diff --git a/class/core/config_api.py b/class/core/config_api.py index 290ef4c6d..70b82cd9a 100755 --- a/class/core/config_api.py +++ b/class/core/config_api.py @@ -15,7 +15,7 @@ from flask import request class config_api: - __version = '0.9.13' + __version = '0.9.13.1' def __init__(self): pass diff --git a/plugins/op_waf/waf/lua/common.lua b/plugins/op_waf/waf/lua/common.lua index ed2c20b2e..3ed1027d1 100644 --- a/plugins/op_waf/waf/lua/common.lua +++ b/plugins/op_waf/waf/lua/common.lua @@ -15,7 +15,6 @@ local rpath = cpath.."/rule/" function _M.new(self) - local self = { waf_root = waf_root, cpath = cpath, @@ -26,7 +25,6 @@ function _M.new(self) server_name = '', params = nil } - return setmetatable(self, mt) end @@ -518,6 +516,35 @@ function _M.write_log(self, name, rule) end +function _M.get_real_ip(self, server_name) + local client_ip = "unknown" + self:D("client_ip[0]:"..client_ip) + if self.site_config[server_name] then + if self.site_config[server_name]['cdn'] then + for _,v in ipairs(self.site_config[server_name]['cdn_header']) + do + if request_header[v] ~= nil and request_header[v] ~= "" then + local header_tmp = request_header[v] + if type(header_tmp) == "table" then header_tmp = header_tmp[1] end + client_ip = split(header_tmp,',')[1] + break; + end + end + end + end + + if string.match(client_ip,"%d+%.%d+%.%d+%.%d+") == nil or not self:is_ipaddr(client_ip) then + client_ip = ngx.var.remote_addr + self:D("client_ip[2]:"..client_ip) + if client_ip == nil then + client_ip = "unknown" + end + end + + self:D("client_ip:"..client_ip) + return client_ip +end + function _M.get_client_ip(self) local client_ip = "unknown" local server_name = self.params['server_name'] diff --git a/plugins/op_waf/waf/lua/init.lua b/plugins/op_waf/waf/lua/init.lua index b03727aab..39e53401b 100644 --- a/plugins/op_waf/waf/lua/init.lua +++ b/plugins/op_waf/waf/lua/init.lua @@ -9,7 +9,7 @@ local waf_root = "{$WAF_ROOT}" config = C:read_file_body_decode(waf_root.."/waf/"..'config.json') local site_config = C:read_file_body_decode(waf_root.."/waf/"..'site.json') C:setConfData(config, site_config) - +C:setDebug(true) local get_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["get"]["reqfile"]) @@ -25,14 +25,12 @@ local cookie_rules = C:read_file('cookie') local server_name = string.gsub(C:get_server_name(),'_','.') - - --- C:D("sss:"..C:get_server_name()) function initParams() local data = {} data['server_name'] = server_name - -- data['ip'] = C:get_client_ip() - -- data['ipn'] = C:arrip(data['ip']) + C:D("server_name:init") + data['ip'] = C:get_real_ip(server_name) + data['ipn'] = C:arrip(data['ip']) data['request_header'] = ngx.req.get_headers() data['uri'] = ngx.unescape_uri(ngx.var.uri) data['uri_request_args'] = ngx.req.get_uri_args() @@ -44,12 +42,10 @@ end local params = initParams() C:setParams(params) -C:setDebug(true) -local server_name = params["server_name"] -params['ip'] = C:get_client_ip() -params['ipn'] = C:arrip(params['ip']) -C:D(server_name) + +C:D("server_name:"..server_name) +C:D("ip demo:".. params['ip']) function get_return_state(rstate,rmsg) result = {} @@ -60,6 +56,9 @@ end function get_waf_drop_ip() local data = ngx.shared.drop_ip:get_keys(0) + + C:D("[get_waf_drop_ip]data:"..data) + return data end