github
/
ngx_lua_waf_oneinstack
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[feat] Update

pull/13/head
yeho 2020-02-27 22:05:21 +08:00
parent 782aca99cd
commit 6115198406
2 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
access.lua
View File

@ -16,7 +16,7 @@ local function waf_main()
elseif cookie_attack_check() then elseif cookie_attack_check() then
elseif url_attack_check() then elseif url_attack_check() then
elseif url_args_attack_check() then elseif url_args_attack_check() then
--elseif post_attack_check() then elseif post_attack_check() then
else else
return return
end end

10
init.lua
View File

@ -14,7 +14,7 @@ function white_ip_check()
if IP_WHITE_RULE ~= nil then if IP_WHITE_RULE ~= nil then
for _,rule in pairs(IP_WHITE_RULE) do for _,rule in pairs(IP_WHITE_RULE) do
if rule ~= "" and rulematch(WHITE_IP,rule,"jo") then if rule ~= "" and rulematch(WHITE_IP,rule,"jo") then
log_record("White_IP",ngx.var.request_uri,"_","_") -- log_record("White_IP",ngx.var.request_uri,"_","_")
return true return true
end end
end end
@ -88,7 +88,6 @@ function cc_attack_check()
-- write("/data/wwwlogs/info.log",CC_TOKEN .."\t".. ATTACK_URL .. "\t".. "req: " .. req .."\n") -- write("/data/wwwlogs/info.log",CC_TOKEN .."\t".. ATTACK_URL .. "\t".. "req: " .. req .."\n")
if req > CCcount then if req > CCcount then
log_record("CC_Attack",ngx.var.request_uri,"-","-") log_record("CC_Attack",ngx.var.request_uri,"-","-")
log_post_http("CC_Attack",ngx.var.request_uri,"-","-")
if config_waf_enable == "on" then if config_waf_enable == "on" then
local source = ngx.encode_base64(ngx.var.scheme.."://"..ngx.var.host..ngx.var.request_uri) local source = ngx.encode_base64(ngx.var.scheme.."://"..ngx.var.host..ngx.var.request_uri)
local dest = '/captcha-waf.html' .. '?continue=' .. source local dest = '/captcha-waf.html' .. '?continue=' .. source
@ -152,7 +151,7 @@ function url_args_attack_check()
--local REQ_ARGS = ngx.req.get_uri_args() --local REQ_ARGS = ngx.req.get_uri_args()
local REQ_ARGS, err = ngx.req.get_uri_args() local REQ_ARGS, err = ngx.req.get_uri_args()
if err == "truncated" then if err == "truncated" then
log_record("URL_ARGS_MANY",ngx.var.request_uri,"-",rule) log_record("Deny_URL_Args_Many",ngx.var.request_uri,"-",rule)
if config_waf_enable == "on" then if config_waf_enable == "on" then
waf_output() waf_output()
return true return true
@ -185,7 +184,7 @@ function user_agent_attack_check()
if USER_AGENT ~= nil then if USER_AGENT ~= nil then
for _,rule in pairs(USER_AGENT_RULES) do for _,rule in pairs(USER_AGENT_RULES) do
if rule ~="" and rulematch(string.lower(USER_AGENT),string.lower(rule),"jo") then if rule ~="" and rulematch(string.lower(USER_AGENT),string.lower(rule),"jo") then
log_record("Deny_USER_AGENT",ngx.var.request_uri,"-",rule) log_record("Deny_User_Agent",ngx.var.request_uri,"-",rule)
if config_waf_enable == "on" then if config_waf_enable == "on" then
waf_output() waf_output()
return true return true
@ -201,12 +200,11 @@ end
function post_attack_check() function post_attack_check()
if config_post_check == "on" then if config_post_check == "on" then
local POST_RULES = get_rule("post") local POST_RULES = get_rule("post")
ngx.req.read_body()
for _,rule in pairs(POST_RULES) do for _,rule in pairs(POST_RULES) do
-- local REQ_POST = ngx.req.get_post_args() -- local REQ_POST = ngx.req.get_post_args()
local REQ_POST, err = ngx.req.get_post_args() local REQ_POST, err = ngx.req.get_post_args()
if err == "truncated" then if err == "truncated" then
log_record("DENY_POST_MANY",ngx.var.request_uri,"-",rule) log_record("Deny_POST_Many",ngx.var.request_uri,"-",rule)
if config_waf_enable == "on" then if config_waf_enable == "on" then
waf_output() waf_output()
return true return true