From e679b8993d99a398a014e2ef4c44d8e8e11cc061 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Fri, 17 Jun 2016 16:37:17 +0800
Subject: [PATCH] Update

---
 config.lua                         |  66 +++++----------
 init.lua                           | 126 ++++++++++++++---------------
 wafconf/{user-agent => user_agent} |   0
 wafconf/{whiteurl => white_url}    |   0
 4 files changed, 85 insertions(+), 107 deletions(-)
 rename wafconf/{user-agent => user_agent} (100%)
 rename wafconf/{whiteurl => white_url} (100%)

diff --git a/config.lua b/config.lua
index f3b6b65..6bf541c 100644
--- a/config.lua
+++ b/config.lua
@@ -1,46 +1,24 @@
-RulePath = "/usr/local/nginx/conf/waf/wafconf/"
-attacklog = "on"
-logdir = "/usr/local/nginx/logs/hack/"
-UrlDeny="on"
-Redirect="on"
-CookieMatch="on"
-postMatch="on" 
-whiteModule="on" 
-black_fileExt={"php","jsp"}
-ipWhitelist={"127.0.0.1"}
-ipBlocklist={"1.0.0.1"}
-CCDeny="off"
-CCrate="100/60"
-DenySeconds="600"
-html=[[
-<html xmlns="http://www.w3.org/1999/xhtml"><head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<title>网站防火墙</title>
-<style>
-p {
-	line-height:20px;
-}
-ul{ list-style-type:none;}
-li{ list-style-type:none;}
-</style>
-</head>
+debug = false
+rule_path = "/usr/local/nginx/conf/waf/wafconf/"
+url_check = false
+url_write_check = false
+args_check = false
+ua_check = false
+ua_write_check = false
+cookie_check = false
+post_check = false
 
-<body style=" padding:0; margin:0; font:14px/1.5 Microsoft Yahei, 宋体,sans-serif; color:#555;">
+black_file_ext = {"php", "jsp"}
+attack_log = false
+attach_log_dir = "/usr/local/nginx/logs/hack/"
 
- <div style="margin: 0 auto; width:1000px; padding-top:70px; overflow:hidden;">
-  
-  
-  <div style="width:600px; float:left;">
-    <div style=" height:40px; line-height:40px; color:#fff; font-size:16px; overflow:hidden; background:#6bb3f6; padding-left:20px;">网站防火墙 </div>
-    <div style="border:1px dashed #cdcece; border-top:none; font-size:14px; background:#fff; color:#555; line-height:24px; height:220px; padding:20px 20px 0 20px; overflow-y:auto;background:#f3f7f9;">
-      <p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;"><span style=" font-weight:600; color:#fc4f03;">您的请求带有不合法参数，已被网站管理员设置拦截！</span></p>
-<p style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">可能原因：您提交的内容包含危险的攻击请求</p>
-<p style=" margin-top:12px; margin-bottom:12px; margin-left:0px; margin-right:0px; -qt-block-indent:1; text-indent:0px;">如何解决：</p>
-<ul style="margin-top: 0px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; -qt-list-indent: 1;"><li style=" margin-top:12px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">1）检查提交内容；</li>
-<li style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">2）如网站托管，请联系空间提供商；</li>
-<li style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">3）普通网站访客，请联系网站管理员；</li></ul>
-    </div>
-  </div>
-</div>
-</body></html>
-]]
+redirect = false
+redirect_url = "http://www.baidu.com"
+ip_white_list = {"127.0.0.1", "172.16.1.*"}
+ip_black_list = {"1.0.0.1", "172.16.1.*"}
+
+cc_deny = false
+cc_rate = "100/60"
+cc_deny_seconds = "600"
+cc_redirect = false
+cc_redirect_url = redirect_url
diff --git a/init.lua b/init.lua
index ffa32aa..ec235ca 100644
--- a/init.lua
+++ b/init.lua
@@ -1,133 +1,133 @@
-require 'config'
+-- require 'config'
 local match = string.match
-local ngxmatch=ngx.re.match
-local unescape=ngx.unescape_uri
+local ngx_match = ngx.re.match
+local unescape = ngx.unescape_uri
 local get_headers = ngx.req.get_headers
-local optionIsOn = function (options) return options == "on" and true or false end
-logpath = logdir 
-rulepath = RulePath
-UrlDeny = optionIsOn(UrlDeny)
-PostCheck = optionIsOn(postMatch)
-CookieCheck = optionIsOn(cookieMatch)
-WhiteCheck = optionIsOn(whiteModule)
-PathInfoFix = optionIsOn(PathInfoFix)
-attacklog = optionIsOn(attacklog)
-CCDeny = optionIsOn(CCDeny)
-Redirect=optionIsOn(Redirect)
 
 function getClientIp()
-        IP = ngx.req.get_headers()["X-Real-IP"]
+        IP = get_headers()["X-Real-IP"]
         if IP == nil then
-                IP  = ngx.var.remote_addr 
+            IP  = ngx.var.remote_addr
         end
         if IP == nil then
-                IP  = "unknown"
+            IP  = "unknown"
         end
         return IP
 end
 
