From ecf2e4855832dbc17caebdf4bcc021f3884b81de Mon Sep 17 00:00:00 2001 From: loveshell <82163261@qq.com> Date: Tue, 26 Mar 2013 17:59:49 +0800 Subject: [PATCH] split log to init --- waf.lua | 90 +-------------------------------------------------------- 1 file changed, 1 insertion(+), 89 deletions(-) diff --git a/waf.lua b/waf.lua index 1ea3f12..d6fed1b 100644 --- a/waf.lua +++ b/waf.lua @@ -1,92 +1,4 @@ ---发送syslog数据函数 -function syslog(msg) - ngx.header.content_type = "text/html" - kern = 0 - user = 1 - mail = 2 - daemon = 3 - auth = 4 - syslog = 5 - lpr = 6 - news = 7 - uucp = 8 - cron = 9 - authpriv = 10 - ftp = 11 - local0 = 16 - local1 = 17 - local2 = 18 - local3 = 19 - local4 = 20 - local5 = 21 - local6 = 22 - local7 = 23 - - emerg = 0 - alert = 1 - crit = 2 - err = 3 - warning = 4 - notice = 5 - info = 6 - debug = 7 - - -local sock = ngx.socket.udp() -local ok, err = sock:setpeername('127.0.0.1', 514) ---上面的ip和端口就是syslog server的ip和端口地址,可自行修改 -if not ok then - ngx.say("failed to connect to syslog server: ", err) - return -end -level=info -facility=daemon -sign=level+facility*8 -ok, err = sock:send('<'..sign..'>'..msg) -sock:close() -end ---日志处理函数 -function log(method,url,data) - -file=assert(io.open("/data/logs/hack/"..ngx.var.server_name.."_sec.log","a")) - if data then - if ngx.var.http_user_agent then - file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n") - -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n") - else - file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n") - -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n") - end - else - if ngx.var.http_user_agent then - file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n") - -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n") - else - file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n") - -- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n") - end - end -file:close() -end -function check() - ngx.header.content_type = "text/html" - ngx.print("just a joke hehe~ !!") - ngx.exit(200) -end -function read_rule(var) - file = io.open("./wafconf/"..var,"r") - t = {} - for line in file:lines() do - table.insert(t,line) - end - return(table.concat(t,"|")) -end -regex=read_rule('global') -get=read_rule('get') -post=read_rule('post') -agent=read_rule('user-agent') -whitelist=read_rule('whitelist') -if ngx.re.match(ngx.var.request_uri,whitelist,"isjo") then +if ngx.re.match(ngx.var.request_uri,whitelist,"i") then return elseif ngx.req.get_body_data() and ngx.re.match(ngx.req.get_body_data(),[[^(?!Content-Disposition: form-data;(.*)filename="(.*).(php|jsp|phtml|asp|aspx|cgi)").*$]],"isjo") then return