diff --git a/init.lua b/init.lua index 3be7488..386aefc 100644 --- a/init.lua +++ b/init.lua @@ -200,89 +200,79 @@ end -- deny post function post_attack_check() if config_post_check == "on" and ngx.var.request_method == "POST" then + ngx.req.read_body() local POST_RULES = get_rule("post") local receive_headers = ngx.req.get_headers() - for _,rule in pairs(POST_RULES) do - ngx.req.read_body() - if string.sub(receive_headers["content-type"],1,20) == "multipart/form-data;" then - local body_data = ngx.req.get_body_data() - content_type = receive_headers["content-type"] - if not body_data then - local body_data_file = ngx.req.get_body_file() - if body_data_file then - local fh, err = io.open(body_data_file,"r") - if fh then - fh:seek("set") - body_data = fh:read("*a") - fh:close() - end + if string.sub(receive_headers["content-type"],1,20) == "multipart/form-data;" then + info_type = "Deny_MULTIPART_POST" + local body_data = ngx.req.get_body_data() + content_type = receive_headers["content-type"] + if not body_data then + local body_data_file = ngx.req.get_body_file() + if body_data_file then + local fh, err = io.open(body_data_file,"r") + if fh then + fh:seek("set") + body_data = fh:read("*a") + fh:close() end end - bi, bj = string.find(content_type, 'boundary=') - boundary = string.sub(content_type, bj+1) - if body_data ~= "" and boundary ~= "" then - boundary = '--'..boundary - body_data = string.gsub(body_data, "\r", "") - body_data = string.gsub(body_data, "\n", "") - body_data = string.gsub(body_data, "\t", "") - local table_body_data = {} - local i = 0 - local b = string.len(boundary) - while true do - x = i + b + 1; - i,j = string.find(body_data, boundary, i + b + 1) - if i == nil then break end - body = string.sub(body_data, x, i-1) - table.insert(table_body_data, body) - end - for key, val in pairs(table_body_data) do - if type(val) == "table" then - POST_DATA = string.lower(table.concat(val, " ")) - elseif type(val) == "boolean" then - POST_DATA = nil - else - POST_DATA = string.lower(val) - end - if POST_DATA and rule ~="" and rulematch(unescape(POST_DATA),string.lower(rule),"jo") then - log_record("Deny__MULTIPART_POST",ngx.var.request_uri,"-",rule) - if config_waf_enable == "on" then - waf_output() - return true - end - end - end - else - log_record("Deny__MULTIPART_POST",ngx.var.request_uri,"Empty",rule) - if config_waf_enable == "on" then - waf_output() - return true + end + bi, bj = string.find(content_type, 'boundary=') + boundary = string.sub(content_type, bj+1) + if body_data ~= "" and boundary ~= "" then + boundary = '--'..boundary + REQ_POST = {} + local i = 0 + local b = string.len(boundary) + while true do + x = i + b + 1; + i,j = string.find(body_data, boundary, i + b + 1) + if i == nil then break end + body = string.sub(body_data, x, i-1) + Content_Disposition = body:match('Content%-Disposition:.-\r\n') + file_type = body:match("Content%-Type:.-\r\n") + if file_type ~= nil and Content_Disposition ~= nil then + table.insert(REQ_POST, file_type) + table.insert(REQ_POST, Content_Disposition) + else + table.insert(REQ_POST, body) end end else - local REQ_POST, err = ngx.req.get_post_args() - if err == "truncated" then - log_record("DENY_POST_MANY",ngx.var.request_uri,"-",rule) + log_record("Deny__MULTIPART_POST",ngx.var.request_uri,"Empty",rule) + if config_waf_enable == "on" then + waf_output() + return true + end + end + else + info_type = "Deny_POST" + REQ_POST, err = ngx.req.get_post_args() + if err == "truncated" then + log_record("DENY_POST_MANY",ngx.var.request_uri,"-",rule) + if config_waf_enable == "on" then + waf_output() + return true + end + end + end + for _,rule in pairs(POST_RULES) do + for key, val in pairs(REQ_POST) do + if type(val) == "table" then + POST_DATA = string.lower(table.concat(val, " ")) + elseif type(val) == "boolean" then + POST_DATA = nil + else + POST_DATA = string.lower(val) + end + if POST_DATA and rule ~="" and rulematch(unescape(POST_DATA),string.lower(rule),"jo") then + log_record(info_type,ngx.var.request_uri,"-",rule) if config_waf_enable == "on" then waf_output() return true end end - for key, val in pairs(REQ_POST) do - if type(val) == "table" then - POST_DATA = string.lower(table.concat(val, " ")) - elseif type(val) == "boolean" then - POST_DATA = nil - else - POST_DATA = string.lower(val) - end - if POST_DATA and rule ~="" and rulematch(unescape(POST_DATA),string.lower(rule),"jo") then - log_record("Deny_POST",ngx.var.request_uri,"-",rule) - if config_waf_enable == "on" then - waf_output() - return true - end - end - end end end return true