midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

op防火墙优化

Browse Source 
1.适配openresty配置修改。
2.加入一个测试功能,便于测试。
pull/328/head
midoks 2 years ago
parent 89a84f5ca0
commit b3c3a4457d
8 changed files with 142 additions and 60 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      plugins/op_waf/conf/luawaf.conf
  2. 112
      plugins/op_waf/index.py
  3. 2
      plugins/op_waf/info.json
  4. 16
      plugins/op_waf/js/op_waf.js
  5. 13
      plugins/op_waf/t/index.py
  6. 18
      plugins/op_waf/waf/lua/common.lua
  7. 17
      plugins/op_waf/waf/lua/init.lua
  8. 15
      plugins/op_waf/waf/lua/init_worker.lua

9
plugins/op_waf/conf/luawaf.conf
Unescape View File

@ -1,10 +1,3 @@
lua_shared_dict waf_limit 30m;
lua_shared_dict waf_drop_ip 10m;
lua_shared_dict waf_drop_sum 10m;
lua_package_path "{$WAF_PATH}/html/?.lua;{$WAF_PATH}/conf/?.lua;{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;";
lua_package_cpath "{$WAF_PATH}/conf/?.so;{$ROOT_PATH}/openresty/lualib/?.so;;";
init_worker_by_lua_file {$WAF_PATH}/lua/init_worker.lua;
access_by_lua_file {$WAF_PATH}/lua/init.lua;
# init_by_lua_file {$WAF_PATH}/lua/init.lua;
lua_shared_dict waf_drop_sum 10m;

