添加 强制安全验证 功能

plugins/op_waf/index.py

@@ -120,6 +120,7 @@ def initSiteInfo():
             tmp['user-agent'] = config_contents['user-agent']
             tmp['cookie'] = config_contents['cookie']
             tmp['scan'] = config_contents['scan']
+            tmp['safe_verify'] = config_contents['safe_verify']
 
             cdn_header = ['x-forwarded-for',
                           'x-real-ip',
@@ -668,6 +669,30 @@ def setRetry():
     return mw.returnJson(True, '设置成功!', [])
 
 
+def setSafeVerify():
+    args = getArgs()
+    data = checkArgs(args, ['auto', 'time', 'cpu'])
+    if not data[0]:
+        return data[1]
+
+    conf = getJsonPath('config')
+    content = mw.readFile(conf)
+    cobj = json.loads(content)
+
+    cobj['safe_verify']['time'] = args['time']
+    cobj['safe_verify']['cpu'] = args['cpu']
+
+    if args['auto'] == '0':
+        cobj['safe_verify']['auto'] = False
+    else:
+        cobj['safe_verify']['auto'] = True
+
+    cjson = mw.getJson(cobj)
+    mw.writeFile(conf, cjson)
+
+    return mw.returnJson(True, '设置成功!', [])
+
+
 def setSiteRetry():
     return mw.returnJson(True, '设置成功-?!', [])
 
@@ -997,6 +1022,8 @@ if __name__ == "__main__":
         print(setSiteCcConf())
     elif func == 'set_retry':
         print(setRetry())
+    elif func == 'set_safe_verify':
+        print(setSafeVerify())
     elif func == 'set_site_retry':
         print(setSiteRetry())
     elif func == 'save_scan_rule':

plugins/op_waf/js/op_waf.js

@@ -69,8 +69,10 @@ function setObjOpen(ruleName){
     owPost('set_obj_open', {obj:ruleName},function(data){
         var rdata = $.parseJSON(data.data);
         if (rdata.status){
-            layer.msg(rdata.msg,{icon:0,time:2000,shade: [0.3, '#000']});
+
-            wafGloabl();
+            showMsg(rdata.msg, function(){
+                wafGloabl();
+            },{icon:1,time:2000,shade: [0.3, '#000']},2000);
         } else {
             layer.msg('设置失败!',{icon:0,time:2000,shade: [0.3, '#000']});
         }
@@ -84,7 +86,7 @@ function saveCcRule(siteName,is_open_global, type) {
     if(type == 2){
         // set_aicc_open('start');
         increase = "0";
-    }else{
+    } else {
         // set_aicc_open('stop');
         increase = type;
     }
@@ -164,7 +166,10 @@ function setCcRule(cycle, limit, endtime, siteName, increase){
                     <li>请不要设置过于严格的CC规则,以免影响正常用户体验</li>\
                     <li><font style="color:red;display:'+ (siteName == 'undefined'?'display: inline-block;':'none') +';">全局应用:全局设置当前CC规则，且覆盖当前全部站点的CC规则</font></li>\
                 </ul>\
-                <div class="bt-form-submit-btn"><button type="button" class="btn btn-danger btn-sm btn_cc_all" style="margin-right:10px;display:'+ (siteName == 'undefined'?'display: inline-block;':'none') +';">全局应用</button><button type="button" class="btn btn-success btn-sm btn_cc_present">应用</button></div>\
+                <div class="bt-form-submit-btn">\
+                    <button type="button" class="btn btn-danger btn-sm btn_cc_all" style="margin-right:10px;display:'+ (siteName == 'undefined'?'display: inline-block;':'none') +';">全局应用</button>\
+                    <button type="button" class="btn btn-success btn-sm btn_cc_present">应用</button>\
+                </div>\
             </form>',
             success:function(layero,index){
                 $('.btn_cc_all').click(function(){
@@ -201,9 +206,12 @@ function setRetry(retry_cycle, retry, retry_time, siteName) {
                 </div>\
                 <ul class="help-info-text c7 ptb10">\
                     <li><font style="color:red;">'+ retry_cycle + '</font> 秒内累计恶意请求超过  <font style="color:red;">' + retry + '</font> 次,封锁 <font style="color:red;">' + retry_time + '</font> 秒</li>\
-                    <li><font style="color:red;">全局应用:全局设置当前恶意容忍规则，且覆盖当前全部站点的恶意容忍规则</li>\
+                    <li><font style="color:red;">全局应用:全局设置当前恶意容忍规则，且覆盖当前全部站点的恶意容忍规则</font></li>\
                 </ul>\
-                <div class="bt-form-submit-btn"><button type="button" class="btn btn-danger btn-sm btn_retry_all" style="margin-right:10px;display:'+ (siteName == undefined?'inline-block;':'none') +';">全局应用</button><button type="button" class="btn btn-success btn-sm btn_retry_present">应用</button></div>\
+                <div class="bt-form-submit-btn">\
+                    <button type="button" class="btn btn-danger btn-sm btn_retry_all" style="margin-right:10px;display:'+ (siteName == undefined?'inline-block;':'none') +';">全局应用</button>\
+                    <button type="button" class="btn btn-success btn-sm btn_retry_present">应用</button>\
+                </div>\
             </form>',
         success:function(){
             $('.btn_retry_all').click(function(){
@@ -217,6 +225,65 @@ function setRetry(retry_cycle, retry, retry_time, siteName) {
 }
 
