From 28e2abc829c6676b291efa4711d68425cc22f96b Mon Sep 17 00:00:00 2001 From: midoks Date: Tue, 11 Oct 2022 16:26:15 +0800 Subject: [PATCH] demo --- plugins/op_waf/index.py | 2 +- plugins/op_waf/t/index.py | 25 ++++++++++++++++ plugins/op_waf/waf/lua/common.lua | 49 +++++++++---------------------- plugins/op_waf/waf/lua/init.lua | 11 ------- 4 files changed, 40 insertions(+), 47 deletions(-) diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py index 43a2f4bd3..980c3653f 100755 --- a/plugins/op_waf/index.py +++ b/plugins/op_waf/index.py @@ -107,7 +107,7 @@ def initSiteInfo(): site_contents_new[name] = site_contents[name] else: tmp = {} - tmp['cdn'] = False + tmp['cdn'] = True tmp['log'] = True tmp['get'] = True tmp['post'] = True diff --git a/plugins/op_waf/t/index.py b/plugins/op_waf/t/index.py index 2d2301d18..3992caa5f 100644 --- a/plugins/op_waf/t/index.py +++ b/plugins/op_waf/t/index.py @@ -48,6 +48,19 @@ def httpGet__UA(url, ua, timeout=10): return str(e) +def httpGet__cdn(url, ip, timeout=10): + import urllib.request + headers = {'x-forwarded-for': ip} + try: + req = urllib.request.Request(url, headers=headers) + response = urllib.request.urlopen(req) + result = response.read().decode('utf-8') + return result + + except Exception as e: + return str(e) + + def httpPost(url, data, timeout=10): """ 发送POST请求 @@ -109,6 +122,17 @@ def test_UA(): print("user-agent test end") +def test_cdn(): + ''' + user-agent 过滤 + ''' + url = TEST_URL + print("cdn test start") + url_val = httpGet__cdn(url, '2409:8a62:e20:95f0:45b7:233e:f003:c0ab') + print(url_val) + print("cdn test end") + + def test_POST(): ''' user-agent 过滤 @@ -165,6 +189,7 @@ def test_start(): # test_scan() # test_CC() test_url_ext() + # test_cdn() if __name__ == "__main__": diff --git a/plugins/op_waf/waf/lua/common.lua b/plugins/op_waf/waf/lua/common.lua index d264a78b4..4de87d0a1 100644 --- a/plugins/op_waf/waf/lua/common.lua +++ b/plugins/op_waf/waf/lua/common.lua @@ -255,7 +255,7 @@ function _M.array_len(self, arr) end function _M.is_ipaddr(self, client_ip) - local cipn = split(client_ip,'.') + local cipn = self:split_bylog(client_ip,'.') if self:array_len(cipn) < 4 then return false end for _,v in ipairs({1,2,3,4}) do @@ -515,59 +515,38 @@ function _M.write_log(self, name, rule) self:inc_log(name,rule) end +function _M.split_bylog(self,str,reps ) + local resultStrList = {} + string.gsub(str,'[^'..reps..']+',function(w) table.insert(resultStrList,w) end) + return resultStrList +end + function _M.get_real_ip(self, server_name) local client_ip = "unknown" - self:D("client_ip[0]:"..client_ip) if self.site_config[server_name] then if self.site_config[server_name]['cdn'] then local request_header = ngx.req.get_headers() - self:D("ipheader[rr]:"..self:to_json(request_header)) for _,v in ipairs(self.site_config[server_name]['cdn_header']) do - self:D("client_ip[for]:"..tostring(request_header[v])) if request_header[v] ~= nil and request_header[v] ~= "" then local header_tmp = request_header[v] if type(header_tmp) == "table" then header_tmp = header_tmp[1] end - client_ip = split(header_tmp,',')[1] + client_ip = self:split_bylog(header_tmp,',')[1] break; end end end end - self:D("client_ip[cf]:"..client_ip) - if string.match(client_ip,"%d+%.%d+%.%d+%.%d+") == nil or not self:is_ipaddr(client_ip) then - client_ip = ngx.var.remote_addr - self:D("client_ip[2]:"..client_ip) - if client_ip == nil then - client_ip = "unknown" - end + -- ipv6 + if type(client_ip) == 'table' then client_ip = "" end + if client_ip ~= "unknown" and string.match(client_ip,"^[%w:]+$") then + return client_ip end - self:D("client_ip:"..client_ip) - return client_ip -end - -function _M.get_client_ip(self) - local client_ip = "unknown" - local server_name = self.params['server_name'] - if self.site_config[server_name] then - if self.site_config[server_name]['cdn'] then - request_header = self.params["request_header"] - for _,v in ipairs(self.site_config[server_name]['cdn_header']) - do - -- C:D("vv:"..v..tostring(request_header[v])) - if request_header[v] ~= nil and request_header[v] ~= "" then - local header_tmp = request_header[v] - if type(header_tmp) == "table" then header_tmp = header_tmp[1] end - client_ip = split(header_tmp,',')[1] - break; - end - end - end - end - if string.match(client_ip,"%d+%.%d+%.%d+%.%d+") == nil or not self:is_ipaddr(client_ip) then + -- ipv4 + if string.match(client_ip,"%d+%.%d+%.%d+%.%d+") == nil or not self:is_ipaddr(client_ip) then client_ip = ngx.var.remote_addr if client_ip == nil then client_ip = "unknown" diff --git a/plugins/op_waf/waf/lua/init.lua b/plugins/op_waf/waf/lua/init.lua index e251a0d1b..04754edc6 100644 --- a/plugins/op_waf/waf/lua/init.lua +++ b/plugins/op_waf/waf/lua/init.lua @@ -27,13 +27,9 @@ local cookie_rules = C:read_file('cookie') local server_name = string.gsub(C:get_server_name(),'_','.') -C:D("server_name:"..server_name) -C:D("ipheader:".. C:to_json(ngx.req.get_headers())) - function initParams() local data = {} data['server_name'] = server_name - C:D("server_name:init") data['ip'] = C:get_real_ip(server_name) data['ipn'] = C:arrip(data['ip']) data['request_header'] = ngx.req.get_headers() @@ -48,10 +44,6 @@ end local params = initParams() C:setParams(params) - - -C:D("ip demo:".. params['ip']) - function get_return_state(rstate,rmsg) result = {} result['status'] = rstate @@ -61,9 +53,6 @@ end function get_waf_drop_ip() local data = ngx.shared.drop_ip:get_keys(0) - - C:D("[get_waf_drop_ip]data:"..data) - return data end