op防火墙优化

1.适配openresty配置修改。
2.加入一个测试功能，便于测试。

plugins/op_waf/conf/luawaf.conf

@@ -1,10 +1,3 @@
 lua_shared_dict waf_limit 30m;
 lua_shared_dict waf_drop_ip 10m;
-lua_shared_dict waf_drop_sum 10m;
+lua_shared_dict waf_drop_sum 10m;
-lua_package_path "{$WAF_PATH}/html/?.lua;{$WAF_PATH}/conf/?.lua;{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;";
-lua_package_cpath "{$WAF_PATH}/conf/?.so;{$ROOT_PATH}/openresty/lualib/?.so;;";
-
-init_worker_by_lua_file {$WAF_PATH}/lua/init_worker.lua;
-access_by_lua_file  {$WAF_PATH}/lua/init.lua;
-
-# init_by_lua_file  {$WAF_PATH}/lua/init.lua;

plugins/op_waf/index.py

@@ -6,6 +6,7 @@ import os
 import time
 import subprocess
 import json
+import re
 
 sys.path.append(os.getcwd() + "/class/core")
 import mw
@@ -228,17 +229,8 @@ def initTotalInfo():
     mw.writeFile(path_total, cjson)
 
 
-def status():
+def dstWafConf():
-    path = getConf()
+    return mw.getServerDir() + "/web_conf/nginx/vhost/opwaf.conf"
-    if not os.path.exists(path):
-        return 'stop'
-
-    conf = mw.readFile(path)
-    if conf.find("#include luawaf.conf;") != -1:
-        return 'stop'
-    if conf.find("luawaf.conf;") == -1:
-        return 'stop'
-    return 'start'
 
 
 def contentReplace(content):
@@ -328,7 +320,8 @@ def autoMakeConfig():
 
 def restartWeb():
     autoMakeConfig()
-    mw.restartWeb()
+    mw.opWeb('stop')
+    mw.opWeb('start')
 
 
 def initDreplace():
@@ -370,11 +363,12 @@ def initDreplace():
     content = contentReplace(content)
     mw.writeFile(init_worker, content)
 
-    waf_conf = mw.getServerDir() + "/openresty/nginx/conf/luawaf.conf"
+    waf_conf = dstWafConf()
-    waf_tpl = getPluginDir() + "/conf/luawaf.conf"
+    if not os.path.exists(waf_conf):
-    content = mw.readFile(waf_tpl)
+        waf_tpl = getPluginDir() + "/conf/luawaf.conf"
-    content = contentReplace(content)
+        content = mw.readFile(waf_tpl)
-    mw.writeFile(waf_conf, content)
+        content = contentReplace(content)
+        mw.writeFile(waf_conf, content)
 
     initDomainInfo()
     initSiteInfo()
@@ -388,37 +382,61 @@ def initDreplace():
         mw.execShell("chown -R www:www " + path)
 
 
+def status():
+    path = getConf()
+    if not os.path.exists(path):
+        return 'stop'
+
+    waf_conf = dstWafConf()
+    if not os.path.exists(waf_conf):
+        return 'stop'
+    return 'start'
+
+
 def start():
     initDreplace()
 
-    path = getConf()
+    path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf'
+    init_worker_lua = getServerDir() + '/waf/lua/init_worker.lua'
+    init_lua = getServerDir() + '/waf/lua/init.lua'
     conf = mw.readFile(path)
-    conf = conf.replace('#include luawaf.conf;', "include luawaf.conf;")
+    conf = re.sub('init_worker_by_lua_file (.*);',
+                  "init_worker_by_lua_file " + init_worker_lua + ";", conf)
+    conf = re.sub('access_by_lua_file (.*);',
+                  "access_by_lua_file " + init_lua + ";", conf)
     mw.writeFile(path, conf)
 
     import tool_task
     tool_task.createBgTask()
 
-    mw.restartWeb()
+    restartWeb()
     return 'ok'
 
 
 def stop():
-    path = getConf()
-    conf = mw.readFile(path)
-    conf = conf.replace('include luawaf.conf;', "#include luawaf.conf;")
 
+    path = mw.getServerDir() + '/web_conf/nginx/lua/lua.conf'
+    empty_lua = mw.getServerDir() + '/web_conf/nginx/lua/empty.lua'
+    conf = mw.readFile(path)
+    conf = re.sub('init_worker_by_lua_file (.*);',
+                  "init_worker_by_lua_file " + empty_lua + ";", conf)
+    conf = re.sub('access_by_lua_file (.*);',
+                  "access_by_lua_file " + empty_lua + ";", conf)
     mw.writeFile(path, conf)
 
+    wafconf = dstWafConf()
+    if os.path.exists(wafconf):
+        os.remove(wafconf)
+
     import tool_task
     tool_task.removeBgTask()
 