112
plugins/op_waf/index.py
Unescape View File

@ -6,6 +6,7 @@ import os
import time
import subprocess
import json
import re
sys.path.append(os.getcwd() + "/class/core")
import mw
@ -228,17 +229,8 @@ def initTotalInfo():
mw.writeFile(path_total, cjson)
def status():
path = getConf()
if not os.path.exists(path):
return 'stop'
conf = mw.readFile(path)
if conf.find("#include luawaf.conf;") != -1:
return 'stop'
if conf.find("luawaf.conf;") == -1:
return 'stop'
return 'start'
def dstWafConf():
return mw.getServerDir() + "/web_conf/nginx/vhost/opwaf.conf"
def contentReplace(content):
@ -328,7 +320,8 @@ def autoMakeConfig():
def restartWeb():
autoMakeConfig()
mw.restartWeb()
mw.opWeb('stop')
mw.opWeb('start')
def initDreplace():
@ -370,11 +363,12 @@ def initDreplace():
content = contentReplace(content)
mw.writeFile(init_worker, content)
waf_conf = mw.getServerDir() + "/openresty/nginx/conf/luawaf.conf"
waf_tpl = getPluginDir() + "/conf/luawaf.conf"
content = mw.readFile(waf_tpl)
content = contentReplace(content)
mw.writeFile(waf_conf, content)
waf_conf = dstWafConf()
if not os.path.exists(waf_conf):
waf_tpl = getPluginDir() + "/conf/luawaf.conf"
content = mw.readFile(waf_tpl)
content = contentReplace(content)
mw.writeFile(waf_conf, content)
initDomainInfo()
initSiteInfo()
@ -388,37 +382,61 @@ def initDreplace():
mw.execShell("chown -R www:www " + path)
def status():
path = getConf()
if not os.path.exists(path):
return 'stop'
waf_conf = dstWafConf()
if not os.path.exists(waf_conf):
return 'stop'
return 'start'
def start():
initDreplace()
path = getConf()
path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf'
init_worker_lua = getServerDir() + '/waf/lua/init_worker.lua'
init_lua = getServerDir() + '/waf/lua/init.lua'
conf = mw.readFile(path)
conf = conf.replace('#include luawaf.conf;', "include luawaf.conf;")
conf = re.sub('init_worker_by_lua_file (.*);',
"init_worker_by_lua_file " + init_worker_lua + ";", conf)
conf = re.sub('access_by_lua_file (.*);',
"access_by_lua_file " + init_lua + ";", conf)
mw.writeFile(path, conf)
import tool_task
tool_task.createBgTask()
mw.restartWeb()
restartWeb()
return 'ok'
def stop():
path = getConf()
conf = mw.readFile(path)
conf = conf.replace('include luawaf.conf;', "#include luawaf.conf;")
path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf'
empty_lua = mw.getServerDir() + '/web_conf/nginx/lua/empty.lua'
conf = mw.readFile(path)
conf = re.sub('init_worker_by_lua_file (.*);',
"init_worker_by_lua_file " + empty_lua + ";", conf)
conf = re.sub('access_by_lua_file (.*);',
"access_by_lua_file " + empty_lua + ";", conf)
mw.writeFile(path, conf)
wafconf = dstWafConf()
if os.path.exists(wafconf):
os.remove(wafconf)
import tool_task
tool_task.removeBgTask()
mw.restartWeb()
restartWeb()
return 'ok'
def restart():
mw.restartWeb()
restartWeb()
return 'ok'
@ -428,6 +446,18 @@ def reload():
path = getServerDir()
path_tpl = getPluginDir()
config = path + "/waf/lua/common.lua"
config_tpl = path_tpl + "/waf/lua/common.lua"
content = mw.readFile(config_tpl)
content = contentReplace(content)
mw.writeFile(config, content)
config = path + "/waf/lua/init_worker.lua"
config_tpl = path_tpl + "/waf/lua/init_worker.lua"
content = mw.readFile(config_tpl)
content = contentReplace(content)
mw.writeFile(config, content)
config = path + "/waf/lua/init.lua"
config_tpl = path_tpl + "/waf/lua/init.lua"
content = mw.readFile(config_tpl)
@ -438,6 +468,8 @@ def reload():
mw.execShell('rm -rf ' + errlog)
start()
restartWeb()
return 'ok'
@ -1167,6 +1199,28 @@ def getWafConf():
return mw.readFile(conf)
def cleanDropIp():
url = "http://127.0.0.1/clean_waf_drop_ip"
data = mw.httpGet(url)
return mw.returnJson(True, 'ok!', data)
def testRun():
# args = getArgs()
# data = checkArgs(args, ['siteName'])
# if not data[0]:
# return data[1]
conf_json = getServerDir() + "/waf/default.json"
data = mw.readFile(conf_json)
pdata = json.loads(data)
default_site = pdata['default']
url = "http://" + default_site + '/?t=../etc/passwd'
returnData = mw.httpGet(url, 10)
return mw.returnJson(True, '测试运行成功!', returnData)
def installPreInspection():
check_op = mw.getServerDir() + "/openresty"
if not os.path.exists(check_op):
@ -1174,12 +1228,6 @@ def installPreInspection():
return 'ok'
def cleanDropIp():
url = "http://127.0.0.1/clean_waf_drop_ip"
data = mw.httpGet(url)
return mw.returnJson(True, 'ok!', data)
if __name__ == "__main__":
func = sys.argv[1]
if func == 'status':
@ -1268,5 +1316,7 @@ if __name__ == "__main__":
print(getWafSite())
elif func == 'clean_drop_ip':
print(cleanDropIp())
elif func == 'test_run':
print(testRun())
else:
print('error')

2
plugins/op_waf/info.json
Unescape View File

@ -12,5 +12,5 @@
"home":"https://github.com/loveshell/ngx_lua_waf",
"date":"2019-04-21",
"pid": "1",
"versions": ["0.2.3"]
"versions": ["0.2.4"]
}

16
plugins/op_waf/js/op_waf.js
Unescape View File

@ -1712,9 +1712,12 @@ function wafLogs(){
<button data-name="l7" type="button" class="btn btn-default">近7天</button>\
<button data-name="l30" type="button" class="btn btn-default">近30天</button>\
</div>\
<span class="last-span"><input data-name="" type="text" id="time_choose" lay-key="1000001_'+randstr+'" class="form-control btn-group-sm" autocomplete="off" placeholder="自定义时间" style="display: inline-block;font-size: 12px;padding: 0 10px;height:30px;width: 200px;"></span>\
<span class="last-span"><input data-name="" type="text" id="time_choose" lay-key="1000001_'+randstr+'" class="form-control btn-group-sm" autocomplete="off" placeholder="自定义时间" style="display: inline-block;font-size: 12px;padding: 0 10px;height:30px;width: 155px;"></span>\
</div>\
<div style="float:right;">\
<button id="UncoverAll" class="btn btn-success btn-sm" style="padding-left: 5px;padding-right: 5px;">解封所有</button>\
<button id="testRun" class="btn btn-default btn-sm" style="padding-left: 5px;padding-right: 5px;">测试</button>\
</div>\
<div style="float:right;"><button id="UncoverAll" class="btn btn-success btn-sm">解封所有</button></div>\
</div>\
<div class="divtable mtb10" id="ws_table"></div>\
</div>';
@ -1733,6 +1736,15 @@ function wafLogs(){
});
});
//测试demo
$("#testRun").click(function(){
owPost('test_run',{},function(data){
var rdata = $.parseJSON(data.data);
showMsg(rdata.msg, function(){
wafLogRequest(1);
},{icon:1,shade: [0.3, '#000']},2000);
});
});
//日期范围
laydate.render({