-function write(logfile,msg)
-    local fd = io.open(logfile,"ab")
-    if fd == nil then return end
+function write(logfile, msg)
+    local fd = io.open(logfile, "ab")
+    if fd == nil then
+        return
+    end
     fd:write(msg)
     fd:flush()
     fd:close()
 end
 
-function log(method,url,data,ruletag)
-    if attacklog then
+function log(method, url, data, tag)
+    if attack_log then
         local realIp = getClientIp()
         local ua = ngx.var.http_user_agent
         local servername=ngx.var.server_name
         local time=ngx.localtime()
         if ua  then
-            line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\"  \""..ua.."\" \""..ruletag.."\"\n"
+            line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\"  \""..ua.."\" \""..tag.."\"\n"
         else
-            line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..ruletag.."\"\n"
+            line = realIp.." ["..time.."] \""..method.." "..servername..url.."\" \""..data.."\" - \""..tag.."\"\n"
         end
         local filename = logpath..'/'..servername.."_"..ngx.today().."_sec.log"
         write(filename,line)
     end
 end
 
-------------------------------------规则读取函数-----------------------------------------
-function read_rule(var)
-    file = io.open(rulepath..'/'..var,"r")
-    if file==nil then
+------------------------------------ 规则读取函数 -----------------------------------------
+function readRule(var)
+    file = io.open(rulepath..'/'..var, "r")
+    if file == nil then
         return
     end
     t = {}
     for line in file:lines() do
-        table.insert(t,line)
+        table.insert(t, line)
     end
     file:close()
     return(t)
 end
 
-urlrules=read_rule('url')
-argsrules=read_rule('args')
-uarules=read_rule('user-agent')
-wturlrules=read_rule('whiteurl')
-postrules=read_rule('post')
-ckrules=read_rule('cookie')
+url_rules = read_rule('url')
+white_url_rules = read_rule('white_url')
+args_rules = read_rule('args')
+ua_rules = read_rule('user_agent')
+post_rules = read_rule('post')
+cookie_rules = read_rule('cookie')
 
 
-function say_html()
-    if Redirect then
+function debugSay(msg)
+    if debug then
         ngx.header.content_type = "text/html"
         ngx.status = ngx.HTTP_FORBIDDEN
-        ngx.say(html)
+        ngx.say(msg)
         ngx.exit(ngx.status)
     end
 end
 
-function whiteurl()
-    if WhiteCheck then
-        if wturlrules ~=nil then
-            for _,rule in pairs(wturlrules) do
-                if ngxmatch(ngx.var.uri,rule,"isjo") then
-                    return true 
-                 end
-            end
+
+function whiteURLCheck()
+    if white_url_rules ~= nil then
+        for _, rule in pairs(white_url_rules) do
+            if ngx_match(ngx.var.uri, rule, "isjo") then
+                return true
+             end
         end
     end
     return false
 end
 
-function fileExtCheck(ext)
+
+function fileExtCheck(ext, black_file_ext)
     local items = Set(black_fileExt)
-    ext=string.lower(ext)
+    ext = string.lower(ext)
     if ext then
         for rule in pairs(items) do
-            if ngx.re.match(ext,rule,"isjo") then
-	        log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
-            say_html()
+            if ngx.re.match(ext, rule, "isjo") then
+                if attack_log then
+                    log('POST',ngx.var.request_uri,"-","file attack with ext "..ext)
+                end
+
+                if debug then
+                    debugSay(ngx.var.request_uri.."-".."file attack with ext: "..ext)
+                end
             end
         end
     end
     return false
 end
 
-function Set (list)
-  local set = {}
-  for _, l in ipairs(list) do set[l] = true end
-  return set
+
+function set(list)
+    local set = {}
+    for _, l in ipairs(list) do
+        set[l] = true
+    end
+    return set
 end
 
-function args()
-    for _,rule in pairs(argsrules) do
+
+function checkArgs()
+    for _, rule in pairs(args_rules) do
         local args = ngx.req.get_uri_args()
         for key, val in pairs(args) do
-            if type(val)=='table' then
+            if type(val) == 'table' then
                 if val ~= false then
-                    data=table.concat(val, " ")
+                    data = table.concat(val, " ")
                 end
             else
-                data=val
+                data = val
             end
-            if data and type(data) ~= "boolean" and rule ~="" and ngxmatch(unescape(data),rule,"isjo") then
-                log('GET',ngx.var.request_uri,"-",rule)
-                say_html()
+            if data and type(data) ~= "boolean" and rule ~="" and ngx_match(unescape(data), rule, "isjo") then
+                log('GET', ngx.var.request_uri, "-", rule)
+                debugSay(ngx.var.request_uri.."-"..rule)
                 return true
             end
         end
diff --git a/wafconf/user-agent b/wafconf/user_agent
similarity index 100%
rename from wafconf/user-agent
rename to wafconf/user_agent
diff --git a/wafconf/whiteurl b/wafconf/white_url
similarity index 100%
rename from wafconf/whiteurl
rename to wafconf/white_url