|
|
|
|
@ -1,92 +1,4 @@
|
|
|
|
|
--发送syslog数据函数 |
|
|
|
|
function syslog(msg) |
|
|
|
|
ngx.header.content_type = "text/html" |
|
|
|
|
kern = 0 |
|
|
|
|
user = 1 |
|
|
|
|
mail = 2 |
|
|
|
|
daemon = 3 |
|
|
|
|
auth = 4 |
|
|
|
|
syslog = 5 |
|
|
|
|
lpr = 6 |
|
|
|
|
news = 7 |
|
|
|
|
uucp = 8 |
|
|
|
|
cron = 9 |
|
|
|
|
authpriv = 10 |
|
|
|
|
ftp = 11 |
|
|
|
|
local0 = 16 |
|
|
|
|
local1 = 17 |
|
|
|
|
local2 = 18 |
|
|
|
|
local3 = 19 |
|
|
|
|
local4 = 20 |
|
|
|
|
local5 = 21 |
|
|
|
|
local6 = 22 |
|
|
|
|
local7 = 23 |
|
|
|
|
|
|
|
|
|
emerg = 0 |
|
|
|
|
alert = 1 |
|
|
|
|
crit = 2 |
|
|
|
|
err = 3 |
|
|
|
|
warning = 4 |
|
|
|
|
notice = 5 |
|
|
|
|
info = 6 |
|
|
|
|
debug = 7 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local sock = ngx.socket.udp() |
|
|
|
|
local ok, err = sock:setpeername('127.0.0.1', 514) |
|
|
|
|
--上面的ip和端口就是syslog server的ip和端口地址,可自行修改 |
|
|
|
|
if not ok then |
|
|
|
|
ngx.say("failed to connect to syslog server: ", err) |
|
|
|
|
return |
|
|
|
|
end |
|
|
|
|
level=info |
|
|
|
|
facility=daemon |
|
|
|
|
sign=level+facility*8 |
|
|
|
|
ok, err = sock:send('<'..sign..'>'..msg) |
|
|
|
|
sock:close() |
|
|
|
|
end |
|
|
|
|
--日志处理函数 |
|
|
|
|
function log(method,url,data) |
|
|
|
|
|
|
|
|
|
file=assert(io.open("/data/logs/hack/"..ngx.var.server_name.."_sec.log","a")) |
|
|
|
|
if data then |
|
|
|
|
if ngx.var.http_user_agent then |
|
|
|
|
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n") |
|
|
|
|
-- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \""..ngx.status.."\" \""..ngx.var.http_user_agent.."\"\n") |
|
|
|
|
else |
|
|
|
|
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n") |
|
|
|
|
-- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \""..data.."\" \"-\"\n") |
|
|
|
|
end |
|
|
|
|
else |
|
|
|
|
if ngx.var.http_user_agent then |
|
|
|
|
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n") |
|
|
|
|
-- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \""..ngx.var.http_user_agent.."\"\n") |
|
|
|
|
else |
|
|
|
|
file:write(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n") |
|
|
|
|
-- syslog(ngx.var.remote_addr.." ".." ["..ngx.localtime().."] \""..method.." "..url.."\" \"-\" \"".."-\"\n") |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
file:close() |
|
|
|
|
end |
|
|
|
|
function check() |
|
|
|
|
ngx.header.content_type = "text/html" |
|
|
|
|
ngx.print("just a joke hehe~ !!") |
|
|
|
|
ngx.exit(200) |
|
|
|
|
end |
|
|
|
|
function read_rule(var) |
|
|
|
|
file = io.open("./wafconf/"..var,"r") |
|
|
|
|
t = {} |
|
|
|
|
for line in file:lines() do |
|
|
|
|
table.insert(t,line) |
|
|
|
|
end |
|
|
|
|
return(table.concat(t,"|")) |
|
|
|
|
end |
|
|
|
|
regex=read_rule('global') |
|
|
|
|
get=read_rule('get') |
|
|
|
|
post=read_rule('post') |
|
|
|
|
agent=read_rule('user-agent') |
|
|
|
|
whitelist=read_rule('whitelist') |
|
|
|
|
if ngx.re.match(ngx.var.request_uri,whitelist,"isjo") then |
|
|
|
|
if ngx.re.match(ngx.var.request_uri,whitelist,"i") then |
|
|
|
|
return |
|
|
|
|
elseif ngx.req.get_body_data() and ngx.re.match(ngx.req.get_body_data(),[[^(?!Content-Disposition: form-data;(.*)filename="(.*).(php|jsp|phtml|asp|aspx|cgi)").*$]],"isjo") then |
|
|
|
|
return |
|
|
|
|
|
loveshell
12 years ago