 
+
+//设置safe_verify规则
+function setSafeVerify(auto, cpu, time, siteName) {
+    var svlayer = layer.open({
+        type: 1,
+        title: "设置强制安全验证",
+        area: '500px',
+        closeBtn: 1,
+        shadeClose: false,
+        content: '<form class="bt-form pd20 pb70">\
+                <div class="line">\
+                    <span class="tname">CPU</span>\
+                    <div class="info-r"><input class="bt-input-text" name="cpu" type="number" max-number="100" value="'+ cpu + '" /> %</div>\
+                </div>\
+                <div class="line">\
+                    <span class="tname">通行时间</span>\
+                    <div class="info-r"><input class="bt-input-text" name="time" type="number" value="'+ time + '" /> 秒</div>\
+                </div>\
+                <div class="line">\
+                    <span class="tname">开启自动</span>\
+                    <div class="info-r">\
+                        <select class="bt-input-text mr5" style="width:80px" name="auto">\
+                        <option value="0" '+(auto==false?"selected=selected":"")+'>关闭</option>\
+                        <option value="1" '+(auto==true?"selected=selected":"")+'>开启</option>\
+                    </select>\
+                </div>\
+                </div>\
+                <ul class="help-info-text c7 ptb10">\
+                    <li><font style="color:red;">全局设置强制安全验证</font></li>\
+                    <li>开启自动后:cpu超过['+cpu+'%]后，强制验证。</li>\
+                </ul>\
+                <div class="bt-form-submit-btn">\
+                    <button type="button" class="btn btn-success btn-sm btn_sv_present">应用</button>\
+                </div>\
+            </form>',
+        success:function(index){
+            $('.btn_sv_present').click(function(){
+                var pdata = {
+                    siteName: siteName,
+                    cpu: $("input[name='cpu']").val(),
+                    auto: $("select[name='auto']").val(),
+                    time: $("input[name='time']").val(),
+                }
+                var act = 'set_safe_verify';
+                owPost(act, pdata, function(data){
+                    var rdata = $.parseJSON(data.data);
+                    showMsg(rdata.msg, function() {
+                       layer.close(svlayer);
+                       wafGloabl();
+                    },{ icon: rdata.status ? 1 : 2 },1000);
+                });
+            });   
+
+            
+        },
+    });
+}
+
+
 //保存retry规则
 function saveRetry(siteName,type) {
     var pdata = {
@@ -253,15 +320,6 @@ function addRule(ruleName) {
             },1000);
         }
     });
-
-    // var loadT = layer.msg('正在添加，请稍候..', { icon: 16, time: 0 });
-    // $.post('/plugin?action=a&name=btwaf&s=add_rule', pdata, function (rdata) {
-    //     layer.close(loadT);
-    //     layer.msg(rdata.msg, { icon: rdata.status ? 1 : 2 });
-    //     if (rdata.status) {
-    //         set_obj_conf(ruleName, 1);
-    //     }
-    // });
 }
 
