ngx_lua_waf_oneinstack/lib.lua

-- waf core lib
require "config"

-- Get the client IP
function get_client_ip()
    local CLIENT_IP = ngx.req.get_headers()["X_real_ip"]
    if CLIENT_IP == nil then
        CLIENT_IP = ngx.req.get_headers()["X_Forwarded_For"]
    end
    if CLIENT_IP == nil then
        CLIENT_IP  = ngx.var.remote_addr
    end
    if CLIENT_IP == nil then
        CLIENT_IP  = "unknown"
    end
    return CLIENT_IP
end

-- Get the client user agent
function get_user_agent()
    local USER_AGENT = ngx.var.http_user_agent
    if USER_AGENT == nil then
       USER_AGENT = "unknown"
    end
    return USER_AGENT
end

-- Get WAF rule
function get_rule(rulefilename)
    local io = require "io"
    local RULE_PATH = config_rule_dir
    local RULE_FILE = io.open(RULE_PATH..'/'..rulefilename,"r")
    if RULE_FILE == nil then
        return
    end
    local RULE_TABLE = {}
    for line in RULE_FILE:lines() do
        table.insert(RULE_TABLE,line)
    end
    RULE_FILE:close()
    return(RULE_TABLE)
end

-- WAF log record for json,(use logstash codec => json)
function log_record(method,url,data,ruletag)
    local cjson = require("cjson")
    local io = require "io"
    local LOG_PATH = config_log_dir
    local CLIENT_IP = get_client_ip()
    local USER_AGENT = get_user_agent()
    local SERVER_NAME = ngx.var.host
    local LOCAL_TIME = ngx.localtime()
    local log_json_obj = {
                 client_ip = CLIENT_IP,
                 local_time = LOCAL_TIME,
                 server_name = SERVER_NAME,
                 req_url = url,
                 attack_method = method,
                 req_data = data,
                 rule_tag = ruletag,
                 user_agent = USER_AGENT,
              }
    local LOG_LINE = cjson.encode(log_json_obj)
    local LOG_NAME = LOG_PATH..'/'..ngx.today().."_sec.log"
    local file = io.open(LOG_NAME,"a")
    if file == nil then
        return
    end
    file:write(LOG_LINE.."\n")
    file:flush()
    file:close()
end

-- test log
function write(logfile, msg)
    local fd,err = io.open(logfile,"a+")
    if fd == nil then
        ngx.log(ngx.ERR,"writefile msg : "..msg,err)
        return
    end
    fd:write(msg)
    fd:flush()
    fd:close()
end

-- WAF return
function waf_output()
    if config_waf_output == "redirect" then
        ngx.redirect(config_waf_redirect_url, 301)
    else
        ngx.header.content_type = "text/html"
        ngx.status = ngx.HTTP_FORBIDDEN
        ngx.say(config_output_html)
        ngx.exit(ngx.status)
    end
end
Add checkcode 2018-12-04 09:42:10 +00:00			`-- waf core lib`
			`require "config"`
commit 2018-06-24 12:16:03 +00:00
Add checkcode 2018-12-04 09:42:10 +00:00			`-- Get the client IP`
commit 2018-06-24 12:16:03 +00:00			`function get_client_ip()`
Add checkcode 2018-12-04 09:42:10 +00:00			`local CLIENT_IP = ngx.req.get_headers()["X_real_ip"]`
commit 2018-06-24 12:16:03 +00:00			`if CLIENT_IP == nil then`
			`CLIENT_IP = ngx.req.get_headers()["X_Forwarded_For"]`
			`end`
			`if CLIENT_IP == nil then`
			`CLIENT_IP = ngx.var.remote_addr`
			`end`
			`if CLIENT_IP == nil then`
			`CLIENT_IP = "unknown"`
			`end`
			`return CLIENT_IP`
			`end`

Add checkcode 2018-12-04 09:42:10 +00:00			`-- Get the client user agent`
commit 2018-06-24 12:16:03 +00:00			`function get_user_agent()`
Add checkcode 2018-12-04 09:42:10 +00:00			`local USER_AGENT = ngx.var.http_user_agent`
commit 2018-06-24 12:16:03 +00:00			`if USER_AGENT == nil then`
			`USER_AGENT = "unknown"`
			`end`
			`return USER_AGENT`
			`end`

Add checkcode 2018-12-04 09:42:10 +00:00			`-- Get WAF rule`
commit 2018-06-24 12:16:03 +00:00			`function get_rule(rulefilename)`
Add checkcode 2018-12-04 09:42:10 +00:00			`local io = require "io"`
commit 2018-06-24 12:16:03 +00:00			`local RULE_PATH = config_rule_dir`
			`local RULE_FILE = io.open(RULE_PATH..'/'..rulefilename,"r")`
			`if RULE_FILE == nil then`
			`return`
			`end`
Add checkcode 2018-12-04 09:42:10 +00:00			`local RULE_TABLE = {}`
commit 2018-06-24 12:16:03 +00:00			`for line in RULE_FILE:lines() do`
			`table.insert(RULE_TABLE,line)`
			`end`
			`RULE_FILE:close()`
			`return(RULE_TABLE)`
			`end`

Add checkcode 2018-12-04 09:42:10 +00:00			`-- WAF log record for json,(use logstash codec => json)`
commit 2018-06-24 12:16:03 +00:00			`function log_record(method,url,data,ruletag)`
			`local cjson = require("cjson")`
Add checkcode 2018-12-04 09:42:10 +00:00			`local io = require "io"`
commit 2018-06-24 12:16:03 +00:00			`local LOG_PATH = config_log_dir`
			`local CLIENT_IP = get_client_ip()`
			`local USER_AGENT = get_user_agent()`
Add test write function 2018-06-27 03:21:37 +00:00			`local SERVER_NAME = ngx.var.host`
commit 2018-06-24 12:16:03 +00:00			`local LOCAL_TIME = ngx.localtime()`
			`local log_json_obj = {`
			`client_ip = CLIENT_IP,`
			`local_time = LOCAL_TIME,`
			`server_name = SERVER_NAME,`
			`req_url = url,`
			`attack_method = method,`
			`req_data = data,`
			`rule_tag = ruletag,`
			`user_agent = USER_AGENT,`
			`}`
			`local LOG_LINE = cjson.encode(log_json_obj)`
			`local LOG_NAME = LOG_PATH..'/'..ngx.today().."_sec.log"`
			`local file = io.open(LOG_NAME,"a")`
			`if file == nil then`
			`return`
			`end`
			`file:write(LOG_LINE.."\n")`
			`file:flush()`
			`file:close()`
			`end`

Add checkcode 2018-12-04 09:42:10 +00:00			`-- test log`
Add test write function 2018-06-27 03:21:37 +00:00			`function write(logfile, msg)`
			`local fd,err = io.open(logfile,"a+")`
			`if fd == nil then`
			`ngx.log(ngx.ERR,"writefile msg : "..msg,err)`
			`return`
			`end`
			`fd:write(msg)`
			`fd:flush()`
			`fd:close()`
			`end`

Add checkcode 2018-12-04 09:42:10 +00:00			`-- WAF return`
commit 2018-06-24 12:16:03 +00:00			`function waf_output()`
			`if config_waf_output == "redirect" then`
			`ngx.redirect(config_waf_redirect_url, 301)`
			`else`
			`ngx.header.content_type = "text/html"`
			`ngx.status = ngx.HTTP_FORBIDDEN`
			`ngx.say(config_output_html)`
			`ngx.exit(ngx.status)`
			`end`
			`end`