diff --git a/plugins/op_waf/conf/luawaf.conf b/plugins/op_waf/conf/luawaf.conf
index af9993e83..3c93a082d 100755
--- a/plugins/op_waf/conf/luawaf.conf
+++ b/plugins/op_waf/conf/luawaf.conf
@@ -1,10 +1,3 @@
lua_shared_dict waf_limit 30m;
lua_shared_dict waf_drop_ip 10m;
-lua_shared_dict waf_drop_sum 10m;
-lua_package_path "{$WAF_PATH}/html/?.lua;{$WAF_PATH}/conf/?.lua;{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;";
-lua_package_cpath "{$WAF_PATH}/conf/?.so;{$ROOT_PATH}/openresty/lualib/?.so;;";
-
-init_worker_by_lua_file {$WAF_PATH}/lua/init_worker.lua;
-access_by_lua_file {$WAF_PATH}/lua/init.lua;
-
-# init_by_lua_file {$WAF_PATH}/lua/init.lua;
+lua_shared_dict waf_drop_sum 10m;
\ No newline at end of file
diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py
index 99cdeac13..d3325ae9f 100755
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@@ -6,6 +6,7 @@ import os
import time
import subprocess
import json
+import re
sys.path.append(os.getcwd() + "/class/core")
import mw
@@ -228,17 +229,8 @@ def initTotalInfo():
mw.writeFile(path_total, cjson)
-def status():
- path = getConf()
- if not os.path.exists(path):
- return 'stop'
-
- conf = mw.readFile(path)
- if conf.find("#include luawaf.conf;") != -1:
- return 'stop'
- if conf.find("luawaf.conf;") == -1:
- return 'stop'
- return 'start'
+def dstWafConf():
+ return mw.getServerDir() + "/web_conf/nginx/vhost/opwaf.conf"
def contentReplace(content):
@@ -328,7 +320,8 @@ def autoMakeConfig():
def restartWeb():
autoMakeConfig()
- mw.restartWeb()
+ mw.opWeb('stop')
+ mw.opWeb('start')
def initDreplace():
@@ -370,11 +363,12 @@ def initDreplace():
content = contentReplace(content)
mw.writeFile(init_worker, content)
- waf_conf = mw.getServerDir() + "/openresty/nginx/conf/luawaf.conf"
- waf_tpl = getPluginDir() + "/conf/luawaf.conf"
- content = mw.readFile(waf_tpl)
- content = contentReplace(content)
- mw.writeFile(waf_conf, content)
+ waf_conf = dstWafConf()
+ if not os.path.exists(waf_conf):
+ waf_tpl = getPluginDir() + "/conf/luawaf.conf"
+ content = mw.readFile(waf_tpl)
+ content = contentReplace(content)
+ mw.writeFile(waf_conf, content)
initDomainInfo()
initSiteInfo()
@@ -388,37 +382,61 @@ def initDreplace():
mw.execShell("chown -R www:www " + path)
+def status():
+ path = getConf()
+ if not os.path.exists(path):
+ return 'stop'
+
+ waf_conf = dstWafConf()
+ if not os.path.exists(waf_conf):
+ return 'stop'
+ return 'start'
+
+
def start():
initDreplace()
- path = getConf()
+ path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf'
+ init_worker_lua = getServerDir() + '/waf/lua/init_worker.lua'
+ init_lua = getServerDir() + '/waf/lua/init.lua'
conf = mw.readFile(path)
- conf = conf.replace('#include luawaf.conf;', "include luawaf.conf;")
+ conf = re.sub('init_worker_by_lua_file (.*);',
+ "init_worker_by_lua_file " + init_worker_lua + ";", conf)
+ conf = re.sub('access_by_lua_file (.*);',
+ "access_by_lua_file " + init_lua + ";", conf)
mw.writeFile(path, conf)
import tool_task
tool_task.createBgTask()
- mw.restartWeb()
+ restartWeb()
return 'ok'
def stop():
- path = getConf()
- conf = mw.readFile(path)
- conf = conf.replace('include luawaf.conf;', "#include luawaf.conf;")
+ path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf'
+ empty_lua = mw.getServerDir() + '/web_conf/nginx/lua/empty.lua'
+ conf = mw.readFile(path)
+ conf = re.sub('init_worker_by_lua_file (.*);',
+ "init_worker_by_lua_file " + empty_lua + ";", conf)
+ conf = re.sub('access_by_lua_file (.*);',
+ "access_by_lua_file " + empty_lua + ";", conf)
mw.writeFile(path, conf)
+ wafconf = dstWafConf()