-    mw.restartWeb()
+    restartWeb()
     return 'ok'
 
 
 def restart():
-    mw.restartWeb()
+    restartWeb()
     return 'ok'
 
 
@@ -428,6 +446,18 @@ def reload():
     path = getServerDir()
     path_tpl = getPluginDir()
 
+    config = path + "/waf/lua/common.lua"
+    config_tpl = path_tpl + "/waf/lua/common.lua"
+    content = mw.readFile(config_tpl)
+    content = contentReplace(content)
+    mw.writeFile(config, content)
+
+    config = path + "/waf/lua/init_worker.lua"
+    config_tpl = path_tpl + "/waf/lua/init_worker.lua"
+    content = mw.readFile(config_tpl)
+    content = contentReplace(content)
+    mw.writeFile(config, content)
+
     config = path + "/waf/lua/init.lua"
     config_tpl = path_tpl + "/waf/lua/init.lua"
     content = mw.readFile(config_tpl)
@@ -438,6 +468,8 @@ def reload():
     mw.execShell('rm -rf ' + errlog)
 
     start()
+
+    restartWeb()
     return 'ok'
 
 
@@ -1167,6 +1199,28 @@ def getWafConf():
     return mw.readFile(conf)
 
 
+def cleanDropIp():
+    url = "http://127.0.0.1/clean_waf_drop_ip"
+    data = mw.httpGet(url)
+    return mw.returnJson(True, 'ok!', data)
+
+
+def testRun():
+    # args = getArgs()
+    # data = checkArgs(args, ['siteName'])
+    # if not data[0]:
+    #     return data[1]
+
+    conf_json = getServerDir() + "/waf/default.json"
+    data = mw.readFile(conf_json)
+    pdata = json.loads(data)
+    default_site = pdata['default']
+
+    url = "http://" + default_site + '/?t=../etc/passwd'
+    returnData = mw.httpGet(url, 10)
+    return mw.returnJson(True, '测试运行成功!', returnData)
+
+
 def installPreInspection():
     check_op = mw.getServerDir() + "/openresty"
     if not os.path.exists(check_op):
@@ -1174,12 +1228,6 @@ def installPreInspection():
     return 'ok'
 
 
-def cleanDropIp():
-    url = "http://127.0.0.1/clean_waf_drop_ip"
-    data = mw.httpGet(url)
-    return mw.returnJson(True, 'ok!', data)
-
-
 if __name__ == "__main__":
     func = sys.argv[1]
     if func == 'status':
@@ -1268,5 +1316,7 @@ if __name__ == "__main__":
         print(getWafSite())
     elif func == 'clean_drop_ip':
         print(cleanDropIp())
+    elif func == 'test_run':
+        print(testRun())
     else:
         print('error')

plugins/op_waf/info.json

@@ -12,5 +12,5 @@
 	"home":"https://github.com/loveshell/ngx_lua_waf",
 	"date":"2019-04-21",
 	"pid": "1",
-	"versions": ["0.2.3"]
+	"versions": ["0.2.4"]
 }

plugins/op_waf/js/op_waf.js

@@ -1712,9 +1712,12 @@ function wafLogs(){
                             <button data-name="l7" type="button" class="btn btn-default">近7天</button>\
                             <button data-name="l30" type="button" class="btn btn-default">近30天</button>\
                         </div>\
-                        <span class="last-span"><input data-name="" type="text" id="time_choose" lay-key="1000001_'+randstr+'" class="form-control btn-group-sm" autocomplete="off" placeholder="自定义时间" style="display: inline-block;font-size: 12px;padding: 0 10px;height:30px;width: 200px;"></span>\
+                        <span class="last-span"><input data-name="" type="text" id="time_choose" lay-key="1000001_'+randstr+'" class="form-control btn-group-sm" autocomplete="off" placeholder="自定义时间" style="display: inline-block;font-size: 12px;padding: 0 10px;height:30px;width: 155px;"></span>\
+                    </div>\
+                    <div style="float:right;">\
+                        <button id="UncoverAll" class="btn btn-success btn-sm" style="padding-left: 5px;padding-right: 5px;">解封所有</button>\
+                        <button id="testRun" class="btn btn-default btn-sm" style="padding-left: 5px;padding-right: 5px;">测试</button>\
                     </div>\
-                    <div style="float:right;"><button id="UncoverAll" class="btn btn-success btn-sm">解封所有</button></div>\
                 </div>\
                 <div class="divtable mtb10" id="ws_table"></div>\
             </div>';
@@ -1733,6 +1736,15 @@ function wafLogs(){
         });
     });
 
+    //测试demo
+    $("#testRun").click(function(){
+        owPost('test_run',{},function(data){
+            var rdata = $.parseJSON(data.data);
+            showMsg(rdata.msg, function(){
+                wafLogRequest(1);
+            },{icon:1,shade: [0.3, '#000']},2000);
+        });
+    });
 
