midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

uu

Browse Source
pull/109/head
midoks 6 years ago
parent 95aba60f40
commit 08258347eb
2 changed files with 101 additions and 52 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 90
      plugins/op_waf/waf/lua/common.lua
  2. 63
      plugins/op_waf/waf/lua/init.lua

90
plugins/op_waf/waf/lua/common.lua
Unescape View File

@ -1,5 +1,4 @@
local setmetatable = setmetatable
local _M = { _VERSION = '0.01' }
local mt = { __index = _M }
@ -7,16 +6,17 @@ local json = require "cjson"
local ngx_match = ngx.re.find
function _M.new(cpath, rpath, logdir)
function _M.new(self, cpath, rpath, logdir)
-- ngx.log(ngx.ERR,"read:"..cpath..",rpath:"..rpath)
local self = {
local opt = {
cpath = cpath,
rpath = rpath,
logdir = logdir,
config = '',
site_config = ''
site_config = '',
params = nil
}
local p = setmetatable(self, mt)
local p = setmetatable(opt, mt)
return p
end
@ -24,9 +24,48 @@ end
function _M.setConfData( self, config, site_config )
self.config = config
self.site_config = site_config
-- ngx.say(json.encode(self.config))
-- ngx.exit(0)
end
function _M.setParams( self, params )
self.params = params
end
function _M.is_min(self, ip1,ip2)
n = 0
for _,v in ipairs({1,2,3,4})
do
if ip1[v] == ip2[v] then
n = n + 1
elseif ip1[v] > ip2[v] then
break
else
return false
end
end
return true
end
function _M.is_max(self,ip1,ip2)
n = 0
for _,v in ipairs({1,2,3,4})
do
if ip1[v] == ip2[v] then
n = n + 1
elseif ip1[v] < ip2[v] then
break
else
return false
end
end
return true
end
function _M.return_message(self, status, msg)
ngx.header.content_type = "application/json;"
@ -71,7 +110,21 @@ function _M.write_file(self, filename, body)
end
function _M.write_to_file(logstr)
function _M.write_drop_ip(self, is_drop, drop_time)
local filename = self.cpath .. 'drop_ip.log'
local fp = io.open(filename,'ab')
if fp == nil then return false end
local logtmp = {os.time(),ip,server_name,request_uri,drop_time,is_drop}
local logstr = json.encode(logtmp) .. "\n"
fp:write(logstr)
fp:flush()
fp:close()
return true
end
function _M.write_to_file(self, logstr)
local server_name = self.params['server_name']
local filename = self.logdir .. '/' .. server_name .. '_' .. ngx.today() .. '.log'
self:write_file(filename, logstr)
return true
@ -145,7 +198,8 @@ end
function _M.inc_log(self, name, rule)
local total_path = cpath .. 'total.json'
local server_name = self.params['server_name']
local total_path = self.cpath .. 'total.json'
local tbody = ngx.shared.limit:get(total_path)
if not tbody then
tbody = self:read_file_body(total_path)
@ -164,9 +218,9 @@ function _M.inc_log(self, name, rule)
local total_log = json.encode(total)
if not total_log then return false end
ngx.shared.limit:set(total_path,total_log)
if not ngx.shared.limit:get('b_btwaf_timeout') then
if not ngx.shared.limit:get('mw_waf_timeout') then
self:write_file(total_path,total_log)
ngx.shared.limit:set('b_btwaf_timeout',1,5)
ngx.shared.limit:set('mw_waf_timeout',1,5)
end
end
@ -200,7 +254,6 @@ end
function _M.is_ngx_match(self, rules, sbody, rule_name)
ngx.say()
if rules == nil or sbody == nil then return false end
if type(sbody) == "string" then
sbody = {sbody}
@ -215,7 +268,6 @@ function _M.is_ngx_match(self, rules, sbody, rule_name)
if self:continue_key(k) then
for i,rule in ipairs(rules)
do
ngx.say("i:"..i..",rule:"..rule)
if self.site_config[server_name] and rule_name then
local n = i - 1
for _,j in ipairs(self.site_config[server_name]['disable_rule'][rule_name])
@ -248,12 +300,12 @@ end
function _M.write_log(self, name, rule)
ngx.say('name:'..name)
local ip = C:get_client_ip()
local ip = self.params['ip']
local retry = self.config['retry']
local retry_time = self.config['retry_time']
local retry_cycle = self.config['retry_cycle']
local count,_ = ngx.shared.drop_ip:get(ip)
local count, _ = ngx.shared.drop_ip:get(ip)
if count then
ngx.shared.drop_ip:incr(ip,1)
else
@ -266,9 +318,7 @@ function _M.write_log(self, name, rule)
error_rule = nil
end
local logtmp = {ngx.localtime(), ip, method,request_uri, ngx.var.http_user_agent, name, rule}
ngx.say('logtmp:'..logtmp)
local logtmp = {ngx.localtime(), ip, method, ngx.var.request_uri, ngx.var.http_user_agent, name, rule}
local logstr = json.encode(logtmp) .. "\n"
local count,_ = ngx.shared.drop_ip:get(ip)
if count > retry and name ~= 'cc' then
@ -281,7 +331,7 @@ function _M.write_log(self, name, rule)
end
local lock_time = retry_time * safe_count
if lock_time > 86400 then lock_time = 86400 end
logtmp = {ngx.localtime(),ip,method,request_uri,ngx.var.http_user_agent,name,retry_cycle .. '秒以内累计超过'..retry..'次以上非法请求,封锁'.. lock_time ..''}
logtmp = {ngx.localtime(),ip,method,ngx.var.request_uri, ngx.var.http_user_agent,name,retry_cycle .. '秒以内累计超过'..retry..'次以上非法请求,封锁'.. lock_time ..''}
logstr = logstr .. json.encode(logtmp) .. "\n"
ngx.shared.drop_ip:set(ip,retry+1,lock_time)
self:write_drop_ip('inc',lock_time)

