midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
pull/109/head
Mr Chen 6 years ago
parent 875395ad4c
commit 5a52ed41ad
8 changed files with 248 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      plugins/op_waf/conf/luawaf.conf
  2. 9
      plugins/op_waf/index.py
  3. 64
      plugins/op_waf/js/op_waf.js
  4. 13
      plugins/op_waf/waf/config.lua
  5. 16
      plugins/op_waf/waf/lua/init.lua
  6. 0
      plugins/op_waf/waf/lua/waf.lua
  7. 158
      plugins/op_waf/waf/rule/args.json
  8. 2
      plugins/op_waf/waf/site.json

6
plugins/op_waf/conf/luawaf.conf
Unescape View File

@ -1,4 +1,4 @@
lua_shared_dict limit 10m; lua_shared_dict limit 10m;
lua_package_path "{$WAF_PATH}/?.lua"; lua_package_path "{$WAF_PATH}/lua/?.lua";
init_by_lua_file {$WAF_PATH}/init.lua; init_by_lua_file {$WAF_PATH}/lua/init.lua;
access_by_lua_file {$WAF_PATH}/waf.lua; access_by_lua_file {$WAF_PATH}/lua/waf.lua;

9
plugins/op_waf/index.py
Unescape View File

@ -93,7 +93,7 @@ def initDreplace():
cmd = 'cp -rf ' + sdir + ' ' + path cmd = 'cp -rf ' + sdir + ' ' + path
public.execShell(cmd) public.execShell(cmd)
config = public.getServerDir() + "/openresty/nginx/conf/waf/config.lua" config = public.getServerDir() + "/openresty/nginx/conf/waf/lua/init.lua"
content = public.readFile(config) content = public.readFile(config)
content = contentReplace(content) content = contentReplace(content)
public.writeFile(config, content) public.writeFile(config, content)
@ -118,7 +118,12 @@ def start():
def stop(): def stop():
initDreplace() path = public.getServerDir() + "/openresty/nginx/conf/waf"
if os.path.exists(path):
cmd = 'rm -rf '+path
public.execShell(cmd)
path = getConf() path = getConf()
conf = public.readFile(path) conf = public.readFile(path)

