Update init.lua

README.md

@@ -1,7 +1,12 @@
 ### ngx_lua_waf
 ngx_lua_waf是一个基于lua-nginx-module的web应用防火墙
 
-### 安装
+### OneinStack启用ngx_lua_waf 
+```
+~/oneinstack/addons.sh
+#install ngx_lua_waf
+```
+### 手工安装
 ```
 cd /root/oneinstack/src
 wget http://luajit.org/download/LuaJIT-2.1.0-beta3.tar.gz  #推荐2.1版本
@@ -18,12 +23,12 @@ make && make install
 cd ..
 export LUAJIT_LIB=/usr/local/lib
 export LUAJIT_INC=/usr/local/include/luajit-2.1
-sed -i "s@^nginx_modules_options=.*@nginx_modules_options='--add-module=../lua-nginx-module --add-module=../ngx_devel_kit'@" options.conf
+sed -i "s@^nginx_modules_options=.*@nginx_modules_options='--with-ld-opt=-Wl,-rpath,/usr/local/lib --add-module=../lua-nginx-module --add-module=../ngx_devel_kit'@" options.conf
 ./install.sh --nginx_option 1
 
 cat > /usr/local/nginx/conf/waf.conf << EOF
 lua_shared_dict limit 20m;
-lua_package_path "/usr/local/nginx/conf/waf/?.lua";
+lua_package_path "/usr/local/nginx/conf/waf/?.lua;;";
 init_by_lua_file "/usr/local/nginx/conf/waf/init.lua";
 access_by_lua_file "/usr/local/nginx/conf/waf/access.lua";
 EOF

config.lua

@@ -23,7 +23,7 @@ config_cookie_check = "on"
 --enable/disable cc filtering
 config_cc_check = "on"
 --cc rate the xxx of xxx seconds
-config_cc_rate = "20/60"
+config_cc_rate = "120/120"
 --enable/disable post filtering
 config_post_check = "on"
 --config waf output redirect/html

init.lua

@@ -14,7 +14,7 @@ function white_ip_check()
         if IP_WHITE_RULE ~= nil then
             for _,rule in pairs(IP_WHITE_RULE) do
                 if rule ~= "" and rulematch(WHITE_IP,rule,"jo") then
-                    log_record('White_IP',ngx.var_request_uri,"_","_")
+                    --log_record('White_IP',ngx.var_request_uri,"_","_")
                     return true
                 end
             end
@@ -45,7 +45,7 @@ end
 function white_url_check()
     if config_white_url_check == "on" then
         local URL_WHITE_RULES = get_rule('whiteurl')
-        local REQ_URI = ngx.var.request_uri
+        local REQ_URI = string.lower(ngx.var.request_uri)
         if URL_WHITE_RULES ~= nil then
             for _,rule in pairs(URL_WHITE_RULES) do
                 if rule ~= "" and rulematch(REQ_URI,rule,"jo") then
@@ -62,7 +62,7 @@ function cc_attack_check()
         local USER_AGENT = get_user_agent()
         --local ATTACK_URL = ngx.var.host .. ngx.var.request_uri
         local ATTACK_URL = ngx.var.host .. ngx.var.uri
-        local CC_TOKEN = get_client_ip() .. "." .. ngx.md5(ATTACK_URL .. USER_AGENT)
+        local CC_TOKEN = get_client_ip() .. "." .. ngx.md5(string.lower(ATTACK_URL) .. USER_AGENT)
         local limit = ngx.shared.limit
         local CCcount=tonumber(string.match(config_cc_rate,'(.*)/'))
         local CCseconds=tonumber(string.match(config_cc_rate,'/(.*)'))
@@ -108,7 +108,7 @@ end
 function url_attack_check()
     if config_url_check == "on" then
         local URL_RULES = get_rule('blackurl')
-        local REQ_URI = ngx.var.request_uri
+        local REQ_URI = string.lower(ngx.var.request_uri)
         for _,rule in pairs(URL_RULES) do
             if rule ~="" and rulematch(REQ_URI,rule,"jo") then
                 log_record('Deny_URL',REQ_URI,"-",rule)