63
plugins/op_waf/waf/lua/init.lua
Unescape View File

@ -6,57 +6,56 @@ local json = require "cjson"
local ngx_match = ngx.re.find
local _C = require "common"
local C = _C.new(cpath, rpath, logdir)
function write_drop_ip(is_drop,drop_time)
local filename = cpath .. 'drop_ip.log'
local fp = io.open(filename,'ab')
if fp == nil then return false end
local logtmp = {os.time(),ip,server_name,request_uri,drop_time,is_drop}
local logstr = json.encode(logtmp) .. "\n"
fp:write(logstr)
fp:flush()
fp:close()
return true
end
local C = _C:new(cpath, rpath, logdir)
local config = C:read_file_body_decode(cpath .. 'config.json')
local site_config = C:read_file_body_decode(cpath .. 'site.json')
C.setConfData(config, site_config)
C:setConfData(config, site_config)
local get_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["get"]["reqfile"])
local args_rules = C:read_file_table('args')
local retry = config['retry']
local retry_time = config['retry_time']
local retry_cycle = config['retry_cycle']
local ip = C:get_client_ip()
local server_name = string.gsub(C:get_server_name(),'_','.')
local ip_white_rules = C:read_file('ip_white')
function initParams()
local data = {}
data['ip'] = C:get_client_ip()
data['request_header'] = ngx.req.get_headers()
data['uri'] = ngx.unescape_uri(ngx.var.uri)
data['server_name'] = string.gsub(C:get_server_name(),'_','.')
data['uri_request_args'] = ngx.req.get_uri_args()
return data
end
local params = initParams()
C:setParams(params)
-- function min_route()
-- if ngx.var.remote_addr ~= '127.0.0.1' then return false end
-- if uri == '/get_waf_drop_ip' then
-- return_message(200,get_waf_drop_ip())
-- elseif uri == '/remove_waf_drop_ip' then
-- return_message(200,remove_waf_drop_ip())
-- elseif uri == '/clean_waf_drop_ip' then
-- return_message(200,clean_waf_drop_ip())
-- end
-- end
function waf_args()
uri_request_args = ngx.req.get_uri_args()
if not config['get']['open'] or not C:is_site_config('get') then return false end
if C:is_ngx_match(args_rules,uri_request_args,'args') then
ngx.say('okkkkkooo')
C:write_log(ip,'args','regular')
C:return_html(config['get']['status'],get_html)
if C:is_ngx_match(args_rules, params['uri_request_args'],'args') then
C:write_log('args','regular')
C:return_html(config['get']['status'], get_html)
return true
end
return false
end
ngx.header.content_type = "text/html"
function waf()
ngx.header.content_type = "text/plain"
waf_args()
C:return_html(200, '11')
-- return_message(200, config)
end
waf()

Write Preview
Loading…
Cancel
Save