up

3 years ago · f702f70f89
parent a8e6ee052c
commit f702f70f89
6 changed files with 9 additions and 180 deletions
--- a/plugins/op_waf/js/op_waf.js
+++ b/plugins/op_waf/js/op_waf.js
@ -884,7 +884,7 @@ function wafScreen(){
            <div class="line"><span class="name">Cookie渗透</span><span class="val">'+rdata.rules.cookie+'</span></div>\
            <div class="line"><span class="name">恶意扫描</span><span class="val">'+rdata.rules.scan+'</span></div>\
            <div class="line"><span class="name">恶意HEAD请求</span><span class="val">0</span></div>\
-            <div class="line"><span class="name">URI自定义拦截</span><span class="val">'+rdata.rules.args+'</span></div>\
+            <div class="line"><span class="name">URI自定义拦截</span><span class="val">'+rdata.rules.url+'</span></div>\
            <div class="line"><span class="name">URI保护</span><span class="val">'+rdata.rules.args+'</span></div>\
            <div class="line"><span class="name">恶意文件上传</span><span class="val">'+rdata.rules.upload_ext+'</span></div>\
            <div class="line"><span class="name">禁止的扩展名</span><span class="val">'+rdata.rules.path+'</span></div>\
--- a/plugins/op_waf/waf/lua/common.lua
+++ b/plugins/op_waf/waf/lua/common.lua
@ -517,52 +517,6 @@ function _M.is_ngx_match_post(self, rules, content)
 end


-function _M.is_ngx_match(self, rules, sbody, rule_name)
-    if rules == nil or sbody == nil then return false end
-    if type(sbody) == "string" then
-        sbody = {sbody}
-    end
-    
-    if type(rules) == "string" then
-        rules = {rules}
-    end
-
-    for k,body in pairs(sbody)
-    do
-        if self:continue_key(k) then
-            for i,rule in ipairs(rules)
-            do
-                if self.site_config[server_name] and rule_name then
-                    local n = i - 1
-                    for _,j in ipairs(self.site_config[server_name]['disable_rule'][rule_name])
-                    do
-                        if n == j then
-                            rule = ""
-                        end
-                    end
-                end
-                
-                if body and rule ~="" then
-                    if type(body) == "string" then
-                        if ngx_match(ngx.unescape_uri(body),rule,"isjo") then
-                            error_rule = rule .. ' >> ' .. k .. ':' .. body
-                            return true
-                        end
-                    end
-                    if type(k) == "string" then
-                        if ngx_match(ngx.unescape_uri(k),rule,"isjo") then
-                            error_rule = rule .. ' >> ' .. k
-                            return true
-                        end
-                    end
-                end
-            end
-        end
-    end
-    return false
-end
-
-
 function _M.write_log(self, name, rule)
    local config = self.config
    local params = self.params
--- a/plugins/op_waf/waf/lua/init.lua
+++ b/plugins/op_waf/waf/lua/init.lua
@ -31,6 +31,7 @@ local scan_black_rules = require "rule_scan_black"
 local user_agent_rules = require "rule_user_agent"
 local post_rules = require "rule_post"
 local cookie_rules = require "rule_cookie"
+local url_rules = require "rule_url"


 local server_name = string.gsub(C:get_sn(config_domains),'_','.')
@ -355,7 +356,8 @@ end
 local function waf_url()
    if not config['get']['open'] or not C:is_site_config('get') then return false end
    --正则--
-    if C:is_ngx_match(url_rules, params["uri"], 'url') then
+    -- C:D("waf_url:"..json.encode(url_rules)..":uri:"..params["uri"])
+    if C:ngx_match_list(url_rules, params["uri"]) then
        C:write_log('url','regular')
        C:return_html(config['get']['status'], get_html)
        return true
@ -424,67 +426,6 @@ local function waf_post()
    return false
 end

-local function  waf_post_data_check()
-    if params['method'] == "POST" then
-
-        C:D("post_data_check start")
-        if C:return_post_data() then return false end
-        ngx.req.read_body()
-
-        local request_args = params['uri_request_args']
-        if not request_args then return false end
-
-        C:D("post_data_check:"..json.encode(params['request_header']))
-
-        local av = nil
-        if params['request_header'] then
-            if not params['request_header']['content-type'] then return false end
-            av = string.match(params['request_header']['content-type'], "=.+")
-
-            C:D("post_data_check[av]:"..json.encode(av))
-        end
-        
-
-        if not av then return false end
-        ac = C:split(av,'=')
-
-        if not ac then return false end 
-
-        list_list = nil
-        for i,v in ipairs(ac)
-        do
-             list_list = '--'..v
-        end
-        
-        if not list_list then return false end 
-        
-        aaa = nil
-        for k,v in pairs(request_args)
-        do
-            aaa = v
-        end
-
-        if not aaa then return false end 
-        if tostring(aaa) == 'true' then return false end
-        if type(aaa) ~= "string" then return false end
-        data_len = C:split(aaa, list_list)
-
-        if not data_len then return false end
-        if arrlen(data_len) == 0 then return false end
-
-
-        C:D("post_rules:"..json.encode(post_rules).."data_len:"..json.encode(data_len))
-
-        if C:is_ngx_match_post(post_rules , data_len) then
-            C:write_log('post','regular')
-            C:return_html(config['post']['status'], post_html)
-            return true
-        end
-
-    end
-end
-
-
 local function X_Forwarded()