64
plugins/op_waf/js/op_waf.js
Unescape View File

@ -206,6 +206,68 @@ function setRetry(retry_cycle, retry, retry_time, siteName) {
}); });
} }
//设置规则
function setObjConf(ruleName, type) {
if (type == undefined) {
create_l = layer.open({
type: 1,
title: "编辑规则【" + ruleName + "】",
area: ['700px', '530px'],
closeBtn: 2,
shadeClose: false,
content: '<div class="pd15">\
<div style="border-bottom:#ccc 1px solid;margin-bottom:10px;padding-bottom:10px">\
<input class="bt-input-text" name="ruleValue" type="text" value="" style="width:470px;margin-right:12px;" placeholder="规则内容,请使用正则表达式">\
<input class="bt-input-text mr5" name="rulePs" type="text" style="width:120px;" placeholder="描述">\
<button class="btn btn-success btn-sm va0 pull-right" onclick="add_rule(\''+ ruleName + '\');">添加</button>\</div>\
<div class="divtable">\
<div id="jc-file-table" class="table_head_fix" style="max-height:300px;overflow:auto;border:#ddd 1px solid">\
<table class="table table-hover" style="border:none">\
<thead>\
<tr>\
<th width="360">规则</th>\
<th>说明</th>\
<th>操作</th>\
<th style="text-align: right;">状态</th>\
</tr>\
</thead>\
<tbody id="set_obj_conf_con" class="gztr"></tbody>\
</table>\
</div>\
</div>\
<ul class="help-info-text c7 ptb10">\
<li style="color:red;">注意:如果您不了解正则表达式,请不要随意修改规则内容</li>\
<li>您可以添加或修改规则内容,但请使用正则表达式</li>\
<li>内置规则允许修改,但不可以直接删除,您可以设置规则状态来定义防火墙是否使用此规则</li>\
</ul></div>'
});
tableFixed("jc-file-table")
}
var loadT = layer.msg('正在获取配置规则,请稍候..', { icon: 16, time: 0 });
$.post('/plugin?action=a&name=btwaf&s=get_rule', { ruleName: ruleName }, function (rdata) {
layer.close(loadT);
var tbody = ''
for (var i = 0; i < rdata.length; i++) {
var removeRule = ''
if (rdata[i][3] != 0) removeRule = ' | <a class="btlink" onclick="remove_rule(\'' + ruleName + '\',' + i + ')">删除</a>';
tbody += '<tr>\
<td class="rule_body_'+ i + '">' + rdata[i][1] + '</td>\
<td class="rule_ps_'+ i + '">' + rdata[i][2] + '</td>\
<td class="rule_modify_'+ i + '"><a class="btlink" onclick="modify_rule(' + i + ',\'' + ruleName + '\')">编辑</a>' + removeRule + '</td>\
<td class="text-right">\
<div class="pull-right">\
<input class="btswitch btswitch-ios" id="closeua_'+ i + '" type="checkbox" ' + (rdata[i][0] ? 'checked' : '') + '>\
<label class="btswitch-btn" style="width:2.0em;height:1.2em;margin-bottom: 0" for="closeua_'+ i + '" onclick="set_rule_state(\'' + ruleName + '\',' + i + ')"></label>\
</div>\
</td>\
</tr>'
}
$("#set_obj_conf_con").html(tbody)
});
}
function wafScreen(){ function wafScreen(){
owPost('waf_srceen', {}, function(data){ owPost('waf_srceen', {}, function(data){
@ -278,7 +340,7 @@ function wafGloabl(){
<input class="btswitch btswitch-ios" id="closeget" type="checkbox" '+ (rdata.get.open ? 'checked' : '') + '>\ <input class="btswitch btswitch-ios" id="closeget" type="checkbox" '+ (rdata.get.open ? 'checked' : '') + '>\
<label class="btswitch-btn" for="closeget" onclick="setObjOpen(\'get\')"></label>\ <label class="btswitch-btn" for="closeget" onclick="setObjOpen(\'get\')"></label>\
</div></td>\ </div></td>\
<td class="text-right"><a class="btlink" onclick="set_obj_conf(\'url\')">规则</a> | <a class="btlink" href="javascript:;" onclick="onlineEditFile(0,\'/www/server/btwaf/html/get.html\')"></a></td>\ <td class="text-right"><a class="btlink" onclick="setObjConf(\'url\')">规则</a> | <a class="btlink" href="javascript:;" onclick="onlineEditFile(0,\'/www/server/btwaf/html/get.html\')"></a></td>\
</tr>\ </tr>\
</tbody>\ </tbody>\
</table>\ </table>\

13
plugins/op_waf/waf/config.lua
Unescape View File

@ -1,13 +0,0 @@
RulePath = "{$WAF_PATH}/wafconf"
attacklog = "on"
logdir = "{$ROOT_PATH}/wwwlogs/waf/"
UrlDeny="on"
Redirect="on"
CookieMatch="off"
postMatch="off"
whiteModule="on"
black_fileExt={"php","jsp"}
ipWhitelist={"127.0.0.2"}
ipBlocklist={"1.0.0.1"}
CCDeny="off"
CCrate="300/60"

16
plugins/op_waf/waf/init.lua → plugins/op_waf/waf/lua/init.lua
Unescape View File

@ -1,3 +1,19 @@
RulePath = "{$WAF_PATH}/wafconf"
attacklog = "on"
logdir = "{$ROOT_PATH}/wwwlogs/waf/"
UrlDeny="on"
Redirect="on"
CookieMatch="off"
postMatch="off"
whiteModule="on"
black_fileExt={"php","jsp"}
ipWhitelist={"127.0.0.2"}
ipBlocklist={"1.0.0.1"}
CCDeny="off"
CCrate="300/60"
require 'config' require 'config'
local match = string.match local match = string.match
local ngxmatch=ngx.re.find local ngxmatch=ngx.re.find