 function modifyRule(index, ruleName) {
@@ -878,6 +936,16 @@ function wafGloabl(){
                         <td style="text-align: center;">--</td>\
                         <td class="text-right"><a class="btlink" onclick="setRetry('+ rdata.retry.retry_cycle + ',' + rdata.retry.retry + ',' + rdata.retry.retry_time + ')">初始规则</a></td>\
                     </tr>\
+                    <tr>\
+                        <td>强制安全验证</td>\
+                        <td>'+rdata.safe_verify.ps+'</td>\
+                        <td>--</td>\
+                        <td style="text-align: center;"><div class="ssh-item">\
+                            <input class="btswitch btswitch-ios" id="close_safe_verify" type="checkbox" '+(rdata.safe_verify.open ? 'checked' : '')+'>\
+                            <label class="btswitch-btn" for="close_safe_verify" onclick="setObjOpen(\'safe_verify\')"></label></div>\
+                        </td>\
+                        <td class="text-right"><a class="btlink" onclick="setSafeVerify('+ rdata.safe_verify.auto + ',' + rdata.safe_verify.cpu + ',' + rdata.safe_verify.time + ')">设置</a> | <a class="btlink" href="javascript:;" onclick="onlineEditFile(0,\''+rdata['reqfile_path']+'/safe_js.html\')">响应内容</a></td>\
+                    </tr>\
                     <tr>\
                         <td>GET-URI过滤</td>\
                         <td>'+ rdata.get.ps + '</td>\
@@ -1612,10 +1680,7 @@ function wafSite(){
 
 
 
-function wafHistory(){
+function wafHistory(){    
-    
-
-    
     var con = '<button class="btn btn-success btn-sm" onclick="UncoverAll()">解封所有</button>';
     con += '<div class="divtable mt10">\
         <table class="table table-hover waftable" style="color:#fff;">\

plugins/op_waf/t/index.py

@@ -182,14 +182,26 @@ def test_url_ext():
     print("url_ext end")
 
 
+def test_OK():
+    '''
+    目录保存
+    '''
+    url = TEST_URL
+    print("ok test start")
+    url_val = httpGet(url, 10)
+    print(url_val)
+    print("ok test end")
+
+
 def test_start():
+    test_OK()
     # test_Dir()
     # test_UA()
     # test_POST()
     # test_scan()
     # test_CC()
     # test_url_ext()
-    test_cdn()
+    # test_cdn()
 
 
 if __name__ == "__main__":

