From 38521f794e322652cb4281c9f944df5e9eed1eea Mon Sep 17 00:00:00 2001
From: 174001602 <58964152+174001602@users.noreply.github.com>
Date: Sun, 19 Jan 2020 20:57:32 +0800
Subject: [PATCH] =?UTF-8?q?patch=2020200119=20=E4=BF=AE=E6=AD=A3url=20?=
 =?UTF-8?q?=E7=99=BD=E5=90=8D=E5=8D=95=20=E4=B8=BA=20=E5=BC=BA=E5=8C=B9?=
 =?UTF-8?q?=E9=85=8D=E9=98=B2=E6=AD=A2=E5=88=A9=E7=94=A8=E7=BB=95=E8=BF=87?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

说明:
1.whiteurl 规则 从\. 开始匹配的静态文件名相当于排除此扩展名的静态文件，如果是URL动态路径带?的路径里包含静态文件名不生效
2.例如原captcha-waf\.html规则，修改后表示从网站根目录下captcha-waf.html文件符合规则，如果文件在/xxx/captcha-waf.html下则不符合规则，也就是修改后从根目录下从头开始匹配，防止利用绕过。
3.可能带来的其他问题目前测试还未知
---
 init.lua | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/init.lua b/init.lua
index 49d1861..bace106 100644
--- a/init.lua
+++ b/init.lua
@@ -49,8 +49,20 @@ function white_url_check()
         local REQ_URI = string.lower(ngx.var.request_uri)
         if URL_WHITE_RULES ~= nil then
             for _,rule in pairs(URL_WHITE_RULES) do
-                if rule ~= "" and rulematch(REQ_URI,string.lower(rule),"jo") then
-                    return true
+                if rule ~= "" then
+                    local REQ_URI_LEN = string.len(REQ_URI)
+                    local rule_str = string.sub(rule,1,2)
+                    local from, to, err = rulematch(REQ_URI,string.lower(rule),"jo")
+                    if rule_str == "\\." then
+                        local wfrom, wto, werr = rulematch(REQ_URI,"%?","jo")
+                        if from and REQ_URI_LEN == to and wfrom == nil then
+                            return true
+                        end
+                    elseif from and rule_str == "\\/" and from == 1 then
+                        return true
+                    elseif from and from == 2 then
+                        return true
+                    end
                 end
             end
         end