ext = {"php", "jsp"}
attack_log = false
attach_log_dir = "/usr/local/nginx/logs/hack/"
<div style="margin: 0 auto; width:1000px; padding-top:70px; overflow:hidden;">
<div style="width:600px; float:left;">
<div style=" height:40px; line-height:40px; color:#fff; font-size:16px; overflow:hidden; background:#6bb3f6; padding-left:20px;"> </div>
<div style="border:1px dashed #cdcece; border-top:none; font-size:14px; background:#fff; color:#555; line-height:24px; height:220px; padding:20px 20px 0 20px; overflow-y:auto;background:#f3f7f9;">
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"><span style=" font-weight:600; color:#fc4f03;"></span></p>
<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"></p>
<p style=" margin-top:12px; margin-bottom:12px; margin-left:0px; margin-right:0px; -qt-block-indent:1; text-indent:0px;"></p>
<ul style="margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; -qt-list-indent: 1;"><li style=" margin-top:12px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">1</li>
<li style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">2</li>
<li style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">3访</li></ul>
</div>
</div>
</div>
</body></html>
]]
redirect = false
redirect_url = "http://www.baidu.com"
ip_white_list = {"127.0.0.1", "172.16.1.*"}
ip_black_list = {"1.0.0.1", "172.16.1.*"}
cc_deny = false
cc_rate = "100/60"
cc_deny_seconds = "600"
cc_redirect = false
cc_redirect_url = redirect_url

126
init.lua
View File

@ -1,133 +1,133 @@
require 'config'
-- require 'config'
local match = string.match
local ngxmatch=ngx.re.match
local unescape=ngx.unescape_uri
local ngx_match = ngx.re.match
local unescape = ngx.unescape_uri
local get_headers = ngx.req.get_headers
local optionIsOn = function (options) return options == "on" and true or false end
logpath = logdir
rulepath = RulePath
UrlDeny = optionIsOn(UrlDeny)
PostCheck = optionIsOn(postMatch)
CookieCheck = optionIsOn(cookieMatch)
WhiteCheck = optionIsOn(whiteModule)
PathInfoFix = optionIsOn(PathInfoFix)
attacklog = optionIsOn(attacklog)
CCDeny = optionIsOn(CCDeny)
Redirect=optionIsOn(Redirect)
function getClientIp()
IP = ngx.req.get_headers()["X-Real-IP"]
IP = get_headers()["X-Real-IP"]
if IP == nil then
IP = ngx.var.remote_addr
IP = ngx.var.remote_addr
end
if IP == nil then
IP = "unknown"
IP = "unknown"
end
return IP
end
function write(logfile,msg)
local fd = io.open(logfile,"ab")
if fd == nil then return end
function write(logfile, msg)
local fd = io.open(logfile, "ab")
if fd == nil then
return
end
fd:write(msg)
fd:flush()
fd:close()
end
function log(method,url,data,ruletag)
if attacklog then
function log(method, url, data, tag)
if attack_log then
local realIp = getClientIp()
local ua = ngx.var.http_user_agent
local servername=ngx.var.server_name
local time=ngx.localtime()
if ua then
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" \""..ua.."\" \""..ruletag.."\"\n"
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" \""..ua.."\" \""..tag.."\"\n"
else
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n"
line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..tag.."\"\n"
end
local filename = logpath..'/'..servername.."_"..ngx.today().."_sec.log"
write(filename,line)
end
end
------------------------------------规则读取函数-----------------------------------------
function read_rule(var)
file = io.open(rulepath..'/'..var,"r")
if file==nil then
------------------------------------ 规则读取函数 -----------------------------------------
function readRule(var)
file = io.open(rulepath..'/'..var, "r")
if file == nil then
return
end
t = {}
for line in file:lines() do
table.insert(t,line)
table.insert(t, line)
end
file:close()
return(t)
end
urlrules=read_rule('url')
argsrules=read_rule('args')
uarules=read_rule('user-agent')
wturlrules=read_rule('whiteurl')
postrules=read_rule('post')
ckrules=read_rule('cookie')
url_rules = read_rule('url')
white_url_rules = read_rule('white_url')
args_rules = read_rule('args')
ua_rules = read_rule('user_agent')
post_rules = read_rule('post')
cookie_rules = read_rule('cookie')
function say_html()
if Redirect then
function debugSay(msg)
if debug then
ngx.header.content_type = "text/html"
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(html)
ngx.say(msg)
ngx.exit(ngx.status)
end
end
function whiteurl()
if WhiteCheck then
if wturlrules ~=nil then
for _,rule in pairs(wturlrules) do
if ngxmatch(ngx.var.uri,rule,"isjo") then
return true
end
end
function whiteURLCheck()
if white_url_rules ~= nil then
for _, rule in pairs(white_url_rules) do
if ngx_match(ngx.var.uri, rule, "isjo") then
return true
end
end
end
return false
end
function fileExtCheck(ext)
function fileExtCheck(ext, black_file_ext)
local items = Set(black_fileExt)
ext=string.lower(ext)
ext = string.lower(ext)
if ext then
for rule in pairs(items) do
if ngx.re.match(ext,rule,"isjo") then
log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
say_html()
if ngx.re.match(ext, rule, "isjo") then
if attack_log then
log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
end
if debug then
debugSay(ngx.var.request_uri.."-".."file attack with ext: "..ext)
end
end
end
end
return false
end
function Set (list)
local set = {}
for _, l in ipairs(list) do set[l] = true end
return set
function set(list)
local set = {}
for _, l in ipairs(list) do
set[l] = true
end
return set
end
function args()
for _,rule in pairs(argsrules) do
function checkArgs()
for _, rule in pairs(args_rules) do
local args = ngx.req.get_uri_args()
for key, val in pairs(args) do
if type(val)=='table' then
if type(val) == 'table' then
if val ~= false then
data=table.concat(val, " ")
data = table.concat(val, " ")
end
else
data=val
data = val
end
if data and type(data) ~= "boolean" and rule ~="" and ngxmatch(unescape(data),rule,"isjo") then
log('GET',ngx.var.request_uri,"-",rule)
say_html()
if data and type(data) ~= "boolean" and rule ~="" and ngx_match(unescape(data), rule, "isjo") then
log('GET', ngx.var.request_uri, "-", rule)
debugSay(ngx.var.request_uri.."-"..rule)
return true
end
end

0
wafconf/user-agent → wafconf/user_agent
View File

0
wafconf/whiteurl → wafconf/white_url
View File