diff --git a/plugins/op_waf/conf/luawaf.conf b/plugins/op_waf/conf/luawaf.conf index 10f93c2cd..4ac90fd32 100755 --- a/plugins/op_waf/conf/luawaf.conf +++ b/plugins/op_waf/conf/luawaf.conf @@ -1,4 +1,4 @@ lua_shared_dict limit 10m; -lua_package_path "{$WAF_PATH}/?.lua"; -init_by_lua_file {$WAF_PATH}/init.lua; -access_by_lua_file {$WAF_PATH}/waf.lua; +lua_package_path "{$WAF_PATH}/lua/?.lua"; +init_by_lua_file {$WAF_PATH}/lua/init.lua; +access_by_lua_file {$WAF_PATH}/lua/waf.lua; diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py index d6e672c44..5d6a20d19 100755 --- a/plugins/op_waf/index.py +++ b/plugins/op_waf/index.py @@ -93,7 +93,7 @@ def initDreplace(): cmd = 'cp -rf ' + sdir + ' ' + path public.execShell(cmd) - config = public.getServerDir() + "/openresty/nginx/conf/waf/config.lua" + config = public.getServerDir() + "/openresty/nginx/conf/waf/lua/init.lua" content = public.readFile(config) content = contentReplace(content) public.writeFile(config, content) @@ -118,7 +118,12 @@ def start(): def stop(): - initDreplace() + path = public.getServerDir() + "/openresty/nginx/conf/waf" + if os.path.exists(path): + cmd = 'rm -rf '+path + public.execShell(cmd) + + path = getConf() conf = public.readFile(path) diff --git a/plugins/op_waf/js/op_waf.js b/plugins/op_waf/js/op_waf.js index cfe5dcd4f..263222b6d 100755 --- a/plugins/op_waf/js/op_waf.js +++ b/plugins/op_waf/js/op_waf.js @@ -206,6 +206,68 @@ function setRetry(retry_cycle, retry, retry_time, siteName) { }); } + + +//设置规则 +function setObjConf(ruleName, type) { + if (type == undefined) { + create_l = layer.open({ + type: 1, + title: "编辑规则【" + ruleName + "】", + area: ['700px', '530px'], + closeBtn: 2, + shadeClose: false, + content: '
\ +
\ + \ + \ + \
\ +
\ +
\ + \ + \ + \ + \ + \ + \ + \ + \ + \ + \ +
规则说明操作状态
\ +
\ +
\ +
' + }); + tableFixed("jc-file-table") + } + var loadT = layer.msg('正在获取配置规则,请稍候..', { icon: 16, time: 0 }); + $.post('/plugin?action=a&name=btwaf&s=get_rule', { ruleName: ruleName }, function (rdata) { + layer.close(loadT); + var tbody = '' + for (var i = 0; i < rdata.length; i++) { + var removeRule = '' + if (rdata[i][3] != 0) removeRule = ' | 删除'; + tbody += '\ + ' + rdata[i][1] + '\ + ' + rdata[i][2] + '\ + 编辑' + removeRule + '\ + \ +
\ + \ + \ +
\ + \ + ' + } + $("#set_obj_conf_con").html(tbody) + }); +} + function wafScreen(){ owPost('waf_srceen', {}, function(data){ @@ -278,7 +340,7 @@ function wafGloabl(){ \ \ \ - 规则 | 响应内容\ + 规则 | 响应内容\ \ \ \ diff --git a/plugins/op_waf/waf/config.lua b/plugins/op_waf/waf/config.lua deleted file mode 100644 index cb1c91b46..000000000 --- a/plugins/op_waf/waf/config.lua +++ /dev/null @@ -1,13 +0,0 @@ -RulePath = "{$WAF_PATH}/wafconf" -attacklog = "on" -logdir = "{$ROOT_PATH}/wwwlogs/waf/" -UrlDeny="on" -Redirect="on" -CookieMatch="off" -postMatch="off" -whiteModule="on" -black_fileExt={"php","jsp"} -ipWhitelist={"127.0.0.2"} -ipBlocklist={"1.0.0.1"} -CCDeny="off" -CCrate="300/60" diff --git a/plugins/op_waf/waf/init.lua b/plugins/op_waf/waf/lua/init.lua similarity index 95% rename from plugins/op_waf/waf/init.lua rename to plugins/op_waf/waf/lua/init.lua index dd10ab1e5..8d731391d 100644 --- a/plugins/op_waf/waf/init.lua +++ b/plugins/op_waf/waf/lua/init.lua @@ -1,3 +1,19 @@ +RulePath = "{$WAF_PATH}/wafconf" +attacklog = "on" +logdir = "{$ROOT_PATH}/wwwlogs/waf/" +UrlDeny="on" +Redirect="on" +CookieMatch="off" +postMatch="off" +whiteModule="on" +black_fileExt={"php","jsp"} +ipWhitelist={"127.0.0.2"} +ipBlocklist={"1.0.0.1"} +CCDeny="off" +CCrate="300/60" + + + require 'config' local match = string.match local ngxmatch=ngx.re.find diff --git a/plugins/op_waf/waf/waf.lua b/plugins/op_waf/waf/lua/waf.lua similarity index 100% rename from plugins/op_waf/waf/waf.lua rename to plugins/op_waf/waf/lua/waf.lua diff --git a/plugins/op_waf/waf/rule/args.json b/plugins/op_waf/waf/rule/args.json new file mode 100644 index 000000000..5b6f01612 --- /dev/null +++ b/plugins/op_waf/waf/rule/args.json @@ -0,0 +1,158 @@ +[[ + [ + 1, + "\\.\\./\\.\\./", + "目录保护1", + 0 + ], + [ + 1, + "/\\*", + "目录保护2", + 0 + ], + [ + 1, + "(?:etc\\/\\W*passwd)", + "目录保护3", + 0 + ], + [ + 1, + "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", + "PHP流协议过滤1", + 0 + ], + [ + 1, + "\\:\\$", + "一句话木马过滤1", + 0 + ], + [ + 1, + "\\$\\{", + "一句话木马过滤2", + 0 + ], + [ + 1, + "base64_decode\\(", + "一句话木马过滤3", + 0 + ], + [ + 1, + "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", + "一句话木马过滤4", + 0 + ], + [ + 1, + "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", + "一句话木马过滤5", + 0 + ], + [ + 1, + "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")", + "SQL注入过滤1", + 0 + ], + [ + 1, + "select.+(from|limit)", + "SQL注入过滤2", + 0 + ], + [ + 1, + "(?:(union(.*?)select))", + "SQL注入过滤3", + 0 + ], + [ + 1, + "sleep\\((\\s*)(\\d*)(\\s*)\\)", + "SQL注入过滤5", + 0 + ], + [ + 1, + "benchmark\\((.*)\\,(.*)\\)", + "SQL注入过滤6", + 0 + ], + [ + 1, + "(?:from\\W+information_schema\\W)", + "SQL注入过滤7", + 0 + ], + [ + 1, + "(?:(?:current_)user|database|schema|connection_id)\\s*\\(", + "SQL注入过滤8", + 0 + ], + [ + 1, + "into(\\s+)+(?:dump|out)file\\s*", + "SQL注入过滤9", + 0 + ], + [ + 1, + "group\\s+by.+\\(", + "SQL注入过滤10", + 0 + ], + [ + 1, + "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)", + "XSS过滤1", + 0 + ], + [ + 0, + "(onmouseover|onerror|onload)\\=", + "XSS过滤2", + 0 + ], + [ + 1, + "(invokefunction|call_user_func_array|\\\\think\\\\)", + "ThinkPHP payload封堵", + 0 + ], + [ + 1, + "^url_array\\[.*\\]$", + "Metinfo6.x XSS漏洞", + 0 + ], + [ + 1, + "(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()", + "SQL报错注入过滤01", + 0 + ], + [ + 1, + "(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()", + "SQL报错注入过滤02", + 0 + ], + [ + 1, + "(substr\\()", + "SQL注入过滤10", + 0 + ], + [ + 1, + "\\|+\\s+[\\w\\W]+=[\\w\\W]+", + "SQL注入过滤1", + 0 + ] +]] \ No newline at end of file diff --git a/plugins/op_waf/waf/site.json b/plugins/op_waf/waf/site.json index 1fbc5b36e..ed50e034b 100755 --- a/plugins/op_waf/waf/site.json +++ b/plugins/op_waf/waf/site.json @@ -1 +1 @@ -{"www.khxs.org": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}, "gae.cachecha.com": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}} \ No newline at end of file +{{"www.khxs.org": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}, "gae.cachecha.com": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}}} \ No newline at end of file