plugins/op_waf/waf/config.json

@@ -1 +1 @@
-{"reqfile_path": "{$WAF_PATH}/html", "retry": {"retry_time": 180, "is_open_global": 0, "retry": 6, "retry_cycle": 60}, "log": true, "scan": {"status": 444, "ps": "\u8fc7\u6ee4\u5e38\u89c1\u626b\u63cf\u6d4b\u8bd5\u5de5\u5177\u7684\u6e17\u900f\u6d4b\u8bd5", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "\u8fc7\u8651CC\u653b\u51fb", "limit": 120, "endtime": 300, "open": true, "reqfile": "", "cycle": 60}, "get": {"status": 403, "ps": "\u8fc7\u6ee4uri\u3001uri\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "get.html"}, "log_save": 30, "user-agent": {"status": 403, "ps": "\u901a\u5e38\u7528\u4e8e\u8fc7\u6ee4\u6d4f\u89c8\u5668\u3001\u8718\u86db\u53ca\u4e00\u4e9b\u81ea\u52a8\u626b\u63cf\u5668", "open": true, "reqfile": "user_agent.html"}, "other": {"status": 403, "ps": "\u5176\u5b83\u975e\u901a\u7528\u8fc7\u6ee4", "reqfile": "other.html"}, "cookie": {"status": 403, "ps": "\u8fc7\u6ee4\u5229\u7528Cookie\u53d1\u8d77\u7684\u6e17\u900f\u653b\u51fb", "open": true, "reqfile": "cookie.html"}, "logs_path": "/www/wwwlogs/waf", "post": {"status": 403, "ps": "\u8fc7\u6ee4POST\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "post.html"}, "open": true}
+{"reqfile_path": "{$WAF_PATH}/html", "retry": {"retry_time": 180, "is_open_global": 0, "retry": 6, "retry_cycle": 60}, "log": true, "scan": {"status": 444, "ps": "过滤常见扫描测试工具的渗透测试", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "过虑CC攻击", "limit": 120, "endtime": 300, "open": true, "reqfile": "safe_js.html", "cycle": 60}, "safe_verify":{"status": 200,"ps": "强制安全校验", "reqfile": "safe_js.html","open": false,"cpu":75,"auto":true,"time":86400 },"get": {"status": 403, "ps": "过滤uri、uri参数中常见sql注入、xss等攻击", "open": true, "reqfile": "get.html"}, "log_save": 30, "user-agent": {"status": 403, "ps": "通常用于过滤浏览器、蜘蛛及一些自动扫描器", "open": true, "reqfile": "user_agent.html"}, "other": {"status": 403, "ps": "其它非通用过滤", "reqfile": "other.html"}, "cookie": {"status": 403, "ps": "过滤利用Cookie发起的渗透攻击", "open": true, "reqfile": "cookie.html"}, "logs_path": "/www/wwwlogs/waf", "post": {"status": 403, "ps": "过滤POST参数中常见sql注入、xss等攻击", "open": true, "reqfile": "post.html"}, "open": true}

plugins/op_waf/waf/html/cookie.html

@@ -7,7 +7,7 @@
 *{margin:0;padding:0;color:#444}
 body{font-size:14px;font-family:"宋体"}
 .main{width:600px;margin:10% auto;}
-.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}
+.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;text-align: center;}
 .content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}
 .t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}
 .t2{margin-bottom:8px; font-weight:bold}

plugins/op_waf/waf/html/get.html

@@ -7,7 +7,7 @@
 *{margin:0;padding:0;color:#444}
 body{font-size:14px;font-family:"宋体"}
 .main{width:600px;margin:10% auto;}
-.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}
+.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;text-align: center;}
 .content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}
 .t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}
 .t2{margin-bottom:8px; font-weight:bold}

plugins/op_waf/waf/html/other.html

@@ -7,7 +7,7 @@
 *{margin:0;padding:0;color:#444}
 body{font-size:14px;font-family:"宋体"}
 .main{width:600px;margin:10% auto;}
-.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}
+.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;text-align: center;}
 .content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}
 .t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}
 .t2{margin-bottom:8px; font-weight:bold}

plugins/op_waf/waf/html/post.html

@@ -7,7 +7,7 @@
 *{margin:0;padding:0;color:#444}
 body{font-size:14px;font-family:"宋体"}
 .main{width:600px;margin:10% auto;}
-.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}
+.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;text-align: center;}
 .content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}
 .t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}
 .t2{margin-bottom:8px; font-weight:bold}