13
plugins/op_waf/t/index.py
Unescape View File

@ -309,12 +309,12 @@ def test_Upload():
def test_start():
# test_OK()
# test_Dir()
test_Dir()
# test_UA()
test_Header()
# test_Header()
# test_UA_for(1000)
test_POST()
test_scan()
# test_POST()
# test_scan()
# test_CC()
# test_url_ext()
# test_cdn()
@ -322,6 +322,7 @@ def test_start():
if __name__ == "__main__":
os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
# os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf/index.py reload')
# os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
test_start()

18
plugins/op_waf/waf/lua/common.lua
Unescape View File

@ -1,3 +1,14 @@
local waf_root = "{$WAF_ROOT}"
local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
local waf_sopath = waf_root.."/waf/conf/?.so;"
if not package.path:find(waf_cpath) then
package.path = waf_cpath .. package.path
end
if not package.cpath:find(waf_sopath) then
package.cpath = waf_sopath .. package.cpath
end
local setmetatable = setmetatable
local _M = { _VERSION = '0.02' }
@ -9,7 +20,6 @@ local sqlite3 = require "lsqlite3"
local ngx_match = ngx.re.find
local debug_mode = false
local waf_root = "{$WAF_ROOT}"
local cpath = waf_root.."/waf/"
local log_dir = waf_root.."/logs/"
local rpath = cpath.."/rule/"
@ -62,12 +72,12 @@ end
-- 后台任务
function _M.cron(self)
local timer_every_get_data = function (premature)
self.clean_log()
local timer_every_get_data = function(premature)
self:clean_log()
end
ngx.timer.every(10, timer_every_get_data)
local timer_every_import_data = function (premature)
local timer_every_import_data = function(premature)
local llen, _ = ngx.shared.waf_limit:llen('waf_limit_logs')
if llen == 0 then

17
plugins/op_waf/waf/lua/init.lua
Unescape View File

@ -1,3 +1,14 @@
local waf_root = "{$WAF_ROOT}"
local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
local waf_sopath = waf_root.."/waf/conf/?.so;"
if not package.path:find(waf_cpath) then
package.path = waf_cpath .. package.path
end
if not package.cpath:find(waf_sopath) then
package.cpath = waf_sopath .. package.cpath
end
local json = require "cjson"
local ngx_match = ngx.re.find
@ -11,11 +22,11 @@ local config = require "waf_config"
local site_config = require "waf_site"
local config_domains = require "waf_domains"
-- C:D("config:"..C:to_json(config))
C:setConfData(config, site_config)
C:setDebug(true)
-- C:D("config:"..C:to_json(config))
local get_html = require "html_get"
local post_html = require "html_post"
@ -521,7 +532,6 @@ end
function waf()
min_route()
-- white ip
if waf_ip_white() then return true end
@ -550,9 +560,8 @@ function waf()
-- 扫描软件禁止
if waf_scan_black() then return true end
if waf_post() then return true end
if site_config[server_name] and site_config[server_name]['open'] then
if X_Forwarded() then return true end
if post_X_Forwarded() then return true end

15
plugins/op_waf/waf/lua/init_worker.lua
Unescape View File

@ -1,13 +1,20 @@
local waf_root = "{$WAF_ROOT}"
local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
local waf_sopath = waf_root.."/waf/conf/?.so;"
local json = require "cjson"
if not package.path:find(waf_cpath) then
package.path = waf_cpath .. package.path
end
local waf_root = "{$WAF_ROOT}"
local cpath = waf_root.."/waf/"
if not package.cpath:find(waf_sopath) then
package.cpath = waf_sopath .. package.cpath
end
local json = require "cjson"
local __C = require "common"
local C = __C:getInstance()
local function timer_stats_total_log(premature)
C:timer_stats_total()
end

Write Preview
Loading…
Cancel
Save