up

plugins/op_waf/conf/init.sql

@@ -3,7 +3,7 @@ PRAGMA page_size = 4096;
 PRAGMA journal_mode = wal;
 PRAGMA journal_size_limit = 1073741824;
 
-CREATE TABLE IF NOT EXISTS `waf_history` (
+CREATE TABLE IF NOT EXISTS `logs` (
     `time` INTEGER,
     `ip` TEXT,
     `domain` TEXT,
@@ -11,5 +11,6 @@ CREATE TABLE IF NOT EXISTS `waf_history` (
     `method` TEXT,
     `status_code` INTEGER,
     `uri` TEXT,
+    `rule_name` TEXT,
     `reason` TEXT
 );

plugins/op_waf/index.py

@@ -72,7 +72,7 @@ def getConf():
     return path
 
 
-def pSqliteDb(dbname='waf_history'):
+def pSqliteDb(dbname='logs'):
     name = "waf"
     db_dir = getServerDir() + '/logs/'
 
@@ -261,7 +261,7 @@ def autoMakeLuaConfSingle(file):
 
 def autoMakeLuaImportSingle(file):
     path = getServerDir() + "/waf/" + file + ".json"
-    to_path = getServerDir() + "/waf/conf/" + file + ".lua"
+    to_path = getServerDir() + "/waf/conf/waf_" + file + ".lua"
     content = mw.readFile(path)
     # print(content)
     content = json.loads(content)

plugins/op_waf/t/index.py

@@ -211,16 +211,16 @@ def test_OK():
 def test_start():
     # test_OK()
     # test_Dir()
-    # test_UA()
+    test_UA()
     # test_UA_for(1000)
     # test_POST()
     # test_scan()
-    test_CC()
+    # test_CC()
     # test_url_ext()
     # test_cdn()
 
 
 if __name__ == "__main__":
-    os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
-    os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
+    # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
+    # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
     test_start()

plugins/op_waf/t/test.sh

@@ -5,7 +5,7 @@ export PATH
 # apt -y install apache2-utils
 # yum -y install httpd-tools
 
-# ab -c 30 -n 10000000 http://www.zzzvps.com/
+# ab -c 3000 -n 10000000 http://www.zzzvps.com/
 # /cc https://www.zzzvps.com/ 120
 # ab -c 10 -n 1000 http://t1.cn/wp-admin/index.php
 # ab -c 1000 -n 1000000 http://dev156.cachecha.com/

plugins/op_waf/waf/lua/common.lua

@@ -10,7 +10,7 @@ local debug_mode = false
 
 local waf_root = "{$WAF_ROOT}"
 local cpath = waf_root.."/waf/"
-local logdir = waf_root.."/logs/"
+local log_dir = waf_root.."/logs/"
 local rpath = cpath.."/rule/"
 
 function _M.new(self)
@@ -19,7 +19,7 @@ function _M.new(self)
         waf_root = waf_root,
         cpath = cpath,
         rpath = rpath,
-        logdir = logdir,
+        logdir = log_dir,
         config = '',
         site_config = '',
         server_name = '',
@@ -34,7 +34,6 @@ end
 function _M.getInstance(self)
     if rawget(self, "instance") == nil then
         rawset(self, "instance", self.new())
-        self.initDB()
     end
     assert(self.instance ~= nil)
     return self.instance
@@ -63,6 +62,40 @@ function _M.initDB(self)
     return db
 end
 
