Compare commits
13 Commits
| Author | SHA1 | Date |
|---|---|---|
loveshell
|
314a2f62ec | |
|
loveshell
|
6606edda34 | |
|
loveshell
|
3492d0601c | |
|
loveshell
|
fa5bf74cbe | |
|
loveshell
|
f609d3296d | |
|
loveshell
|
2b1079ee50 | |
|
loveshell
|
6a38f4fe2d | |
|
loveshell
|
c0b121a64c | |
|
loveshell
|
14a78d0155 | |
|
loveshell
|
2897e494ea | |
|
loveshell
|
834c937a83 | |
|
loveshell
|
20173bd93d | |
|
loveshell
|
caff7def0b |
|
|
@ -64,7 +64,7 @@ nginx安装路径假设为:/usr/local/nginx/conf/
|
|||
whiteModule = "on"
|
||||
--是否开启URL白名单
|
||||
black_fileExt={"php","jsp"}
|
||||
--填写可上传文件后缀类型
|
||||
--填写不允许上传文件后缀类型
|
||||
ipWhitelist={"127.0.0.1"}
|
||||
--ip白名单,多个ip用逗号分隔
|
||||
ipBlocklist={"1.0.0.1"}
|
||||
|
|
@ -106,8 +106,8 @@ nginx安装路径假设为:/usr/local/nginx/conf/
|
|||
|
||||
过滤规则在wafconf下,可根据需求自行调整,每条规则需换行,或者用|分割
|
||||
|
||||
global是全局过滤文件,里面的规则对post和get都过滤
|
||||
get是只在get请求过滤的规则
|
||||
args里面的规则get参数进行过滤的
|
||||
url是只在get请求url过滤的规则
|
||||
post是只在post请求过滤的规则
|
||||
whitelist是白名单,里面的url匹配到不做过滤
|
||||
user-agent是对user-agent的过滤规则
|
||||
|
|
|
|||
14
init.lua
14
init.lua
|
|
@ -15,10 +15,7 @@ attacklog = optionIsOn(attacklog)
|
|||
CCDeny = optionIsOn(CCDeny)
|
||||
Redirect=optionIsOn(Redirect)
|
||||
function getClientIp()
|
||||
IP = ngx.req.get_headers()["X-Real-IP"]
|
||||
if IP == nil then
|
||||
IP = ngx.var.remote_addr
|
||||
end
|
||||
IP = ngx.var.remote_addr
|
||||
if IP == nil then
|
||||
IP = "unknown"
|
||||
end
|
||||
|
|
@ -112,9 +109,14 @@ function args()
|
|||
local args = ngx.req.get_uri_args()
|
||||
for key, val in pairs(args) do
|
||||
if type(val)=='table' then
|
||||
if val ~= false then
|
||||
data=table.concat(val, " ")
|
||||
local t={}
|
||||
for k,v in pairs(val) do
|
||||
if v == true then
|
||||
v=""
|
||||
end
|
||||
table.insert(t,v)
|
||||
end
|
||||
data=table.concat(t, " ")
|
||||
else
|
||||
data=val
|
||||
end
|
||||
|
|
|
|||
12
waf.lua
12
waf.lua
|
|
@ -1,5 +1,6 @@
|
|||
local content_length=tonumber(ngx.req.get_headers()['content-length'])
|
||||
local method=ngx.req.get_method()
|
||||
local ngxmatch=ngx.re.match
|
||||
if whiteip() then
|
||||
elseif blockip() then
|
||||
elseif denycc() then
|
||||
|
|
@ -41,12 +42,12 @@ elseif PostCheck then
|
|||
return true
|
||||
end
|
||||
size = size + len(data)
|
||||
local m = ngx.re.match(data,'Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"','ijo')
|
||||
local m = ngxmatch(data,[[Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"]],'ijo')
|
||||
if m then
|
||||
fileExtCheck(m[3])
|
||||
filetranslate = true
|
||||
else
|
||||
if ngx.re.find(data,"Content-Disposition:",'isjo') then
|
||||
if ngxmatch(data,"Content-Disposition:",'isjo') then
|
||||
filetranslate = false
|
||||
end
|
||||
if filetranslate==false then
|
||||
|
|
@ -68,13 +69,16 @@ elseif PostCheck then
|
|||
return
|
||||
end
|
||||
for key, val in pairs(args) do
|
||||
if type(val) == "table" or val == false then
|
||||
if type(val) == "table" then
|
||||
if type(val[1]) == "boolean" then
|
||||
return
|
||||
end
|
||||
data=table.concat(val, ", ")
|
||||
else
|
||||
data=val
|
||||
end
|
||||
if data and type(data) ~= "boolean" and body(data) then
|
||||
return true
|
||||
body(key)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
\.\./
|
||||
select.+(from|limit)
|
||||
(?:(union(.*?)select))
|
||||
having|rongjitest
|
||||
|
|
|
|||
Loading…
Reference in New Issue