plugins/op_waf/waf/html/safe_js.html

@@ -0,0 +1,154 @@
+<!doctype html>
+<html>
+<head>
+<meta charset="utf-8">
+<title>OP网站防火墙|安全校验</title>
+<style>
+*{margin:0;padding:0;color:#444}
+.main{width:600px;margin:10% auto;}
+.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;text-align: center;}
+.content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}
+#change{
+	font-size: 200px;
+	text-align: center;
+}
+</style>
+</head>
+
+<body>
+	<div class="main">
+		<div class="title">OP网站防火墙|安全校验</div>
+		<div class="content">
+			<p id="change">5</p>
+		</div>
+		<div id="status" style="display: none;">false</div>
+	</div>
+</body>
+
+<script type="text/javascript">
+
+function ajax(type,bool){
+	var xhr = {};
+	if(typeof(type)=='undefined'){
+		xhr.type='HTML';
+	}else{
+		xhr.type=type.toUpperCase();
+	}
+	if(typeof(bool)=='undefined'){
+		xhr.async=true;
+	}else{
+		xhr.async=bool;
+	}
+	xhr.url = '';
+	xhr.send = '';
+	xhr.result=null;
+
+	xhr.createXHR = function(){
+		try{
+			request = new XMLHttpRequest();
+			if(request.overrideMimeType){
+				request.overrideMimeType('text/html');
+			}
+		}catch(e){
+			var v = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP',
+				'Msxml2.XMLHTTP.7.0', 'Msxml2.XMLHTTP.6.0', 'Msxml2.XMLHTTP.5.0',
+					'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP'];
+			for(var i=0;i<v.length;i++){
+				try{
+					request = new ActiveXObject(v[i]); 
+					if(request){return request;}
+				}catch(e){continue;
+				
+				}
+			}
+		}
+		return request;
+	}
+
+	xhr.XHR = xhr.createXHR();
+
+	xhr.processHandle = function(){
+		if( xhr.XHR.readyState ==4 && xhr.XHR.status==200){
+			if(xhr.type=='HTML'){
+				xhr.result(xhr.XHR.responseText);
+				return xhr.XHR.responseText;
+			}else if(xhr.type=='JSON'){
+				xhr.result(eval('('+xhr.XHR.responseText+')'));
+				return eval('('+xhr.XHR.responseText+')');
+			}else{
+				xhr.result(xhr.XHR.responseXML);
+				return xhr.XHR.responseXML;
+			}
+		}	
+	};
+
+	xhr.get = function(url,result){
+		//添加回调函数
+		var name ='PHPjs';
+		var r = name + '_' + Math.random().toString().substr(2);//随机
+
+		xhr.url = url+'&'+name+'='+r;
+		
+		if(result!=null){
+			xhr.XHR.onreadystatechange = xhr.processHandle;
+			xhr.result = result;
+		}
+		if(window.XMLHttpRequest){
+			xhr.XHR.open('GET',xhr.url,xhr.async);
+			xhr.XHR.send(null);
+		}else{
+			xhr.XHR.open('GET',xhr.url,xhr.async);
+			xhr.XHR.send();
+		}
+	};
+
+	xhr.post = function(url,send,result){
+		xhr.url = url;
+		if(typeof(send) == 'object'){
+			var str = '';
+			for(var pro in send){
+				str +=pro +'='+send[pro]+'&';
+			}
+			xhr.send = str.substr(0,str.length-1);
+		}else{
+			xhr.send = send;
+		}
+		if(result!=null){
+			xhr.XHR.onreadystatechange = xhr.processHandle;
+			xhr.result = result;
+		}
+		xhr.XHR.open('POST',url,xhr.async);
+		xhr.XHR.setRequestHeader('request-type','ajax');
+		xhr.XHR.setRequestHeader('Content-type','application/x-www-form-urlencoded');
+		xhr.XHR.send(xhr.send);
+	}
+	return xhr;
+}
+
+
+
+var ok = setInterval(function(){
+
+	ajax('JSON',true).post('/{uri}',{'pass':"ok"},function(data){
+		if (data['status'] == 0){
+			// document.getElementById('status').innerHTML = "ok";
+			location.reload();
+		}
+	});
+
+	var id = document.getElementById('change').innerHTML;
+	id = id - 1;
+	if (id == 0){
+		document.getElementById('change').innerHTML = '稍等';
+		clearInterval(ok);
+		if (document.getElementById('status').innerHTML == 'ok'){
+			location.reload();
+		}
+	} else {
+		document.getElementById('change').innerHTML = id;
+	}
+},1000);
+
+</script>
+</html>
+

plugins/op_waf/waf/html/user_agent.html

@@ -7,7 +7,7 @@
 *{margin:0;padding:0;color:#444}
 body{font-size:14px;font-family:"宋体"}
 .main{width:600px;margin:10% auto;}
-.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;padding-left: 20px;}
+.title{background: #20a53a;color: #fff;font-size: 16px;height: 40px;line-height: 40px;text-align: center;}
 .content{background-color:#f3f7f9; height:280px;border:1px dashed #c6d9b6;padding:20px}
 .t1{border-bottom: 1px dashed #c6d9b6;color: #ff4000;font-weight: bold; margin: 0 0 20px; padding-bottom: 18px;}
 .t2{margin-bottom:8px; font-weight:bold}