+function _M.log(self, args, rule_name, reason)
+    local local_db = self:initDB()
+    local stmt2 = local_db:prepare[[INSERT INTO logs(time, ip, domain, server_name, method, status_code, uri, rule_name,reason) 
+        VALUES(:time, :ip, :domain, :server_name, :method, :status_code, :uri, :rule_name, :reason)]]
+
+    local_db:exec([[BEGIN TRANSACTION]])
+
+    stmt2:bind_names{
+        time=args['time'],
+        ip=args['ip'],
+        domain=args['server_name'],
+        server_name=args['server_name'],
+        method=args['method'],
+        status_code=args['status_code'],
+        uri=args['request_uri'],
+        rule_name=rule_name,
+        reason=reason
+    }
+
+    local res, err = stmt2:step()
+    self:D("LOG[1]:"..tostring(res)..":"..tostring(err))
+    if tostring(res) == "5" then
+        self.D("waf the step database connection is busy, so it will be stored later.")
+        return false
+    end
+    stmt2:reset()
+
+    local res, err = local_db:execute([[COMMIT]])
+
+    self:D("LOG[2]:"..tostring(res)..":"..tostring(err))
+    if local_db and local_db:isopen() then
+        local_db:close()
+    end
+end
 function _M.setDebug(self, mode)
     debug_mode = mode
 end
@@ -517,8 +550,10 @@ end
 
 function _M.write_log(self, name, rule)
     local config = self.config
+    local params = self.params
 
-    local ip = self.params['ip']
+    local ip = params['ip']
+    local ngx_time = ngx.time()
     
     local retry = config['retry']['retry']
     local retry_time = config['retry']['retry_time']
@@ -532,7 +567,7 @@ function _M.write_log(self, name, rule)
     end
 
     if config['log'] ~= true or self:is_site_config('log') ~= true then return false end
-    local method = self.params['method']
+    local method = params['method']
     if error_rule then 
         rule = error_rule
         error_rule = nil
@@ -550,30 +585,15 @@ function _M.write_log(self, name, rule)
         end
         local lock_time = retry_time * safe_count
         if lock_time > 86400 then lock_time = 86400 end
-        local logtmp = {
-            ngx.localtime(),
-            ip,
-            method,ngx.var.request_uri,
-            ngx.var.http_user_agent,
-            name,
-            retry_cycle .. '秒以内累计超过'..retry..'次以上非法请求,封锁'.. lock_time ..'秒'
-        }
-        local logstr = json.encode(logtmp) .. "\n"
+
         retry_times = retry + 1
         ngx.shared.waf_drop_ip:set(ip, retry_times, lock_time)
-        self:write_to_file(logstr)
+
+        local reason = retry_cycle .. '秒以内累计超过'..retry..'次以上非法请求,封锁'.. lock_time ..'秒'
+        self:log(params, name, reason)
     else
-        local logtmp = {
-            ngx.localtime(),
-            ip,
-            method,
-            ngx.var.request_uri,
-            ngx.var.http_user_agent,
-            name,
-            rule
-        }
-        local logstr = json.encode(logtmp) .. "\n"
-        self:write_to_file(logstr)
+
+        self:log(params, name, rule)
     end
     
     self:stats_total(name, rule)

plugins/op_waf/waf/lua/init.lua

@@ -4,9 +4,11 @@ local ngx_match = ngx.re.find
 local __C = require "common"
 local C = __C:getInstance()
 
-local config = require "config"
-local site_config = require "site"
-local config_domains = require "domains"
+local config = require "waf_config"
+local site_config = require "waf_site"
+local config_domains = require "waf_domains"
+
+-- C:D("config:"..C:to_json(config))
 
 C:setConfData(config, site_config)
 C:setDebug(true)
@@ -39,7 +41,9 @@ local function initParams()
     data['uri_request_args'] = ngx.req.get_uri_args()
     data['method'] = ngx.req.get_method()
     data['request_uri'] = ngx.var.request_uri
+    data['status_code'] = ngx.status
     data['cookie'] = ngx.var.http_cookie
+    data['time'] = ngx.time()
     return data
 end
 
@@ -47,6 +51,9 @@ local params = initParams()
 C:setParams(params)
 
 local cpu_percent = ngx.shared.waf_limit:get("cpu_usage")
+if not cpu_percent then
+    cpu_percent = 0 
+end
 
 local function get_return_state(rstate,rmsg)
     result = {}