Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: loveshell/ngx_lua_waf
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 0.5
Choose a base ref
...
head repository: loveshell/ngx_lua_waf
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
  • 13 commits
  • 4 files changed
  • 1 contributor

Commits on Apr 28, 2015

  1. delete ...

    loveshell committed Apr 28, 2015

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    Copy the full SHA
    caff7de View commit details

Commits on May 14, 2015

  1. find to match

    loveshell committed May 14, 2015
    Copy the full SHA
    20173bd View commit details
  2. Copy the full SHA
    834c937 View commit details
  3. low ngxlua support ngxmatch

    loveshell committed May 14, 2015
    Copy the full SHA
    2897e49 View commit details

Commits on May 19, 2015

  1. add local var

    loveshell committed May 19, 2015
    Copy the full SHA
    14a78d0 View commit details

Commits on Jun 23, 2015

  1. fix data is ni

    loveshell committed Jun 23, 2015
    Copy the full SHA
    c0b121a View commit details

Commits on Aug 24, 2015

  1. fix symbols

    loveshell committed Aug 24, 2015
    Copy the full SHA
    6a38f4f View commit details

Commits on Oct 21, 2015

  1. fix readme

    loveshell committed Oct 21, 2015
    Copy the full SHA
    2b1079e View commit details
  2. Update README.md

    loveshell committed Oct 21, 2015
    Copy the full SHA
    f609d32 View commit details

Commits on Oct 28, 2015

  1. fix table concat bug

    loveshell committed Oct 28, 2015
    Copy the full SHA
    fa5bf74 View commit details

Commits on Jan 10, 2016

  1. fix ip

    loveshell committed Jan 10, 2016
    Copy the full SHA
    3492d06 View commit details

Commits on Jan 30, 2016

  1. Copy the full SHA
    6606edd View commit details

Commits on Apr 6, 2016

  1. filter some post data

    thanks for bajief
    loveshell committed Apr 6, 2016
    Copy the full SHA
    314a2f6 View commit details
Showing with 19 additions and 14 deletions.
  1. +3 −3 README.md
  2. +8 −6 init.lua
  3. +8 −4 waf.lua
  4. +0 −1 wafconf/post
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -64,7 +64,7 @@ nginx安装路径假设为:/usr/local/nginx/conf/
whiteModule = "on"
--是否开启URL白名单
black_fileExt={"php","jsp"}
--填写可上传文件后缀类型
--填写不允许上传文件后缀类型
ipWhitelist={"127.0.0.1"}
--ip白名单,多个ip用逗号分隔
ipBlocklist={"1.0.0.1"}
@@ -106,8 +106,8 @@ nginx安装路径假设为:/usr/local/nginx/conf/

过滤规则在wafconf下,可根据需求自行调整,每条规则需换行,或者用|分割

global是全局过滤文件,里面的规则对post和get都过滤
get是只在get请求过滤的规则
args里面的规则get参数进行过滤的
url是只在get请求url过滤的规则
post是只在post请求过滤的规则
whitelist是白名单,里面的url匹配到不做过滤
user-agent是对user-agent的过滤规则
14 changes: 8 additions & 6 deletions init.lua
Original file line number Diff line number Diff line change
@@ -15,10 +15,7 @@ attacklog = optionIsOn(attacklog)
CCDeny = optionIsOn(CCDeny)
Redirect=optionIsOn(Redirect)
function getClientIp()
IP = ngx.req.get_headers()["X-Real-IP"]
if IP == nil then
IP = ngx.var.remote_addr
end
IP = ngx.var.remote_addr
if IP == nil then
IP = "unknown"
end
@@ -112,9 +109,14 @@ function args()
local args = ngx.req.get_uri_args()
for key, val in pairs(args) do
if type(val)=='table' then
if val ~= false then
data=table.concat(val, " ")
local t={}
for k,v in pairs(val) do
if v == true then
v=""
end
table.insert(t,v)
end
data=table.concat(t, " ")
else
data=val
end
12 changes: 8 additions & 4 deletions waf.lua
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
local content_length=tonumber(ngx.req.get_headers()['content-length'])
local method=ngx.req.get_method()
local ngxmatch=ngx.re.match
if whiteip() then
elseif blockip() then
elseif denycc() then
@@ -41,12 +42,12 @@ elseif PostCheck then
return true
end
size = size + len(data)
local m = ngx.re.match(data,'Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"','ijo')
local m = ngxmatch(data,[[Content-Disposition: form-data;(.+)filename="(.+)\\.(.*)"]],'ijo')
if m then
fileExtCheck(m[3])
filetranslate = true
else
if ngx.re.find(data,"Content-Disposition:",'isjo') then
if ngxmatch(data,"Content-Disposition:",'isjo') then
filetranslate = false
end
if filetranslate==false then
@@ -68,13 +69,16 @@ elseif PostCheck then
return
end
for key, val in pairs(args) do
if type(val) == "table" or val == false then
if type(val) == "table" then
if type(val[1]) == "boolean" then
return
end
data=table.concat(val, ", ")
else
data=val
end
if data and type(data) ~= "boolean" and body(data) then
return true
body(key)
end
end
end
1 change: 0 additions & 1 deletion wafconf/post
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
\.\./
select.+(from|limit)
(?:(union(.*?)select))
having|rongjitest