plugins/op_waf/waf/lua/init.lua

@@ -15,6 +15,7 @@ C:setDebug(true)
 local get_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["get"]["reqfile"])
 local post_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["post"]["reqfile"])
 local user_agent_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["user-agent"]["reqfile"])
+local cc_safe_js_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["cc"]["reqfile"])
 local args_rules = C:read_file_table('args')
 local ip_white_rules = C:read_file('ip_white')
 local ip_black_rules = C:read_file('ip_black')
@@ -58,6 +59,25 @@ function get_waf_drop_ip()
 end
 
 
+math.randomseed(os.time())
+ 
+function get_random(n) 
+    local t = {
+        "0","1","2","3","4","5","6","7","8","9",
+        "a","b","c","d","e","f","g","h","i","j",
+        "k","l","m","n","o","p","q","r","s","t",
+        "u","v","w","x","y","z",
+        "A","B","C","D","E","F","G","H","I","J",
+        "K","L","M","N","O","P","Q","R","S","T",
+        "U","V","W","X","Y","Z",
+    }    
+    local s = ""
+    for i =1, n do
+        s = s .. t[math.random(#t)]        
+    end
+    return s
+end
+
 function is_chekc_table(data,strings)
     if type(data) ~= 'table' then return 1 end 
     if not data then return 1 end
@@ -258,22 +278,47 @@ function waf_cc()
     return false
 end
 
+-- 是否符合开强制验证条件
+function is_open_waf_cc_increase()
+
+    if config['safe_verify']['open'] then
+        return true
+    end
+
+    if site_config[server_name]['safe_verify']['open'] then
+        return true
+    end
+    return false
+end
+
+
 --强制验证是否使用正常浏览器访问网站
 function waf_cc_increase()
-    
+    local ip = params['ip']
-    if not config['cc']['open'] or not site_cc then return false end
+    local uri = params['uri']
-    if not site_config[server_name] then return false end
+
-    if not site_config[server_name]['cc']['increase'] then return false end
+    if not is_open_waf_cc_increase() then return false end
     local cache_token = ngx.md5(ip .. '_' .. server_name)
+
     --判断是否已经通过验证
-    if ngx.shared.btwaf:get(cache_token) then  return false end
+    if ngx.shared.limit:get(cache_token) then return false end
-    if cc_uri_white() then
+
-        ngx.shared.btwaf:delete(cache_token .. '_key')
+    local cache_rand_key = ip..':rand'
-        ngx.shared.btwaf:set(cache_token,1,60)
+    local cache_rand = ngx.shared.limit:get(cache_rand_key)
-        return false 
+    if not cache_rand then 
-    end
+        cache_rand = get_random(8)
-    if security_verification() then return false end
+        ngx.shared.limit:set(cache_rand_key,cache_rand,10)
-    send_check_heml(cache_token)
+    end
+
+    make_uri_str = "unbind_"..cache_rand.."_"..cache_token
+    make_uri = "/"..make_uri_str
+    if uri == make_uri then
+        ngx.shared.limit:set(cache_token,1, config['safe_verify']['time'])
+        C:return_message(200, get_return_state(0,'ok'))
+    end
+
+    local cc_html = string.gsub(cc_safe_js_html, "{uri}", make_uri_str)
+    C:return_html(200, cc_html)
 end
 
 
@@ -586,6 +631,7 @@ function waf()
 
     -- cc setting
     if waf_drop() then return true end
+    if waf_cc_increase() then return true end
     if waf_cc() then return true end
 
     -- ua check

plugins/op_waf/waf/rule/ip_white.json

@@ -1 +1 @@
-[[[127, 0, 0, 1], [127, 0, 0, 255]]]
+[[[127, 0, 0, 2], [127, 0, 0, 255]]]