+ if os.path.exists(wafconf):
+ os.remove(wafconf)
+
import tool_task
tool_task.removeBgTask()
- mw.restartWeb()
+ restartWeb()
return 'ok'
def restart():
- mw.restartWeb()
+ restartWeb()
return 'ok'
@@ -428,6 +446,18 @@ def reload():
path = getServerDir()
path_tpl = getPluginDir()
+ config = path + "/waf/lua/common.lua"
+ config_tpl = path_tpl + "/waf/lua/common.lua"
+ content = mw.readFile(config_tpl)
+ content = contentReplace(content)
+ mw.writeFile(config, content)
+
+ config = path + "/waf/lua/init_worker.lua"
+ config_tpl = path_tpl + "/waf/lua/init_worker.lua"
+ content = mw.readFile(config_tpl)
+ content = contentReplace(content)
+ mw.writeFile(config, content)
+
config = path + "/waf/lua/init.lua"
config_tpl = path_tpl + "/waf/lua/init.lua"
content = mw.readFile(config_tpl)
@@ -438,6 +468,8 @@ def reload():
mw.execShell('rm -rf ' + errlog)
start()
+
+ restartWeb()
return 'ok'
@@ -1167,6 +1199,28 @@ def getWafConf():
return mw.readFile(conf)
+def cleanDropIp():
+ url = "http://127.0.0.1/clean_waf_drop_ip"
+ data = mw.httpGet(url)
+ return mw.returnJson(True, 'ok!', data)
+
+
+def testRun():
+ # args = getArgs()
+ # data = checkArgs(args, ['siteName'])
+ # if not data[0]:
+ # return data[1]
+
+ conf_json = getServerDir() + "/waf/default.json"
+ data = mw.readFile(conf_json)
+ pdata = json.loads(data)
+ default_site = pdata['default']
+
+ url = "http://" + default_site + '/?t=../etc/passwd'
+ returnData = mw.httpGet(url, 10)
+ return mw.returnJson(True, '测试运行成功!', returnData)
+
+
def installPreInspection():
check_op = mw.getServerDir() + "/openresty"
if not os.path.exists(check_op):
@@ -1174,12 +1228,6 @@ def installPreInspection():
return 'ok'
-def cleanDropIp():
- url = "http://127.0.0.1/clean_waf_drop_ip"
- data = mw.httpGet(url)
- return mw.returnJson(True, 'ok!', data)
-
-
if __name__ == "__main__":
func = sys.argv[1]
if func == 'status':
@@ -1268,5 +1316,7 @@ if __name__ == "__main__":
print(getWafSite())
elif func == 'clean_drop_ip':
print(cleanDropIp())
+ elif func == 'test_run':
+ print(testRun())
else:
print('error')
diff --git a/plugins/op_waf/info.json b/plugins/op_waf/info.json
index 841cf2c6f..e37a26fdb 100755
--- a/plugins/op_waf/info.json
+++ b/plugins/op_waf/info.json
@@ -12,5 +12,5 @@
"home":"https://github.com/loveshell/ngx_lua_waf",
"date":"2019-04-21",
"pid": "1",
- "versions": ["0.2.3"]
+ "versions": ["0.2.4"]
}
\ No newline at end of file
diff --git a/plugins/op_waf/js/op_waf.js b/plugins/op_waf/js/op_waf.js
index 170c7a871..469029adb 100755
--- a/plugins/op_waf/js/op_waf.js
+++ b/plugins/op_waf/js/op_waf.js
@@ -1712,9 +1712,12 @@ function wafLogs(){
\
\
\
- \
+ \
+ \
+ \
+ \
+ \
\
- \
\
\
';
@@ -1733,6 +1736,15 @@ function wafLogs(){
});
});
+ //测试demo
+ $("#testRun").click(function(){
+ owPost('test_run',{},function(data){
+ var rdata = $.parseJSON(data.data);
+ showMsg(rdata.msg, function(){
+ wafLogRequest(1);
+ },{icon:1,shade: [0.3, '#000']},2000);
+ });
+ });
//日期范围
laydate.render({
diff --git a/plugins/op_waf/t/index.py b/plugins/op_waf/t/index.py
index a1cd9f768..98bd75f28 100644
--- a/plugins/op_waf/t/index.py
+++ b/plugins/op_waf/t/index.py
@@ -309,12 +309,12 @@ def test_Upload():
def test_start():
# test_OK()
- # test_Dir()
+ test_Dir()
# test_UA()
- test_Header()
+ # test_Header()
# test_UA_for(1000)
- test_POST()
- test_scan()
+ # test_POST()
+ # test_scan()
# test_CC()
# test_url_ext()
# test_cdn()
@@ -322,6 +322,7 @@ def test_start():
if __name__ == "__main__":
- os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
- os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
+ # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
+ os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf/index.py reload')
+ # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
test_start()
diff --git a/plugins/op_waf/waf/lua/common.lua b/plugins/op_waf/waf/lua/common.lua
index ca4003c03..f477fdbd6 100644
--- a/plugins/op_waf/waf/lua/common.lua
+++ b/plugins/op_waf/waf/lua/common.lua
@@ -1,3 +1,14 @@
+local waf_root = "{$WAF_ROOT}"
+local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
+local waf_sopath = waf_root.."/waf/conf/?.so;"
+
+if not package.path:find(waf_cpath) then
+ package.path = waf_cpath .. package.path
+end
+
+if not package.cpath:find(waf_sopath) then
+ package.cpath = waf_sopath .. package.cpath
+end
local setmetatable = setmetatable
local _M = { _VERSION = '0.02' }
@@ -9,7 +20,6 @@ local sqlite3 = require "lsqlite3"
local ngx_match = ngx.re.find
local debug_mode = false
-local waf_root = "{$WAF_ROOT}"
local cpath = waf_root.."/waf/"
local log_dir = waf_root.."/logs/"
local rpath = cpath.."/rule/"
@@ -62,12 +72,12 @@ end
-- 后台任务
function _M.cron(self)
- local timer_every_get_data = function (premature)
- self.clean_log()
+ local timer_every_get_data = function(premature)
+ self:clean_log()
end
ngx.timer.every(10, timer_every_get_data)
- local timer_every_import_data = function (premature)
+ local timer_every_import_data = function(premature)
local llen, _ = ngx.shared.waf_limit:llen('waf_limit_logs')
if llen == 0 then
diff --git a/plugins/op_waf/waf/lua/init.lua b/plugins/op_waf/waf/lua/init.lua
index 615f50db9..507c5d3da 100644
--- a/plugins/op_waf/waf/lua/init.lua
+++ b/plugins/op_waf/waf/lua/init.lua
@@ -1,3 +1,14 @@
+local waf_root = "{$WAF_ROOT}"
+local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
+local waf_sopath = waf_root.."/waf/conf/?.so;"
+
+if not package.path:find(waf_cpath) then
+ package.path = waf_cpath .. package.path
+end
+
+if not package.cpath:find(waf_sopath) then
+ package.cpath = waf_sopath .. package.cpath
+end
local json = require "cjson"
local ngx_match = ngx.re.find
@@ -11,11 +22,11 @@ local config = require "waf_config"
local site_config = require "waf_site"
local config_domains = require "waf_domains"
--- C:D("config:"..C:to_json(config))
C:setConfData(config, site_config)
C:setDebug(true)
+-- C:D("config:"..C:to_json(config))
local get_html = require "html_get"
local post_html = require "html_post"
@@ -521,7 +532,6 @@ end
function waf()
min_route()
-
-- white ip
if waf_ip_white() then return true end
@@ -550,9 +560,8 @@ function waf()
-- 扫描软件禁止
if waf_scan_black() then return true end
-
if waf_post() then return true end
-
+
if site_config[server_name] and site_config[server_name]['open'] then
if X_Forwarded() then return true end
if post_X_Forwarded() then return true end
diff --git a/plugins/op_waf/waf/lua/init_worker.lua b/plugins/op_waf/waf/lua/init_worker.lua
index 1da7710a5..5bf722c9d 100644
--- a/plugins/op_waf/waf/lua/init_worker.lua
+++ b/plugins/op_waf/waf/lua/init_worker.lua
@@ -1,13 +1,20 @@
+local waf_root = "{$WAF_ROOT}"
+local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
+local waf_sopath = waf_root.."/waf/conf/?.so;"
-local json = require "cjson"
+if not package.path:find(waf_cpath) then
+ package.path = waf_cpath .. package.path
+end
-local waf_root = "{$WAF_ROOT}"
-local cpath = waf_root.."/waf/"
+if not package.cpath:find(waf_sopath) then
+ package.cpath = waf_sopath .. package.cpath
+end
+
+local json = require "cjson"
local __C = require "common"
local C = __C:getInstance()
-
local function timer_stats_total_log(premature)
C:timer_stats_total()
end