0
plugins/op_waf/waf/waf.lua → plugins/op_waf/waf/lua/waf.lua
Unescape View File

158
plugins/op_waf/waf/rule/args.json
Unescape View File

@ -0,0 +1,158 @@
[[
[
1,
"\\.\\./\\.\\./",
"目录保护1",
0
],
[
1,
"/\\*",
"目录保护2",
0
],
[
1,
"(?:etc\\/\\W*passwd)",
"目录保护3",
0
],
[
1,
"(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
"PHP流协议过滤1",
0
],
[
1,
"\\:\\$",
"一句话木马过滤1",
0
],
[
1,
"\\$\\{",
"一句话木马过滤2",
0
],
[
1,
"base64_decode\\(",
"一句话木马过滤3",
0
],
[
1,
"(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|char|chr|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"一句话木马过滤4",
0
],
[
1,
"\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
"一句话木马过滤5",
0
],
[
1,
"\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
"SQL注入过滤1",
0
],
[
1,
"select.+(from|limit)",
"SQL注入过滤2",
0
],
[
1,
"(?:(union(.*?)select))",
"SQL注入过滤3",
0
],
[
1,
"sleep\\((\\s*)(\\d*)(\\s*)\\)",
"SQL注入过滤5",
0
],
[
1,
"benchmark\\((.*)\\,(.*)\\)",
"SQL注入过滤6",
0
],
[
1,
"(?:from\\W+information_schema\\W)",
"SQL注入过滤7",
0
],
[
1,
"(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
"SQL注入过滤8",
0
],
[
1,
"into(\\s+)+(?:dump|out)file\\s*",
"SQL注入过滤9",
0
],
[
1,
"group\\s+by.+\\(",
"SQL注入过滤10",
0
],
[
1,
"\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
"XSS过滤1",
0
],
[
0,
"(onmouseover|onerror|onload)\\=",
"XSS过滤2",
0
],
[
1,
"(invokefunction|call_user_func_array|\\\\think\\\\)",
"ThinkPHP payload封堵",
0
],
[
1,
"^url_array\\[.*\\]$",
"Metinfo6.x XSS漏洞",
0
],
[
1,
"(extractvalue\\(|concat\\(0x|user\\(\\)|substring\\(|count\\(\\*\\)|substring\\(hex\\(|updatexml\\()",
"SQL报错注入过滤01",
0
],
[
1,
"(@@version|load_file\\(|NAME_CONST\\(|exp\\(\\~|floor\\(rand\\(|geometrycollection\\(|multipoint\\(|polygon\\(|multipolygon\\(|linestring\\(|multilinestring\\()",
"SQL报错注入过滤02",
0
],
[
1,
"(substr\\()",
"SQL注入过滤10",
0
],
[
1,
"\\|+\\s+[\\w\\W]+=[\\w\\W]+",
"SQL注入过滤1",
0
]
]]

2
plugins/op_waf/waf/site.json
Unescape View File

@ -1 +1 @@
{"www.khxs.org": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}, "gae.cachecha.com": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}} {{"www.khxs.org": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}, "gae.cachecha.com": {"scan": true, "cc": {"limit": 120, "endtime": 300, "open": true, "cycle": 60}, "disable_php_path": [], "cdn": false, "cc_uri_white": [], "open": true, "retry": 6, "log": true, "disable_ext": [], "user-agent": true, "disable_upload_ext": ["php", "jsp"], "body_character_string": [], "get": true, "drop_abroad": false, "retry_cycle": 60, "url_tell": [], "cdn_header": ["x-forwarded-for", "x-real-ip"], "url_rule": [], "cookie": true, "retry_time": 180, "post": true, "url_white": [], "disable_rule": {"url": [], "post": [], "args": [], "cookie": [], "user_agent": []}, "project": "", "disable_path": []}}}
Write Preview
Loading…
Cancel
Save