    if params['method'] ~= "GET" then return false end
@ -537,40 +478,26 @@ local function disable_upload_ext(ext)
        C:return_html(config['other']['status'],other_html)
        return true
    end
-end
-
-local function data_in_php(data)
-    if not data then
-        return false
-    else
-        if C:is_ngx_match('php', data, 'post') then
-            C:write_log('upload_ext','上传扩展名黑名单')
-            C:return_html(config['other']['status'], other_html)
-            return true
-        else
    return false
-        end
-    end
 end

 local function post_data()
    if params["method"] ~= "POST" then return false end
+    -- C:D("content-length:"..params["request_header"]['content-length'])
    local content_length = tonumber(params["request_header"]['content-length'])
    if not content_length then return false end
    local max_len = 2560 * 1024000
    if content_length > max_len then return false end
    local boundary = C:get_boundary()
+    -- C:D("boundary:".. tostring( boundary) )
    if boundary then
        ngx.req.read_body()
        local data = ngx.req.get_body_data()
        if not data then return false end
        local tmp = ngx.re.match(data,[[filename=\"(.+)\.(.*)\"]])
-        if not tmp then return false end
-        if not tmp[2] then return false end
-        local tmp2 = ngx.re.match(ngx.req.get_body_data(),[[Content-Type:[^\+]{45}]]) 
+        if not tmp or not tmp[2] then return false end
+        -- C:D("upload_ext:".. tostring(tmp[2]) )
        disable_upload_ext(tmp[2])
-        if tmp2 == nil then return false end 
-        data_in_php(tmp2[0])
    end
    return false
 end
@ -619,7 +546,6 @@ function waf()
    if waf_scan_black() then return true end

    if waf_post() then return true end
-    -- if waf_post_data_check() then return true end
    
    if site_config[server_name] and site_config[server_name]['open'] then
        if X_Forwarded() then return true end
--- a/plugins/op_waf/waf/wafconf/args
+++ b/plugins/op_waf/waf/wafconf/args
@ -1,24 +0,0 @@
-\.\./
-\:\$
-\$\{
-/\*|--
-\b(or|xor|and)\b.*(=|<|>|'|")
-select.+(from|limit)
-(?:(union(.*?)select))
-having|load_file
-sleep\((\s*)(\d*)(\s*)\)
-benchmark\((.*)\,(.*)\)
-base64_decode\(
-(?:from\W+information_schema\W)
-(?:(?:current_)user|database|schema|connection_id)\s*\(
-(?:etc\/\W*passwd)
-into(\s+)+(?:dump|out)file\s*
-group\s+by.+\(
-xwork.MethodAccessor
-(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
-xwork\.MethodAccessor
-(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
-java\.lang
-\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
-\<(iframe|script|body|img|layer|div|meta|style|base|object|input)
-(onmouseover|onerror|onload)\=
--- a/plugins/op_waf/waf/wafconf/cookie
+++ b/plugins/op_waf/waf/wafconf/cookie
@ -1,20 +0,0 @@
-\.\./
-\:\$
-\$\{
-select.+(from|limit)
-(?:(union(.*?)select))
-having|rongjitest
-sleep\((\s*)(\d*)(\s*)\)
-benchmark\((.*)\,(.*)\)
-base64_decode\(
-(?:from\W+information_schema\W)
-(?:(?:current_)user|database|schema|connection_id)\s*\(
-(?:etc\/\W*passwd)
-into(\s+)+(?:dump|out)file\s*
-group\s+by.+\(
-xwork.MethodAccessor
-(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
-xwork\.MethodAccessor
-(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
-java\.lang
-\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[
--- a/plugins/op_waf/waf/wafconf/denycc
+++ b/plugins/op_waf/waf/wafconf/denycc
@ -1,7 +0,0 @@
-#ip 60/60 1800
-#ip+uri 60/60 1800
-#ip+domain+CookieParam:sessionid  60/60 1800
-#ip+GetParam:userid 60/60 1800
-#ip+PostParam:userid 60/60 1800
-#$ip+header:imei 30/60  1800
-ip+uri 60/60  3600