     //日期范围
     laydate.render({

plugins/op_waf/t/index.py

@@ -309,12 +309,12 @@ def test_Upload():
 
 def test_start():
     # test_OK()
-    # test_Dir()
+    test_Dir()
     # test_UA()
-    test_Header()
+    # test_Header()
     # test_UA_for(1000)
-    test_POST()
+    # test_POST()
-    test_scan()
+    # test_scan()
     # test_CC()
     # test_url_ext()
     # test_cdn()
@@ -322,6 +322,7 @@ def test_start():
 
 
 if __name__ == "__main__":
-    os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
+    # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf && sh install.sh uninstall 0.2.2 && sh install.sh install 0.2.2')
-    os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
+    os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 /Users/midoks/Desktop/mwdev/server/mdserver-web/plugins/op_waf/index.py reload')
+    # os.system('cd /Users/midoks/Desktop/mwdev/server/mdserver-web/ && python3 plugins/openresty/index.py stop && python3 plugins/openresty/index.py start')
     test_start()

plugins/op_waf/waf/lua/common.lua

@@ -1,3 +1,14 @@
+local waf_root = "{$WAF_ROOT}"
+local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
+local waf_sopath = waf_root.."/waf/conf/?.so;"
+
+if not package.path:find(waf_cpath) then
+    package.path = waf_cpath  .. package.path
+end
+
+if not package.cpath:find(waf_sopath) then
+    package.cpath = waf_sopath .. package.cpath
+end
 
 local setmetatable = setmetatable
 local _M = { _VERSION = '0.02' }
@@ -9,7 +20,6 @@ local sqlite3 = require "lsqlite3"
 local ngx_match = ngx.re.find
 local debug_mode = false
 
-local waf_root = "{$WAF_ROOT}"
 local cpath = waf_root.."/waf/"
 local log_dir = waf_root.."/logs/"
 local rpath = cpath.."/rule/"
@@ -62,12 +72,12 @@ end
 
 -- 后台任务
 function _M.cron(self)
-    local timer_every_get_data = function (premature)
+    local timer_every_get_data = function(premature)
-        self.clean_log()
+        self:clean_log()
     end
     ngx.timer.every(10, timer_every_get_data)
 
-    local timer_every_import_data = function (premature)
+    local timer_every_import_data = function(premature)
 
         local llen, _ = ngx.shared.waf_limit:llen('waf_limit_logs')
         if llen == 0 then

plugins/op_waf/waf/lua/init.lua

@@ -1,3 +1,14 @@
+local waf_root = "{$WAF_ROOT}"
+local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
+local waf_sopath = waf_root.."/waf/conf/?.so;"
+
+if not package.path:find(waf_cpath) then
+    package.path = waf_cpath  .. package.path
+end
+
+if not package.cpath:find(waf_sopath) then
+    package.cpath = waf_sopath .. package.cpath
+end
 
 local json = require "cjson"
 local ngx_match = ngx.re.find
@@ -11,11 +22,11 @@ local config = require "waf_config"
 local site_config = require "waf_site"
 local config_domains = require "waf_domains"
 
--- C:D("config:"..C:to_json(config))
 
 C:setConfData(config, site_config)
 C:setDebug(true)
 
+-- C:D("config:"..C:to_json(config))
 
 local get_html = require "html_get"
 local post_html = require "html_post"
@@ -521,7 +532,6 @@ end
 
 function waf()
     min_route()
-
     -- white ip
     if waf_ip_white() then return true end
 
@@ -550,9 +560,8 @@ function waf()
 
     -- 扫描软件禁止
     if waf_scan_black() then return true end
-
     if waf_post() then return true end
-    
+
     if site_config[server_name] and site_config[server_name]['open'] then
         if X_Forwarded() then return true end
         if post_X_Forwarded() then return true end

plugins/op_waf/waf/lua/init_worker.lua

@@ -1,13 +1,20 @@
+local waf_root = "{$WAF_ROOT}"
+local waf_cpath = waf_root.."/waf/lua/?.lua;"..waf_root.."/waf/conf/?.lua;"..waf_root.."/waf/html/?.lua;"
+local waf_sopath = waf_root.."/waf/conf/?.so;"
 
-local json = require "cjson"
+if not package.path:find(waf_cpath) then
+    package.path = waf_cpath  .. package.path
+end
 
-local waf_root = "{$WAF_ROOT}"
+if not package.cpath:find(waf_sopath) then
-local cpath = waf_root.."/waf/"
+    package.cpath = waf_sopath .. package.cpath
+end
+
+local json = require "cjson"
 
 local __C = require "common"
 local C = __C:getInstance()
 
-
 local function timer_stats_total_log(premature)
     C:timer_stats_total()
 end