up

3 years ago · b3fef4c104
parent 48cec8ee47
commit b3fef4c104
4 changed files with 31 additions and 18 deletions
--- a/plugins/op_waf/conf/luawaf.conf
+++ b/plugins/op_waf/conf/luawaf.conf
@ -1,7 +1,7 @@
 lua_shared_dict limit 30m;
 lua_shared_dict drop_ip 10m;
 lua_shared_dict drop_sum 10m;
-lua_package_path "{$WAF_PATH}/conf/?.lua;{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;";
+lua_package_path "{$WAF_PATH}/html/?.lua;{$WAF_PATH}/conf/?.lua;{$WAF_PATH}/lua/?.lua;{$ROOT_PATH}/openresty/lualib/?.lua;;";


 init_worker_by_lua_file {$WAF_PATH}/lua/init_worker.lua;
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@ -62,6 +62,11 @@ def listToLuaFile(path, lists):
    mw.writeFile(path, content)


+def htmlToLuaFile(path, content):
+    content = "return [[" + content + "]]"
+    mw.writeFile(path, content)
+
+
 def getConf():
    path = mw.getServerDir() + "/openresty/nginx/conf/nginx.conf"
    return path
@ -239,6 +244,13 @@ def autoMakeLuaImportSingle(file):
    listToLuaFile(to_path, content)


+def autoMakeLuaHtmlSingle(file):
+    path = getServerDir() + "/waf/html/" + file + ".html"
+    to_path = getServerDir() + "/waf/html/html_" + file + ".lua"
+    content = mw.readFile(path)
+    htmlToLuaFile(to_path, content)
+
+
 def autoMakeLuaConf():
    conf_list = ['args', 'cookie', 'ip_black', 'ip_white',
                 'ipv6_black', 'post', 'scan_black', 'url',
@ -250,6 +262,10 @@ def autoMakeLuaConf():
    for x in import_list:
        autoMakeLuaImportSingle(x)

+    html_list = ['get', 'post', 'safe_js', 'user_agent', 'cookie', 'other']
+    for x in html_list:
+        autoMakeLuaHtmlSingle(x)
+

 def initDreplace():

@ -334,8 +350,10 @@ def restart():

 def reload():
    stop()
-    mw.execShell('rm -rf ' + mw.getServerDir() +
-                 "/openresty/nginx/logs/error.log")
+
+    errlog = mw.getServerDir() + "/openresty/nginx/logs/error.log"
+    mw.execShell('rm -rf ' + errlog)
+
    start()
    return 'ok'

--- a/plugins/op_waf/t/index.py
+++ b/plugins/op_waf/t/index.py
@ -199,12 +199,12 @@ def test_OK():
 def test_start():
    # test_OK()
    # test_Dir()
-    # test_UA()
+    test_UA()
    # test_POST()
    # test_scan()
    # test_CC()
    # test_url_ext()
-    test_cdn()
+    # test_cdn()


 if __name__ == "__main__":
--- a/plugins/op_waf/waf/lua/init.lua
+++ b/plugins/op_waf/waf/lua/init.lua
@ -6,20 +6,17 @@ local C = __C:new()

 local waf_root = "{$WAF_ROOT}"

-- config = C:read_file_body_decode(waf_root.."/waf/"..'config.json')
 local config = require "config"
-- config = C:read_file_body_decode(waf_root.."/waf/"..'site.json')
 local site_config = require "site"
+
 C:setConfData(config, site_config)
 C:setDebug(true)

-- C:D("conf"..C:to_json(config))
-

-local get_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["get"]["reqfile"])
-local post_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["post"]["reqfile"])
-local user_agent_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["user-agent"]["reqfile"])
-local cc_safe_js_html = C:read_file_body(config["reqfile_path"] .. '/' .. config["safe_verify"]["reqfile"])
+local get_html = require "html_get"
+local post_html = require "html_post"
+local user_agent_html = require "html_user_agent"
+local cc_safe_js_html = require "html_safe_js"

 local args_rules = require "rule_args"
 local ip_white_rules = require "rule_ip_white"
@ -27,9 +24,7 @@ local ip_black_rules = require "rule_ip_black"
 local ipv6_black_rules = require "rule_ipv6_black"
 local scan_black_rules = require "rule_scan_black"
 local user_agent_rules = require "rule_user_agent"
-- local post_rules = C:read_file_table('post')
 local post_rules = require "rule_post"
-- local cookie_rules = C:read_file_table('cookie')
 local cookie_rules = require "rule_cookie"

 local server_name = string.gsub(C:get_server_name(),'_','.')
@ -89,7 +84,7 @@ local function is_chekc_table(data,strings)
    data = chekc_ip_timeout(data)
    for k,v in pairs(data)
    do
-        if strings ==v['ip'] then
+        if strings == v['ip'] then
            return 3
        end
    end
@ -102,8 +97,8 @@ local function save_ip_on(data)
        C:write_file(cpath2 .. 'stop_ip.lock','1')
    end
    name='stop_ip'
-    local extime=18000
-    data=json.encode(data)
+    local extime = 18000
+    data = json.encode(data)
    ngx.shared.btwaf:set(cpath2 .. name,data,extime)
    if not ngx.shared.btwaf:get(cpath2 .. name .. '_lock') then
        ngx.shared.btwaf:set(cpath2 .. name .. '_lock',1,0.5)