-- waf core lib require "config" -- Get the client IP function get_client_ip() local CLIENT_IP = ngx.req.get_headers()["X_real_ip"] if CLIENT_IP == nil then CLIENT_IP = ngx.req.get_headers()["X_Forwarded_For"] end if CLIENT_IP == nil then CLIENT_IP = ngx.var.remote_addr end if CLIENT_IP == nil then CLIENT_IP = "unknown" end return CLIENT_IP end -- Get the client user agent function get_user_agent() local USER_AGENT = ngx.var.http_user_agent if USER_AGENT == nil then USER_AGENT = "unknown" end return USER_AGENT end -- Get WAF rule function get_rule(rulefilename) local io = require "io" local RULE_PATH = config_rule_dir local RULE_FILE = io.open(RULE_PATH..'/'..rulefilename,"r") if RULE_FILE == nil then return end local RULE_TABLE = {} for line in RULE_FILE:lines() do table.insert(RULE_TABLE,line) end RULE_FILE:close() return(RULE_TABLE) end -- WAF log record for json,(use logstash codec => json) function log_record(method,url,data,ruletag) local cjson = require("cjson") local io = require "io" local LOG_PATH = config_log_dir local CLIENT_IP = get_client_ip() local USER_AGENT = get_user_agent() local SERVER_NAME = ngx.var.host local LOCAL_TIME = ngx.localtime() local log_json_obj = { client_ip = CLIENT_IP, local_time = LOCAL_TIME, server_name = SERVER_NAME, req_url = url, attack_method = method, req_data = data, rule_tag = ruletag, user_agent = USER_AGENT, } local LOG_LINE = cjson.encode(log_json_obj) local LOG_NAME = LOG_PATH..'/'..ngx.today().."_sec.log" local file = io.open(LOG_NAME,"a") if file == nil then return end file:write(LOG_LINE.."\n") file:flush() file:close() end -- test log function write(logfile, msg) local fd,err = io.open(logfile,"a+") if fd == nil then ngx.log(ngx.ERR,"writefile msg : "..msg,err) return end fd:write(msg) fd:flush() fd:close() end -- WAF return function waf_output() if config_waf_output == "redirect" then ngx.redirect(config_waf_redirect_url, 301) else ngx.header.content_type = "text/html" ngx.status = ngx.HTTP_FORBIDDEN ngx.say(config_output_html) ngx.exit(ngx.status) end end